Carnival Career

Legal

Privacy Policy and Data Protection Agreement

Last Updated
June 7, 2026
Corporate Entity
10,000 Solutions LLC
Jurisdiction
Riverside, California, USA

1. Introduction and Scope of Policy

This Privacy Policy governs the data collection, processing, server-side masking, and sharing practices of 10,000 Solutions LLC (doing business as Carnivalcareer.com, hereinafter referred to as "we", "us", or "our"). This policy applies to all users of our digital marketplace, including independent contractors, job seekers, and seasonal laborers ("Workers"), as well as carnival owners, fair boards, and concessionaires ("Operators").

By accessing our website, mobile applications, programmatic SEO (pSEO) landing pages, or utilizing our SMS-authenticated intake systems, you acknowledge and consent to the data practices outlined in this document.

2. Notice at Collection

In compliance with California law, privacy notices must be delivered before or at the time of collection. We collect the following specific categories of personal information to operate our two-sided marketplace:

  • Direct Identifiers: Full legal name, mobile telephone number, SMS One-Time Password (OTP) authentication data, and precise ZIP code routing information.
  • Professional and Employment Data: Hard skills arrays (e.g., CDL Class A/B, Forklift certifications, Ride Operator classifications), willingness to travel on a midway route, and application data processed through our integrated Applicant Tracking System (ATS).
  • Commercial Transaction Data: Operator billing profiles, Stripe customer IDs, token/credit balances, and historical records of profile unlocks.
  • Network and Electronic Activity: IP addresses, interactions with localized programmatic landing pages, and search query parameters executed within the Operator directory.

3. How We Use Your Information

The core function of our platform is to facilitate immediate connections between verified operators and available labor. We utilize your data exclusively to:

  • Power the server-side masking architecture, ensuring a Worker's direct identifiers are hidden from the public and only revealed to Operators upon a verified token deduction.
  • Sync intake data seamlessly between our frontend directory and our enterprise ATS infrastructure to maintain accurate, real-time availability statuses.
  • Process secure, high-ticket B2B payments, manage subscription tiers, and issue enterprise invoices.
  • Prevent fraud, credential stuffing, and unauthorized automated scraping of our proprietary database.

4. Sharing and Disclosure of Data

Policies must now spell out categories of personal information shared with service providers and contractors for business purposes. We strictly limit external data exposure and do not sell Worker data to third-party data brokers.

  • With Carnival Operators: A Worker's unmasked personal identifiable information (PII) is shared only with a registered Operator who explicitly expends a purchased credit to unlock that specific profile.
  • With Service Providers: We share necessary data payloads with trusted enterprise infrastructure partners. This includes our payment processor (Stripe) for financial transactions, our database host (Supabase) for secure data storage, and our ATS provider (Manatal) for pipeline management.
  • Legal and Safety Compliance: We reserve the right to disclose data if required by a valid subpoena, court order, or to defend against legal claims, physical property damage, or severe bodily harm occurring on an amusement route.

5. California Privacy Rights (CCPA 2026 Compliance)

As an entity operating out of California, we strictly adhere to the updated California Consumer Privacy Act (CCPA) regulations effective as of 2026. If you are a California resident, you possess the following explicit rights:

  • Expanded Right to Know: Consumers can now request access to all personal information a business has collected about them, not just the past 12 months, allowing you to request data collected since January 1, 2022.
  • Right to Opt-Out and Processing Confirmation: You possess the right to opt out of the sale or sharing of your personal information. When an opt-out preference signal (such as Global Privacy Control) or manual request is received, businesses must provide a means by which consumers can confirm that their request to opt out of selling or sharing their data has been processed by the business. We satisfy this by displaying an immediate "Opt-Out Request Honored" confirmation.
  • Prohibition of Dark Patterns: Our consent mechanisms are designed for absolute transparency. Consent cannot be obtained through dark patterns, such as asymmetrical button designs, false urgency tactics, or by assuming consent when a user simply closes a pop-up window.
  • Protection of Minors and Sensitive Data: If we have actual knowledge that we are collecting personal information from a consumer under 16 years of age, that data is automatically classified as sensitive personal information. The personal information of consumers under 16 years old is defined as sensitive personal information, subject to the rights of consumers to limit the use of such information.
  • Right to Delete and Correct: You may request the deletion of your unmasked data from our active directory or correct inaccurate certifications and routing availability on your profile at any time.

6. Data Security and Mandatory Audits

We deploy enterprise-grade security protocols, including server-side database gates and SMS OTP authentication, to ensure PII is never exposed in our frontend network payloads unless explicitly authorized. Furthermore, businesses meeting certain gross revenue thresholds are required to start conducting cybersecurity audits. We are fully committed to conducting mandatory risk assessments and submitting annual cybersecurity audit certifications to the California Privacy Protection Agency (CPPA) as required by our operational scale.

7. Corporate Contact Information

For data subject requests, privacy inquiries, or to execute your CCPA rights, please contact our administrative team directly: