Privacy Policy

At Payrollix, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our payroll services platform.

1. Information We Collect

We collect information you provide directly to us, as well as information collected automatically when you use our Service.

Information You Provide

• Account Information: Name, email address, phone number, company name, and password
• Payroll Data: Employee names, Social Security numbers, addresses, bank account information, salary/wage information, tax withholding elections
• Tax Information: EIN, state tax IDs, filing status, and related tax documents
• Payment Information: Credit card numbers, bank account details for subscription payments
• Communications: Information you provide when contacting our support team
• Bank Account Verification Data: To enable direct deposit, we verify employee bank accounts through secure verification methods, including micro-deposits or instant account verification services. We only access account and routing numbers necessary to initiate ACH payments. We do not access account balances, transaction history, or other financial data.

Information Collected Automatically

• Usage Data: Pages visited, features used, time spent on pages
• Device Information: IP address, browser type, operating system, device identifiers
• Location Data: General location based on IP address
• Cookies and Similar Technologies: See our Cookie Policy for details

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our payroll services
• Process payroll, tax calculations, and direct deposits
• File tax returns and reports with government agencies
• Send you technical notices, updates, and support messages
• Respond to your comments, questions, and customer service requests
• Detect, investigate, and prevent fraudulent transactions and other illegal activities
• Monitor transactions for compliance with the Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) regulations
• Screen individuals and entities against government sanctions lists (OFAC)
• Verify client identity and business legitimacy (KYC/KYB)
• File regulatory reports as required by law (e.g., Suspicious Activity Reports)
• Comply with legal obligations and enforce our terms
• Analyze usage patterns to improve our Service

3. Information Sharing and Disclosure

We may share your information in the following circumstances:

With Your Consent

We share information when you direct us to do so, such as sharing employee data with their designated employers.

Service Providers

We share information with third-party vendors who perform services on our behalf, including:

• Payment processors (for direct deposit and subscription billing)
• Cloud hosting providers (for data storage)
• Tax filing services (for electronic tax submissions)
• Customer support tools

Bank Verification Providers

We use third-party services to verify bank account ownership for direct deposit purposes. These providers only receive the minimum information necessary for verification, such as account and routing numbers. We do not share transaction history, balances, or other financial data with these providers.

Legal Requirements

We may disclose information if required by law, such as to comply with a subpoena, court order, or other legal process, or to protect our rights, privacy, safety, or property.

Government Agencies

As part of our payroll services, we submit tax filings and payments to the IRS, state tax agencies, and other government entities on your behalf.

Regulatory and Compliance Disclosures

As a platform that facilitates payroll payments, Payrollix is subject to federal financial regulations. We may share information with regulatory authorities including:

• FinCEN: We file Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs) with the Financial Crimes Enforcement Network as required by the Bank Secrecy Act
• OFAC: We screen client and employee data against the Office of Foreign Assets Control sanctions lists
• Banking Partners: Our banking partners may require client verification information to facilitate ACH transactions

These disclosures are required by law and are not subject to opt-out. We are legally prohibited from notifying you when certain regulatory filings (such as SARs) are made regarding your account.

4. Data Retention

We retain your information for as long as your account is active or as needed to provide you services. We also retain and use information as necessary to comply with legal obligations:

• Payroll records: 7 years (as required by IRS regulations)
• Tax filings and related documents: 7 years
• Account information: Duration of account plus 3 years
• Communication records: 3 years

5. Data Security

We implement industry-standard security measures to protect your information:

• 256-bit SSL/TLS encryption for data in transit
• AES-256 encryption for data at rest
• SOC 2 Type II certified data centers
• Multi-factor authentication options
• Regular security audits and penetration testing
• Employee access controls and training
• All data is stored exclusively within the United States

6. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your information (subject to legal retention requirements)
• Portability: Request your data in a portable format
• Opt-out: Opt out of marketing communications

To exercise these rights, please contact us at privacy@payrollix.com or through your account settings.

7. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about categories of personal information collected and purposes
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt out of the sale of personal information (Note: We do not sell personal information)
• Right to Non-Discrimination: Not be discriminated against for exercising your rights

Categories of Personal Information Collected (Past 12 Months)

• Identifiers (name, email, SSN, EIN)
• Financial information (bank accounts, payment cards)
• Employment information (salary, position, tax elections)
• Internet activity (usage data, device information)

We do not sell your personal information.

8. Cookies and Tracking

We use cookies and similar tracking technologies to collect information about your browsing activities. For detailed information about our use of cookies and your choices, please visit our Cookie Preferences page.

9. Third-Party Services

Our Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

10. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will also notify you by email. In the event of a data breach affecting your personal information, we will notify affected users within 72 hours of discovery, as required by applicable law.

12. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

• Privacy Officer: privacy@payrollix.com
• Phone: 1-800-PAYROLL (1-800-729-7655)
• Address: ReasonWorks AI Inc. (DBA Payrollix), Attn: Privacy, Coralville, IA