Privacy Policy

Last updated: March 2, 2026

At Payrollix, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our payroll services platform.

Contents

  1. Information We Collect
  2. How We Use Your Information
  3. Information Sharing and Disclosure
  4. Sub-Processors
  5. Data Retention
  6. Data Security
  7. Biometric Information (BIPA)
  8. Your Privacy Rights
  9. California Privacy Rights (CCPA)
  10. Cookies and Tracking
  11. Third-Party Services
  12. Children's Privacy
  13. Changes to This Policy
  14. Contact Us

1. Information We Collect

We collect information you provide directly to us, as well as information collected automatically when you use our Service.

Information You Provide

  • Account Information: Name, email address, phone number, company name, and password
  • Payroll Data: Employee names, Social Security numbers, addresses, bank account information, salary/wage information, tax withholding elections
  • Tax Information: EIN, state tax IDs, filing status, and related tax documents
  • Payment Information: Credit card numbers, bank account details for subscription payments
  • Communications: Information you provide when contacting our support team
  • Bank Account Verification Data: To enable direct deposit, we verify employee bank accounts through secure verification methods, including micro-deposits or instant account verification services. We only access account and routing numbers necessary to initiate ACH payments. We do not access account balances, transaction history, or other financial data.

Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent on pages
  • Device Information: IP address, browser type, operating system, device identifiers
  • Location Data: General location based on IP address
  • Cookies and Similar Technologies: See our Cookie Policy for details

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our payroll services
  • Process payroll, tax calculations, and direct deposits
  • File tax returns and reports with government agencies
  • Send you technical notices, updates, and support messages
  • Respond to your comments, questions, and customer service requests
  • Detect, investigate, and prevent fraudulent transactions and other illegal activities
  • Monitor transactions for compliance with the Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) regulations
  • Screen individuals and entities against government sanctions lists (OFAC)
  • Verify client identity and business legitimacy (KYC/KYB)
  • File regulatory reports as required by law (e.g., Suspicious Activity Reports)
  • Comply with legal obligations and enforce our terms
  • Analyze usage patterns to improve our Service

3. Information Sharing and Disclosure

We may share your information in the following circumstances:

With Your Consent

We share information when you direct us to do so, such as sharing employee data with their designated employers.

Service Providers

We share information with third-party vendors who perform services on our behalf, including:

  • Payment processors (for direct deposit and subscription billing)
  • Cloud hosting providers (for data storage)
  • Tax filing services (for electronic tax submissions)
  • Customer support tools

Bank Verification Providers

We use third-party services to verify bank account ownership for direct deposit purposes. These providers only receive the minimum information necessary for verification, such as account and routing numbers. We do not share transaction history, balances, or other financial data with these providers.

Legal Requirements

We may disclose information if required by law, such as to comply with a subpoena, court order, or other legal process, or to protect our rights, privacy, safety, or property.

Government Agencies

As part of our payroll services, we submit tax filings and payments to the IRS, state tax agencies, and other government entities on your behalf.

Regulatory and Compliance Disclosures

As a platform that facilitates payroll payments, Payrollix is subject to federal financial regulations. We may share information with regulatory authorities including:

  • FinCEN: We file Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs) with the Financial Crimes Enforcement Network as required by the Bank Secrecy Act
  • OFAC: We screen client and employee data against the Office of Foreign Assets Control sanctions lists
  • Banking Partners: Our banking partners may require client verification information to facilitate ACH transactions

These disclosures are required by law and are not subject to opt-out. We are legally prohibited from notifying you when certain regulatory filings (such as SARs) are made regarding your account.

4. Sub-Processors

We engage the following third-party sub-processors to help us deliver the Service. Each sub-processor is contractually bound to safeguard your information consistent with this Privacy Policy and applicable law, and only processes information for the purposes described below.

Sub-ProcessorPurposeData CategoriesLocation
Moov Financial, Inc.Payments orchestration; ACH and card payment processingAccount info, bank-account routing/account numbers, transaction dataUnited States
Veridian Credit UnionMoov's federally-insured FI Partner; Originating Depository Financial Institution for ACH transactions; holder of pooled funds-in-transit accountsAccount info, bank-account routing/account numbers, transaction data, KYC informationUnited States (Iowa)
Amazon Web Services (AWS)Cloud infrastructure hosting; document and tax-filing archive storage (S3); database hostingAll Personal Information processed through the Service (encrypted at rest)United States (us-east-1)
Microsoft Outlook / Graph APIOutbound transactional and notification email deliveryEmail address, recipient name, message content (notifications, paystubs, signing links)United States
MiddeskBusiness identity verification (KYB); state tax registration assistanceBusiness name, EIN, address, beneficial-owner information, registration documentsUnited States
GlitchTipApplication error tracking and monitoringError stack traces, user ID (no PII payloads); IP addressUnited States

We may add, change, or remove sub-processors as our Service evolves. Material changes to this list will be reflected in this Privacy Policy. For an up-to-date list, contact privacy@payrollix.com.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide you services. We also retain and use information as necessary to comply with legal obligations:

  • Payroll records: 7 years (as required by IRS regulations)
  • Tax filings and related documents: 7 years
  • Account information: Duration of account plus 3 years
  • Communication records: 3 years

6. Data Security

We implement industry-standard security measures to protect your information:

  • 256-bit SSL/TLS encryption for data in transit
  • AES-256 encryption for data at rest
  • SOC 2 Type II certified data centers
  • Multi-factor authentication options
  • Regular security audits and penetration testing
  • Employee access controls and training
  • All data is stored exclusively within the United States

7. Biometric Information (BIPA)

Payrollix does not currently collect, store, or process biometric identifiers or biometric information (as defined under the Illinois Biometric Information Privacy Act, 740 ILCS 14 ("BIPA"), or analogous statutes in Texas, Washington, New York, and other jurisdictions). This includes fingerprints, retina/iris scans, voiceprints, scans of hand or face geometry, and any information based on such identifiers used to identify an individual.

If we introduce features in the future that involve biometric collection — such as facial- recognition clock-in, fingerprint timekeeping, or geofenced photo verification — we will, before any collection: (a) provide a written disclosure to the individual identifying the specific biometric data collected and the purpose and duration for which it will be collected, stored, and used; (b) obtain the individual's written consent (and the consent of the employer where required); (c) publish a written retention schedule and destruction guidelines; and (d) update this Privacy Policy with a separate Biometric Information addendum.

Customer (employer) is responsible for obtaining all necessary consents from its Workers under BIPA and analogous laws if Customer enables any biometric-based feature on Customer's behalf.

8. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of your personal information
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your information (subject to legal retention requirements)
  • Portability: Request your data in a portable format
  • Opt-out: Opt out of marketing communications

To exercise these rights, please contact us at privacy@payrollix.com or through your account settings.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request information about categories of personal information collected and purposes
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt out of the sale of personal information (Note: We do not sell personal information)
  • Right to Non-Discrimination: Not be discriminated against for exercising your rights

Categories of Personal Information Collected (Past 12 Months)

  • Identifiers (name, email, SSN, EIN)
  • Financial information (bank accounts, payment cards)
  • Employment information (salary, position, tax elections)
  • Internet activity (usage data, device information)

We do not sell your personal information.

10. Cookies and Tracking

We use cookies and similar tracking technologies to collect information about your browsing activities. For detailed information about our use of cookies and your choices, please visit our Cookie Preferences page.

11. Third-Party Services

Our Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

12. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will also notify you by email. In the event of a data breach affecting your personal information, we will notify affected users within 72 hours of discovery, as required by applicable law.

14. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

  • Privacy Officer: privacy@payrollix.com
  • Phone: 1-800-PAYROLL (1-800-729-7655)
  • Address: ReasonWorks AI Inc. (d/b/a Payrollix), Attn: Privacy, 1449 South Michigan Avenue, STE 13207, Chicago, IL 60605

By using Payrollix, you acknowledge that you have read and understood this Privacy Policy. If you do not agree to this policy, please do not use our Service.