Draft - Pending Legal Review
Privacy Policy
1. Information We Collect
We collect information necessary to provide payroll processing services for household employers. The categories below describe what we collect and why.
Personal Information
When you create an account, we collect your name, email address, phone number, and mailing address. For employer accounts, we also collect your Employer Identification Number (EIN) or Social Security Number (SSN) for tax filing purposes.
Financial and Tax Information
To process payroll and comply with tax regulations, we collect Social Security Numbers (SSNs), Employer Identification Numbers (EINs), bank account and routing numbers for direct deposit, and tax withholding elections (W-4 data). This information is encrypted at rest using AES-256 encryption.
Employment Information
We collect employee names, addresses, hire dates, pay rates, work hours, W-4 withholding elections, and pay history to calculate wages, withhold taxes, and generate required tax documents such as W-2s and Schedule H.
Usage Data
We automatically collect information about how you interact with our service, including IP addresses, browser type, pages visited, and timestamps. This data helps us improve performance, diagnose issues, and protect against abuse.
2. How We Use Your Information
We use the information we collect for the following purposes:
Payroll Processing
Calculating gross and net pay, federal and state tax withholdings, Social Security and Medicare contributions, and generating pay stubs for each pay period.
Tax Filing and Compliance
Preparing and filing federal and state payroll tax returns, generating W-2 forms for employees, and preparing Schedule H for household employer tax obligations.
Direct Deposit
Initiating electronic funds transfers to employee bank accounts through our payroll processing partner.
Customer Support
Responding to your questions, troubleshooting issues, and providing guidance on payroll and tax matters through our AI assistant and support channels.
3. Information Sharing
We do not sell, rent, or trade your personal information. We share data only with the following service providers, solely to operate the NannyLedger service:
Check (Payroll Processing)
Employee and employer data is shared with Check, our payroll infrastructure provider, to calculate taxes, process direct deposits, and file tax returns on your behalf.
Stripe (Payment Processing)
Your payment information (credit/debit card details) is processed by Stripe for subscription billing. We never store your full card number on our servers.
Supabase (Authentication and Database)
Account credentials and application data are stored in Supabase, our managed database and authentication provider. All data is encrypted in transit and at rest.
Legal Requirements
We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of NannyLedger, our users, or the public.
4. Data Security
We implement industry-standard security measures to protect your information. Sensitive personal information, including SSNs and bank account numbers, is encrypted at rest using AES-256-GCM encryption. All data transmitted between your browser and our servers is protected with TLS (Transport Layer Security). We maintain comprehensive audit logging on all sensitive database operations, enforce role-based access controls, and apply rate limiting to prevent abuse. For more details, see our Information Security Policy at /security.
5. Data Retention
Payroll records and tax documents are retained for a minimum of 5 years, and up to 7 years for certain tax documents, as required by the Internal Revenue Service (IRS) and state tax agencies. Audit logs are retained for 5 years. Account data is retained as long as your account is active, and will be deleted upon request, except where retention is required by law. For full details, see our Data Retention Policy referenced in our Information Security Policy at /security.
6. Your Rights
You have the right to access, correct, or delete your personal information. You may request a copy of your data, ask us to correct inaccurate information, or request deletion of your account and associated data. Deletion requests will be honored except where data must be retained for legal or tax compliance purposes.
California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising your privacy rights.
7. Children's Privacy
NannyLedger is not directed at children under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will delete that information promptly. If you believe a child has provided us with personal information, please contact us immediately.
8. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by email or by posting a prominent notice on our website at least 30 days before the changes take effect. Your continued use of NannyLedger after changes become effective constitutes acceptance of the updated policy.
9. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us at privacy@homepayroll.com or through our Contact Support page.
Related Policies
- Information Security Policy - Details on our security practices, data classification, and incident response procedures.
- Terms of Service - Your agreement with NannyLedger for use of the service.