Draft - Pending Legal Review
Privacy Policy
About This Policy
This Privacy Policy describes how Asterium LLC, a Delaware limited liability company doing business as NannyLedger ("NannyLedger," "we," "us," or "our"), collects, uses, and shares your personal information when you use our payroll processing service at https://www.nannyledger.com (the "Service"). By using the Service, you consent to the data practices described in this policy.
1. Information We Collect
We collect information necessary to provide payroll processing services for household employers. The categories below describe what we collect and why.
Personal Information
When you create an account, we collect your name, email address, phone number, and mailing address. For employer accounts, we also collect your Employer Identification Number (EIN) or Social Security Number (SSN) for tax filing purposes.
Financial and Tax Information
To process payroll and comply with tax regulations, we collect Social Security Numbers (SSNs), Employer Identification Numbers (EINs), bank account and routing numbers for direct deposit, and tax withholding elections (W-4 data). This information is encrypted at rest using AES-256 encryption.
Employment Information
We collect employee names, addresses, hire dates, pay rates, work hours, W-4 withholding elections, and pay history to calculate wages, withhold taxes, and generate required tax documents such as W-2s and Schedule H.
Usage Data
We automatically collect information about how you interact with our service, including IP addresses, browser type, pages visited, and timestamps. This data helps us improve performance, diagnose issues, and protect against abuse.
2. How We Use Your Information
We use the information we collect for the following purposes:
Payroll Processing
Calculating gross and net pay, federal and state tax withholdings, Social Security and Medicare contributions, and generating pay stubs for each pay period.
Tax Filing and Compliance
Preparing and filing federal and state payroll tax returns, generating W-2 forms for employees, and preparing Schedule H for household employer tax obligations.
Direct Deposit
Initiating electronic funds transfers to employee bank accounts through our payroll processing partner.
Customer Support
Responding to your questions, troubleshooting issues, and providing guidance on payroll and tax matters through our AI assistant and support channels.
3. Information Sharing
We do not sell, rent, or trade your personal information. We share data only with the following service providers, solely to operate the NannyLedger service:
Stripe (Payment Processing & Fund Routing)
Your payment information (credit/debit card details) is processed by Stripe for subscription billing. We never store your full card number on our servers. In addition to subscription billing, Stripe processes payroll fund routing via Stripe Connect (see below).
Supabase (Authentication and Database)
Account credentials and application data are stored in Supabase, our managed database and authentication provider. All data is encrypted in transit and at rest.
Stripe Connect & Financial Connections (Bank Linking & Fund Routing)
NannyLedger uses Stripe Connect and Stripe Financial Connections to facilitate bank account linking and payroll fund routing. When a homeowner (employer) links their bank account for payroll funding, Stripe Financial Connections securely verifies the bank account for ACH Direct Debit payments. When a nanny (employee) sets up direct deposit, they complete Stripe's hosted onboarding process, which collects identity verification and bank account information directly by Stripe. For homeowners: Stripe Financial Connections accesses your bank account information (account number, routing number, account type, and institution name) to set up ACH Direct Debit for payroll funding. We store a tokenized reference to your payment method, not your raw bank account details. For nannies: Stripe Express connected accounts handle identity verification (KYC), bank account collection, and payout delivery. Stripe collects and processes identity documents, Social Security Numbers, and bank account details under its own privacy policy. NannyLedger receives only the account status (onboarding complete, payouts enabled) and a tokenized account identifier -- we do not receive or store the nanny's bank account numbers or identity documents. Data processed by Stripe for Connect: Nanny names, email addresses, identity documents (handled by Stripe), bank account details (handled by Stripe), payout history. Homeowner names, email addresses, bank account details (tokenized by Stripe), ACH payment history. Stripe's privacy policy is available at https://stripe.com/privacy. Stripe Connect's privacy terms are available at https://stripe.com/connect-account/legal. You may disconnect your bank account at any time by contacting us.
Anthropic (AI Tax Assistant)
NannyLedger's AI Tax Assistant is powered by Anthropic's Claude API. When you use the AI assistant, your questions and relevant payroll context (such as filing status, state of employment, and general tax scenarios) are sent to Anthropic for processing. We do not send Social Security Numbers, bank account numbers, or other highly sensitive personal identifiers to Anthropic. Anthropic processes data under its API usage policy, which prohibits using API inputs for model training. Conversation data is retained by Anthropic for up to 30 days for safety monitoring, then deleted. You can opt out of using the AI assistant at any time by not accessing the chat feature.
Vercel (Hosting)
NannyLedger is hosted on Vercel's serverless platform. Vercel processes your requests and may collect technical data such as IP addresses, request metadata, and performance metrics to operate and secure the platform. Vercel does not access your payroll data, financial information, or personal identifiers stored in our database. For details on how Vercel handles data, see Vercel's Privacy Policy at https://vercel.com/legal/privacy-policy.
Upstash (Rate Limiting)
We use Upstash, a serverless Redis provider, for rate limiting and abuse prevention. Upstash processes anonymized request identifiers (hashed IP addresses and session tokens) to enforce rate limits. Upstash does not receive or store any personal information, payroll data, or financial information.
Resend (Email Delivery)
NannyLedger uses Resend for transactional email delivery, including account verification emails, password reset links, and support confirmations. Resend processes your email address and message content solely to deliver emails on our behalf. Resend does not use your data for marketing or share it with third parties. For details, see Resend's Privacy Policy at https://resend.com/legal/privacy-policy.
Legal Requirements
We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of NannyLedger, our users, or the public.
4. Data Security
We implement industry-standard security measures to protect your information. Sensitive personal information, including SSNs and bank account numbers, is encrypted at rest using AES-256-GCM encryption. All data transmitted between your browser and our servers is protected with TLS (Transport Layer Security). We maintain comprehensive audit logging on all sensitive database operations, enforce role-based access controls, and apply rate limiting to prevent abuse. For more details, see our Information Security Policy at /security.
5. Data Retention
Payroll records and tax documents are retained for a minimum of 5 years, and up to 7 years for certain tax documents, as required by the Internal Revenue Service (IRS) and state tax agencies. Audit logs are retained for 5 years. Account data is retained as long as your account is active, and will be deleted upon request, except where retention is required by law. For full details, see our Data Retention Policy referenced in our Information Security Policy at /security.
6. Your Rights
Depending on your state of residence, you may have specific privacy rights under applicable state consumer privacy laws. NannyLedger extends the following core rights to all users regardless of location: the right to access your personal information, the right to correct inaccurate data, and the right to request deletion of your data (subject to legal retention requirements). The sections below describe additional state-specific rights and how to exercise them.
Your State Privacy Rights
The following state privacy laws may apply to you based on your state of residence. NannyLedger complies with each applicable law for residents of the respective state. California (CCPA/CPRA): Right to know, delete, correct, opt out of sale/sharing, limit use of sensitive personal information, and non-discrimination. We do not sell or share personal information for cross-context behavioral advertising. Virginia (VCDPA): Right to access, correct, delete, data portability, and opt out of targeted advertising, sale of personal data, and profiling. Colorado (CPA): Right to access, correct, delete, data portability, and opt out of targeted advertising, sale of personal data, and certain profiling. Universal opt-out signals are honored. Connecticut (CTDPA): Right to access, correct, delete, data portability, and opt out of targeted advertising, sale of personal data, and profiling. Texas (TDPSA): Right to access, correct, delete, data portability, and opt out of targeted advertising, sale of personal data, and profiling. Effective July 1, 2024. Oregon (OCPA): Right to access, correct, delete, data portability, opt out of targeted advertising, sale, and profiling. Right to obtain a list of third-party data recipients. Montana (MCDPA): Right to access, correct, delete, data portability, and opt out of targeted advertising, sale of personal data, and profiling. Delaware (DPDPA): Right to access, correct, delete, data portability, and opt out of targeted advertising, sale, and profiling. As our entity is organized in Delaware, we apply DPDPA protections to all Delaware residents. New Jersey (NJDPA): Right to access, correct, delete, data portability, and opt out of targeted advertising, sale, and profiling. Effective January 15, 2025. Iowa (Iowa CDPA): Right to access, delete, data portability, and opt out of sale and targeted advertising. Effective January 1, 2025. Indiana (ICDPA): Right to access, correct, delete, data portability, and opt out of targeted advertising, sale, and profiling. Effective January 1, 2026. Tennessee (TIPA): Right to access, correct, delete, data portability, and opt out of targeted advertising, sale, and profiling. Effective July 1, 2025. Kentucky (KCDPA): Right to access, correct, delete, data portability, and opt out of targeted advertising, sale, and profiling. Effective January 1, 2026. If your state is not listed above but enacts a consumer privacy law in the future, NannyLedger will update this section to include your rights upon the law's effective date.
How to Exercise Your Rights
To exercise any of the privacy rights described above, you may: (1) email us at privacy@nannyledger.com with your request, (2) use the data export or deletion feature in your account settings, or (3) contact us through our Contact Support page. We will verify your identity before processing any request and respond within the timeframe required by your applicable state law (typically 45 days, extendable by an additional 45 days for complex requests). If we deny your request, you have the right to appeal by contacting us, and we will respond to your appeal within the legally required timeframe. You will not be discriminated against for exercising your privacy rights.
Sensitive Personal Information
NannyLedger collects sensitive personal information as defined by various state privacy laws, including Social Security Numbers, financial account information, and tax identification numbers. This sensitive data is collected and processed solely for the purpose of providing payroll services and complying with tax filing obligations — it is not used for advertising, profiling, or any secondary purpose. Under the CCPA/CPRA, you have the right to limit the use of sensitive personal information to purposes necessary to perform the services you request. NannyLedger already limits use in this manner by default.
Do Not Track Signals
NannyLedger honors "Do Not Track" (DNT) browser signals and Global Privacy Control (GPC) signals. When we detect a DNT or GPC signal from your browser, we treat it as a valid opt-out request for any sale or sharing of personal information, as required by applicable state laws including the CCPA/CPRA and CPA. Because NannyLedger does not engage in targeted advertising, cross-context behavioral advertising, or sale of personal information, honoring these signals results in no change to your experience, but the opt-out is recorded as required.
Data Controller and Processor Roles
Under applicable privacy laws, NannyLedger acts as both a data controller (or "business" under CCPA) and a data processor depending on context. When you use NannyLedger to manage your household payroll, we act as a data controller for the personal information you provide directly to us (account registration, billing). We act as a data processor on your behalf when processing your employees' payroll data, tax filings, and direct deposits — you, the employer, remain the data controller for your employees' personal information. Our service providers (Stripe, Supabase, Anthropic, Vercel, Upstash, Resend) act as sub-processors under data processing agreements that require them to process data only for the purposes specified by NannyLedger.
7. Children's Privacy
NannyLedger is not directed at children under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will delete that information promptly. If you believe a child has provided us with personal information, please contact us immediately.
8. Data Breach Notification
In the event of a data breach involving your personal information, NannyLedger will notify affected users and applicable regulatory authorities in accordance with federal and state breach notification laws. Notification timelines vary by state: California requires notification without unreasonable delay (and within 72 hours to the Attorney General if over 500 residents are affected); New York requires notification in the most expedient time possible; Texas requires notification within 60 days of discovery; Florida requires notification within 30 days of discovery. For all other states, NannyLedger will comply with the notification timeline specified by that state's breach notification statute. Notifications will include a description of the incident, the types of information involved, steps we are taking in response, and steps you can take to protect yourself. For full details on our security incident response procedures, see our Information Security Policy at /security.
9. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by email or by posting a prominent notice on our website at least 30 days before the changes take effect. Your continued use of NannyLedger after changes become effective constitutes acceptance of the updated policy.
10. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us at privacy@nannyledger.com, by mail at Asterium LLC, Katy, TX 77450, or through our Contact Support page.
Related Policies
- Information Security Policy - Details on our security practices, data classification, and incident response procedures.
- Terms of Service - Your agreement with NannyLedger for use of the service.