1. Introduction
Welcome to easyflow. This Privacy Policy describes how we process personal information in connection with our software solutions, website, and related services.
We act as a "Data Processor" for employee data uploaded by clients and as a "Data Controller" for our own business data. Our platform meets GDPR, CCPA, and SOC 2 standards.
2. Data Collection
| Category | Data Types Collected |
|---|---|
| Identity & Employment | Legal name, SSN/National ID, DOB, job title, department, and hire date. |
| Financial & Tax | Bank account details, routing numbers, tax withholdings, and salary history. |
| Sensitive Data | Healthcare benefits elections, disability status (where legally required), and union membership. |
| Usage & Device | IP address, geolocation data, login timestamps, and platform interaction logs. |
3. Data Collection Methods
Direct Collection
Information you or your employer provide via web forms, document uploads, or account setup.
Automated Systems
Log files, cookies, and tracking pixels that record how you interact with our infrastructure.
Third Parties
Data from benefit providers, tax authorities, and integrated software partners.
4. Legal Bases for Processing
GDPR Compliance (EU/UK)
Processing is necessary for contract performance, legal obligations, and legitimate interests.
CCPA/CPRA Compliance (California)
We do not sell or share personal information as defined by California law.
5. How We Use Your Data
Payroll & Tax
Calculating salary, managing contributions, and filing tax returns.
Legal Compliance
Meeting reporting requirements for labor bureaus and government agencies.
6. Security Infrastructure
End-to-End Encryption
AES-256 for data at rest and TLS 1.3 for data in motion across all network layers.
SOC 2 Type II Certified
Annual audits by independent third parties to verify our security, availability, and confidentiality.
Multi-Factor Auth (MFA)
Mandatory hardware or app-based MFA for all administrative and employee logins.
Intrusion Detection
24/7 AI-driven threat monitoring and automated incident response protocols.
7. Data Retention Schedules
We retain personal information for as long as needed to provide services:
- Payroll Records:7 years as required by IRS and international tax law.
- Employee Data:Period of employment plus 3 years (legal limitation period).
- Platform Logs:12 months for security and performance auditing.
8. International Data Transfers
easyflowoperates globally. Data may be processed in the United States and other countries. For EU/UK citizens, we utilize Standard Contractual Clauses approved by the European Commission.
10. Your Rights & How to Exercise Them
Access & Portability
Download a machine-readable copy of your data through your employee portal settings.
Correction
Submit an 'Information Update' request to your HR admin via the support center.
Right to be Forgotten
Request account deletion. *Note: Legal retention requirements for tax data may apply.*
Contact our Privacy Officer with "Data Rights Request". We respond within 30 days.
Need a compliance briefing?
Our legal team can provide security whitepapers for enterprise stakeholders.