Payroll Genie, Inc.

Privacy Policy

How We Collect, Use, Share, and Protect Your Information

Effective Date: June 17, 2026Last Updated: June 17, 2026Jurisdiction: United States

Important Notice

Payroll Genie, Inc. processes highly sensitive personal and financial information on behalf of employers and their employees, including Social Security Numbers, bank account information, and wage and tax history. We take your privacy seriously. This Privacy Policy explains exactly what we collect, why we collect it, how we use and protect it, and what rights you have over your information.

1. Who We Are

Payroll Genie, Inc. (“Payroll Genie,” “we,” “us,” or “our”) is a Nevada corporation headquartered at 4276 Spring Mountain Road, Suite 200, Las Vegas, NV 89102. We are a Vortex AI company. We operate a cloud-based payroll processing, HR administration, and tax compliance platform that serves employers (“Employer Clients”) and, through our platform, their employees (“Employees”).

Payroll Genie is a Reporting Agent authorized by the Internal Revenue Service and an EFTPS Batch Provider. In these capacities, we handle federal tax data subject to specific legal protections and handling requirements, including IRS Publication 4557 (Safeguarding Taxpayer Data). Payroll Genie is also a financial institution subject to the Gramm-Leach-Bliley Act (GLBA) due to our payroll and ACH payment processing activities.

This Privacy Policy applies to:

  • Employer Clients who register and use the Payroll Genie platform
  • Employees of Employer Clients whose payroll and tax information is processed through our platform
  • Visitors to our website at www.payrollgenie.ai
  • Contractors, partners, and other individuals who interact with Payroll Genie

What This Policy Does Not Cover

This policy does not apply to the privacy practices of Employer Clients who use our platform. Employers are separately responsible for their own privacy obligations to their employees. This policy also does not apply to third-party websites or services linked from our platform.

2. Information We Collect

We collect different categories of information depending on your relationship with Payroll Genie.

2.1 Information Collected from Employer Clients

When an organization registers for and uses the Payroll Genie platform, we collect:

Business and Account Information

  • Company legal name, trade name, and business address
  • Employer Identification Number (EIN)
  • Federal and state payroll tax registration numbers
  • Authorized contact names, email addresses, and phone numbers
  • Account login credentials (email address; passwords are stored in hashed form only)
  • Billing and payment information

Banking and Financial Information

  • Business bank account number and routing number (collected via Plaid Instant Account Verification or manual entry)
  • Bank account type (checking or savings)
  • Account holder name as verified against business records
  • Available account balance (checked via Plaid Balance before each payroll debit for NSF prevention)

Tax and Compliance Information

  • State employer account numbers and payroll tax rates
  • Federal deposit schedule classification
  • Prior payroll processor data imported during onboarding (year-to-date payroll records)
  • Workers' compensation policy information where applicable

2.2 Information Collected from Employees

When an Employer Client processes payroll through our platform, we receive and store the following information about their employees. This information is provided by the Employer Client or directly by the employee through our self-service portal:

Identity and Contact Information

  • Legal full name
  • Social Security Number (SSN) or Individual Taxpayer Identification Number (ITIN)
  • Date of birth
  • Home address
  • Email address and phone number (for self-service portal access)

Employment and Compensation Information

  • Employment start date and, where applicable, end date
  • Job title and department
  • Compensation type (hourly, salary, commission) and rate
  • Regular and overtime hours worked
  • Tip income reported to the employer
  • Commissions, bonuses, and other supplemental wages
  • Year-to-date earnings and tax withholding history

Tax Withholding Information

  • Federal W-4 withholding elections (filing status, additional withholding, OBBB tip and overtime deduction elections)
  • State withholding form elections (California DE-4 or equivalent)
  • Social Security and Medicare tax withholding
  • Federal and state income tax withholding amounts

Banking Information (Direct Deposit)

  • Bank account number and routing number for direct deposit (collected via Plaid Instant Account Verification or manual entry with micro-deposit verification)
  • Account type (checking or savings)
  • Account holder name as verified against identity records

Benefits and Deduction Information

  • Health insurance premium deductions
  • Retirement plan (401k) contribution elections and amounts
  • Flexible spending account (FSA) contributions
  • Garnishment orders and withholding amounts
  • Other voluntary deduction authorizations

2.3 Information Collected Automatically

When you access our platform or website, we automatically collect:

  • IP address and approximate geographic location
  • Browser type and version
  • Device type and operating system
  • Pages visited, features used, and time spent on the platform
  • Referring URL and exit page
  • Session duration and activity logs
  • Authentication events (login attempts, MFA verifications, session starts and ends)

This information is collected through server logs, cookies, and similar technologies. See Section 9 (Cookies and Tracking Technologies) for more detail.

2.4 Information We Receive from Third Parties

SourceInformation ReceivedPurpose
Plaid TechnologiesBank account and routing numbers, account type, account holder name, available balanceBank account verification for ACH direct deposit setup (employers and employees); NSF prevention (employer accounts)
IRS and State Tax AgenciesTax identification number confirmations, filing acknowledgments, payment confirmationsConfirming successful tax filings and payments; resolving discrepancies
Prior Payroll ProcessorsYear-to-date payroll records for migrating clientsEnsuring accurate tax calculations and W-2 preparation for mid-year onboarding
Identity Verification ServicesName and address confirmation (where applicable)KYC verification for Employer Client onboarding

3. How We Use Your Information

We use the information we collect only for defined, documented purposes. We do not sell personal information. We do not use payroll or tax data for advertising or marketing purposes.

PurposeLegal BasisDetails
Payroll processingContract; Legal obligationCalculating gross-to-net pay, applying deductions, generating pay stubs, initiating direct deposit ACH transactions through Super Processor, Inc.
Federal tax complianceLegal obligationCalculating and remitting federal payroll taxes via EFTPS; filing Form 941 (quarterly), Form 940 (annual FUTA), and W-2s; applying OBBB tip and overtime deductions; calculating FICA Tip Credits (Form 8846)
State tax complianceLegal obligationCalculating and remitting state income tax withholding and SUI; filing state quarterly returns; submitting new hire reports to state agencies
Bank account verificationContract; Legitimate interestUsing Plaid to verify employer and employee bank account credentials before initiating ACH transactions; checking employer account balances to prevent NSF
ACH payment processingContractTransmitting payroll disbursement instructions to Super Processor, Inc. for ACH origination; processing tax payment ACH debits
Identity verificationLegal obligation; ContractVerifying employer and employee identities to satisfy KYC obligations, prevent fraud, and ensure tax filings are attributed to the correct taxpayer
Platform operation and supportContractMaintaining accounts, providing customer support, troubleshooting, and communicating about service issues or changes
Security and fraud preventionLegitimate interest; Legal obligationDetecting and preventing unauthorized access, fraud, and security threats; maintaining audit logs; conducting security monitoring
Legal complianceLegal obligationResponding to lawful requests from government agencies (IRS, state tax authorities, law enforcement); satisfying record retention requirements; exercising legal rights
Service improvementLegitimate interestAnalyzing aggregated, de-identified usage patterns to improve platform features and performance. Individual payroll or tax data is not used for this purpose.
CommunicationsContract; Legitimate interestSending transactional emails (payroll confirmations, tax filing confirmations, security alerts). Marketing communications are sent only with consent and subject to opt-out.

4. How We Share Your Information

We do not sell your personal information to third parties. We do not share your personal information with advertisers or data brokers. We share information only in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who help us deliver our platform and services. These providers are contractually required to use information only for the specific purpose for which it is shared and to implement security standards consistent with this policy.

ProviderInformation SharedPurpose
Plaid Technologies, Inc.Employer/employee name and bank account connection (via Plaid Link OAuth flow)Instant bank account verification for ACH direct deposit enrollment; balance checking for NSF prevention. Plaid's privacy policy governs Plaid's own use of information.
Super Processor, Inc.Employer ACH account credentials, employee direct deposit routing and account numbers, payroll disbursement amountsACH origination for payroll direct deposit and tax payment processing. Super Processor is a related entity (both subsidiaries of Vortex AI, Inc.).
Cloud Infrastructure Provider (AWS)All platform data (encrypted at rest)Hosting, storage, and computing infrastructure for the Payroll Genie platform. Data is stored exclusively in U.S.-based AWS regions.
Email Service ProviderEmployer and employee email addresses; transactional email contentDelivering payroll confirmations, tax filing notices, security alerts, and account communications.

4.2 Government Agencies and Tax Authorities

We share tax and payroll information with government agencies as required by law and as authorized by Employer Clients through Form 8655 (IRS Reporting Agent Authorization) and equivalent state authorizations:

  • Internal Revenue Service (IRS): Form 941, Form 940, W-2, Form 8846, EFTPS tax payments, and other required filings
  • Social Security Administration (SSA): Annual W-2/W-3 filings via Business Services Online
  • State tax agencies: State withholding returns, SUI filings, new hire reports, and state tax payments for all states where Employer Clients have employees
  • State labor departments: New hire reports as required by state law

4.3 Employer Clients

Employee information is shared with the employing Employer Client as necessary for payroll administration. Employer Clients have access to payroll records, tax filings, and employee information for their own employees only. Employer Clients do not have access to information about employees of other Employer Clients.

4.4 Legal Requirements and Protection of Rights

We may disclose information when we believe in good faith that disclosure is necessary to:

  • Comply with applicable law, regulation, or legal process (including lawful subpoenas, court orders, or government requests)
  • Enforce our Terms of Service or other agreements
  • Protect the rights, property, or safety of Payroll Genie, our clients, employees, or the public
  • Detect, prevent, or address fraud, security vulnerabilities, or technical issues

We will notify affected Employer Clients of legal process seeking disclosure of their employees' information to the extent permitted by law.

4.5 Business Transfers

If Payroll Genie is involved in a merger, acquisition, asset sale, or similar transaction, personal information may be transferred as part of that transaction. We will notify affected users via email or prominent notice on our platform before personal information becomes subject to a materially different privacy policy.

4.6 With Your Consent

We may share information for additional purposes with your explicit consent. You may withdraw consent at any time; withdrawal will not affect the lawfulness of prior processing.

5. Data Retention

We retain personal information only as long as necessary to fulfill the purposes described in this policy, comply with applicable legal obligations, and resolve disputes. Payroll and tax records are subject to IRS and state record retention requirements that mandate minimum retention periods.

Data CategoryRetention PeriodBasis for Retention
W-2, Form 941, Form 940, and tax filings7 years from filing dateIRS record retention requirement; statute of limitations for tax assessment
Payroll run records and calculation audit trails7 yearsIRS and state tax requirements; legal dispute resolution
Employee SSN and EINDuration of employment + 7 yearsRequired for W-2 correction (W-2c) and IRS correspondence; after 7 years, crypto-shredded
Employee bank account credentials (direct deposit)Duration of employment + 90 daysTo process final payments and resolve any outstanding ACH issues; then crypto-shredded
Employer bank account credentialsDuration of client relationship + 90 daysACH debit authorization continuity; then crypto-shredded
Plaid access tokensDuration of active bank connectionRevoked via Plaid /item/remove API on account closure or 30 days after last use
W-4 and withholding electionsDuration of employment + 4 yearsIRS requirement; potential audit support
Garnishment recordsDuration of order + 7 yearsLegal compliance; potential audit support
Security and audit logs7 yearsSOC 2 compliance; legal and regulatory requirements; forensic investigation support
Account information (employer contacts)Duration of relationship + 3 yearsBusiness records; legal dispute resolution
Website visitor data (cookies, logs)90 daysSecurity monitoring; analytics; then anonymized or deleted

Upon expiry of the applicable retention period, personal information is securely deleted or anonymized. For encrypted fields containing CR1 data (SSN, account numbers), we use crypto-shredding: the encryption key is destroyed, rendering the encrypted data permanently inaccessible.

6. How We Protect Your Information

Payroll Genie implements technical, organizational, and administrative security measures designed to protect your personal information against unauthorized access, disclosure, alteration, and destruction.

6.1 Technical Safeguards

SafeguardImplementation
Encryption at restAES-256 encryption for all sensitive data. Field-level encryption (AES-256-GCM) for Social Security Numbers, EINs, and bank account credentials, using AWS Key Management Service with dedicated per-data-class keys.
Encryption in transitTLS 1.3 for all data transmission. Plain HTTP connections are rejected. Certificate pinning on mobile applications.
Access controlsRole-based access control with least-privilege principles. Multi-factor authentication mandatory for all accounts. Just-in-Time privileged access for production systems.
Data maskingSSNs are displayed as ***-**-XXXX. Account numbers show last 4 digits only. Full values are never displayed in the user interface or stored in logs.
Network securityCloud infrastructure with network segmentation, Web Application Firewall, and DDoS protection. Production databases are not directly accessible from the internet.
Vulnerability managementRegular security scanning, annual third-party penetration testing, and dependency vulnerability monitoring.

6.2 Organizational Safeguards

  • Annual security awareness training for all employees and contractors
  • Background checks for all personnel with access to sensitive payroll data
  • Documented access provisioning and deprovisioning procedures
  • Quarterly access reviews and recertification
  • Documented incident response procedures with defined notification timelines
  • SOC 2 Type II audit program underway

Security Incident Notification

In the event of a security incident that compromises the security, confidentiality, or integrity of your personal information, we will notify affected individuals and, where required, regulatory authorities within the timeframes required by applicable law (generally 72 hours for regulatory notification and as soon as reasonably practicable for individual notification). Payroll Genie's security team can be reached at security@payrollgenie.ai.

7. Your Privacy Rights

Depending on your location and relationship with Payroll Genie, you may have the following rights with respect to your personal information.

7.1 Rights Available to All Users

RightDescription
AccessYou may request a copy of the personal information we hold about you. We will provide this in a structured, commonly used format within 30 days of a verified request.
CorrectionYou may request correction of inaccurate personal information. Employees seeking to update payroll information (name, address, W-4 elections) may do so through the employee self-service portal or by contacting their employer.
Data PortabilityYou may request your personal information in a machine-readable format (JSON or CSV) to transfer to another service provider.
DeletionYou may request deletion of your personal information, subject to our legal obligations to retain records. Payroll and tax records required by law cannot be deleted before the end of the mandatory retention period.
Objection / RestrictionYou may object to or request restriction of certain processing activities. Processing required by law or for contract performance cannot be restricted.
Withdraw ConsentWhere processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

7.2 California Residents — California Consumer Privacy Act (CCPA) / CPRA

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with specific rights regarding your personal information. This section describes your CCPA/CPRA rights and how to exercise them.

Categories of Personal Information Collected (CCPA)

In the preceding 12 months, Payroll Genie has collected the following categories of personal information as defined by the CCPA:

CCPA CategoryExamplesCollected?
IdentifiersName, SSN, EIN, email, IP addressYes — for payroll and account management
Personal information (Cal. Civ. Code §1798.80)Name, SSN, bank account number, employment informationYes — for payroll processing
Protected classification characteristicsAge (date of birth for W-4 purposes)Limited — date of birth for tax compliance only
Commercial informationN/ANo
Biometric informationN/ANo
Internet / network activityIP address, browser type, usage logsYes — for security and platform operation
Geolocation dataApproximate location from IP addressLimited — not precise GPS location
Sensory / audio dataN/ANo
Professional / employment informationJob title, compensation, hours workedYes — for payroll processing
Education informationN/ANo
InferencesN/ANo — we do not create consumer profiles
Sensitive personal informationSSN, bank account numbers, tax informationYes — required for payroll and tax compliance

Your CCPA/CPRA Rights

  • Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the purposes for collection, and the categories of third parties with whom we share it.
  • Right to Delete: You may request deletion of personal information we have collected, subject to exceptions (including legal retention obligations for payroll and tax records).
  • Right to Correct: You may request correction of inaccurate personal information.
  • Right to Opt Out of Sale or Sharing: We do not sell personal information and do not share personal information for cross-context behavioral advertising.
  • Right to Limit Use of Sensitive Personal Information: We use sensitive personal information (SSN, bank account numbers) only for the purposes of payroll processing and tax compliance as described in this policy. We do not use sensitive personal information for inferring characteristics or for advertising.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

To exercise your CCPA/CPRA rights, contact us at privacy@payrollgenie.ai or (725) 255-3685. We will respond to verified requests within 45 days, with a possible 45-day extension upon notice. We will verify your identity before processing requests involving sensitive personal information.

7.3 Nevada Residents — Nevada Revised Statutes § 603A

Nevada residents have the right to direct us not to sell their covered information. As stated throughout this policy, Payroll Genie does not sell personal information. Nevada residents may submit a request to opt out of any future sale of their information by contacting privacy@payrollgenie.ai.

7.4 Employee Rights Note

Information for Employees

If you are an employee of an Employer Client, your employer has contracted with Payroll Genie to process your payroll information. Your employer is the primary data controller for your employment information. To update your payroll details (bank account, address, tax withholding), please use the Payroll Genie employee self-service portal or contact your employer's HR department. To exercise privacy rights related to your information processed by Payroll Genie, contact us at privacy@payrollgenie.ai and identify your employer so we can locate your records.

8. Financial Privacy Notice (GLBA)

Payroll Genie is a financial institution subject to the Gramm-Leach-Bliley Act (GLBA) and the FTC Safeguards Rule due to our payroll and ACH processing activities. This section constitutes our GLBA privacy notice.

8.1 What We Collect

We collect nonpublic personal financial information (“NPFI”) about employers and employees as described in Section 2 of this policy. This includes Social Security Numbers, bank account information, and wage and tax data.

8.2 What We Disclose

We may disclose NPFI to the following categories of companies and individuals:

  • Service providers that perform payroll processing, ACH origination, and tax filing services on our behalf, including Plaid Technologies and Super Processor, Inc., under contracts requiring confidentiality
  • Government agencies as required by law (IRS, SSA, state tax agencies)
  • Other parties as required by law or with your authorization

We do not disclose NPFI to unaffiliated third parties for their own marketing purposes.

8.3 Safeguards

We maintain a comprehensive information security program designed to protect the security, confidentiality, and integrity of customer NPFI. This program includes administrative, technical, and physical safeguards as described in Section 6 of this policy and in our Information Security Policy and Procedures document.

9. Cookies and Tracking Technologies

9.1 What We Use

Cookie TypeDurationPurpose
Strictly NecessarySessionRequired for platform operation: authentication session tokens, CSRF protection tokens, MFA verification state. Cannot be disabled without breaking core platform functionality.
Functional30 daysRemember user preferences: language, time zone, dashboard layout. Disabling reduces platform convenience but does not affect core functionality.
Analytics90 daysUnderstand how users interact with the platform using aggregated, anonymized data. We use first-party analytics only; no third-party tracking pixels.
SecuritySessionTrack authentication events and device fingerprints for fraud detection and account security. Required for MFA and suspicious activity detection.

9.2 Managing Cookies

Strictly necessary and security cookies cannot be disabled without preventing core platform functions. All other cookies may be managed through your browser settings or our cookie preference center. Disabling analytics cookies does not affect your access to Payroll Genie services.

Payroll Genie does not use third-party advertising cookies, does not participate in cross-site behavioral tracking, and does not sell data derived from cookies.

10. Children's Privacy

Payroll Genie's platform is designed for use by businesses and working adults. We do not knowingly collect personal information from children under the age of 13. Our platform is not directed at children under 13.

If you are an Employer Client and have employees who are minors lawfully employed (e.g., under 18 but above 14 in compliance with applicable child labor laws), their payroll information may be processed through our platform as part of your payroll operations. This information is handled with the same protections as adult employee data.

If we become aware that we have inadvertently collected personal information from a child under 13 outside of an employment context, we will delete that information promptly. Contact privacy@payrollgenie.ai to report such a concern.

11. Third-Party Links and Integrations

Our platform may contain links to third-party websites, and we may offer integrations with third-party services (such as HR information systems or time-tracking software). This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through our platform.

Our primary third-party integrations:

  • Plaid Technologies: Used for bank account verification. Plaid's privacy policy is available at plaid.com/legal/privacy-policy.
  • Super Processor, Inc.: A related entity (Vortex AI Company) that handles ACH origination. Governed by the Payroll Genie–Super Processor service agreement.
  • Amazon Web Services: Cloud infrastructure provider. AWS's privacy practices are governed by the AWS Customer Agreement.

12. Interstate Data Transfer

Payroll Genie is headquartered in Nevada and operates infrastructure exclusively within the United States. All personal information is stored and processed in the United States. If you are located outside the United States, please be aware that your information will be transferred to and processed in the United States, which may have different data protection laws than your country of residence.

Payroll Genie does not currently offer services to employers outside the United States and does not process personal information of individuals residing outside the United States in its payroll platform. Our website is accessible internationally; website visitor data is processed in the United States.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Post the updated policy on our website at www.payrollgenie.ai/privacy with the new effective date
  • Send an email notification to Employer Client account administrators
  • Display a prominent notice within the Payroll Genie platform for 30 days following the change

We will not make retroactive changes that materially reduce your privacy protections without your consent. Your continued use of the Payroll Genie platform following notice of material changes constitutes your acceptance of the updated policy.

Non-material changes (such as clarifications, formatting corrections, or updates to contact information) may be made without specific notice beyond updating the effective date.

14. How to Contact Us

For privacy-related inquiries, requests to exercise your rights, security concerns, or questions about this policy:

Privacy Inquiries

Payroll Genie, Inc.
Attn: Privacy Officer
4276 Spring Mountain Road, Suite 200
Las Vegas, NV 89102

privacy@payrollgenie.ai

www.payrollgenie.ai

Security Incidents

For suspected security incidents or data breaches:

security@payrollgenie.ai

Report immediately — do not wait for confirmation. We will acknowledge receipt within 4 hours and initiate our incident response procedure.

We will respond to all privacy rights requests within 30 days of receipt. For complex requests, we may extend this by an additional 30 days with advance notice. We may need to verify your identity before processing requests involving sensitive personal information.

Payroll Genie, Inc. · www.payrollgenie.ai · privacy@payrollgenie.ai · Effective June 17, 2026