Emformance | All-in-One Business Management Platform

Privacy Policy

Last Updated: December 2025

INTRODUCTION

Welcome to Emformance. We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how Emformance, Inc. ("Emformance," "we," "us," or "our") collects, uses, discloses, and safeguards your information when you use our platform and services.

By using Emformance, you agree to the collection and use of information in accordance with this privacy policy.

If you do not agree to these Terms, you may not access or use the Services.

1. INFORMATION WE COLLECT

We collect several types of information from and about users of our services, including:

1.1 Information You Provide to Us

Account Registration Information:

Full name (first and last name)
Email address
Phone number
Job title and department
Company/organization name
Business address
Password (encrypted and never stored in plain text)

Organization Setup Information:

Organization name, type, and industry
Number of employees
Business registration details
Tax identification numbers (EIN)
Business address and contact information
Website URL

Employee Information (HR Module):

Employee personal details (name, date of birth, SSN/SIN)
Contact information (address, phone, emergency contacts)
Employment information (job title, department, manager, start date, employment type)
Compensation details (salary, hourly rate, bonus structure)
Benefits enrollment information
Performance review data and feedback
Time-off requests and attendance records
Training and certification records
Disciplinary actions and notes

Payroll and Financial Information:

Bank account numbers and routing numbers (for direct deposit)
Tax withholding information (W-4, T4)
Pay stubs and payroll history
Expense reports and reimbursement requests
Invoices and payment records
Credit card information (processed through Stripe, not stored by Emformance)

Project and Task Information:

Project details and descriptions
Task assignments and completion status
Time tracking and timesheet entries
File attachments and documents
Comments and collaboration notes

Communications:

Support ticket submissions and correspondence
Survey responses and feedback
Chat messages and emails sent through our platform

1.2 Information Collected Automatically

Usage Data:

IP address and geolocation data
Browser type and version
Device information (type, operating system, unique device identifiers)
Pages viewed and features used
Time spent on pages
Referring website URLs
Access times and dates

Cookies and Similar Technologies:

We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities. See Section 10 for detailed information about our cookie practices.

Log Data:

Authentication attempts and login history
API requests and responses
Error logs and system diagnostics
Security events and incident logs

1.3 Information from Third-Party Sources

Banking Information (via Plaid):

Bank account verification data
Account and routing numbers
Bank name and account holder information
Account balance information (for verification purposes only)

Payment Information (via Stripe):

Payment method details
Transaction history
Payment status and receipts

Single Sign-On (SSO) Providers:

If you authenticate using Google, Microsoft, or other SSO providers, we receive basic profile information (name, email, profile picture) as permitted by your SSO provider settings.

2. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

2.1 Platform Overview

Emformance provides a cloud-based enterprise resource planning (ERP) platform that enables organizations to manage:

2.1 Service Delivery and Operations

Account Management:
Create and manage your user account and organization profile
Payroll Processing:
Calculate and process employee payroll, including direct deposit payments and tax withholdings
Project Management:
Enable task assignment, project tracking, team collaboration, and time tracking
Financial Management:
Process invoices, expenses, and payments; generate financial reports
Communication:
Send transactional emails and in-app notifications related to your account and service usage

2.2 Service Availability

Analyze usage patterns to improve our platform features and user experience
Develop new features and services based on user needs and feedback
Conduct research and analytics to understand how users interact with our platform
Test new features and functionality with user consent

2.3 Security and Fraud Prevention

Detect, prevent, and investigate fraudulent activity, unauthorized access, and security incidents
Monitor and analyze security threats and vulnerabilities
Enforce our Terms of Service and other policies
Verify user identity and prevent account abuse

2.4 Legal Compliance

Comply with applicable laws, regulations, and legal processes
Respond to law enforcement requests and court orders
Protect our legal rights and interests
Maintain records for tax, accounting, and regulatory purposes

2.5 Marketing and Communications (With Your Consent)

Send promotional emails about new features, updates, and special offers (you can opt-out anytime)
Conduct customer satisfaction surveys and request feedback
Provide customer support and respond to inquiries
Invite you to webinars, events, and training sessions

3. HOW WE SHARE YOUR INFORMATION

We do not sell your personal information to third parties. We share your information only in the following circumstances:

3.1 Service Providers and Business Partners

We engage trusted third-party service providers to perform functions on our behalf, including:

Payment Processing:

Stripe:
Credit card payment processing and subscription management
Plaid:
Bank account verification and connectivity for payroll direct deposit

Cloud Infrastructure:

Amazon Web Services (AWS):
Cloud hosting, data storage, and computing services

Communication Services:

Email delivery service providers for transactional and marketing emails
SMS providers for two-factor authentication and notifications

Analytics and Monitoring:

Usage analytics platforms to understand how users interact with our services
Error monitoring and performance tracking tools

Customer Support:

Help desk and ticketing systems to manage support inquiries

All service providers are contractually obligated to use your information only for the purposes of providing services to us and to implement appropriate security measures.

3.2 Within Your Organization

If you are using Emformance as part of an organization:

Administrators
Administrators can access and manage organization-wide settings, user accounts, and data
HR Managers
HR Managers can access employee records, payroll information, and performance data
Department Managers
Department Managers can access information about their direct reports and team members
Team Members
Team Members can access shared project information, task assignments, and collaboration tools

Your organization's administrator controls what information is shared within the organization and with whom.

3.3 Legal Requirements and Protection of Rights

We may disclose your information if required to do so by law or if we believe such action is necessary to:

Comply with legal obligations, court orders, or government requests
Enforce our Terms of Service and other agreements
Protect the rights, property, or safety of Emformance, our users, or the public
Detect, prevent, or investigate security incidents, fraud, or illegal activity

3.4 Business Transfers

If Emformance is involved in a merger, acquisition, asset sale, bankruptcy, or other business transaction, your information may be transferred to the acquiring entity. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

3.5 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

4. DATA RETENTION

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

4.1 Retention Periods

Data Type	Retention Period	Legal Basis
Active Account Data	Duration of subscription + 90 days	Contractual necessity
Employee Records	7 years after termination	Legal compliance (IRS, DOL, state laws)
Payroll Records	7 years	IRS and state tax regulations
Financial Transactions	7 years	Accounting standards, tax regulations
Audit Logs	1-3 years	Security and compliance
Support Tickets	3 years	Customer service improvement
Marketing Data	Until opt-out or 2 years of inactivity	Legitimate interest (with consent)
Backup Data	90 days	Business continuity

4.2 Data Deletion

When Personal Information Is No Longer Needed, We Securely Delete Or Anonymize It. You Can Request Deletion Of Your Personal Information At Any Time (See Section 6 For Details On Your Rights).

Deleted Data Is Permanently Removed From Our Active Systems Within 30 Days, And From Backup Systems Within 90 Days.

5. DATA SECURITY

We implement appropriate technical and organizational security measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction.

5.1 Security Measures

Encryption:

All data in transit is encrypted using TLS 1.2 or higher
All data at rest is encrypted using AES-256 encryption
Database encryption is enabled on all production databases

Access Controls:

Role-based access control (RBAC) limits data access to authorized personnel only
Multi-factor authentication (MFA) is required for administrative access
User accounts are locked after 3 failed login attempts
Sessions automatically timeout after 30 minutes of inactivity

Network Security:

Firewalls and security groups restrict network access
Intrusion detection and prevention systems monitor for threats
Regular security patches and updates are applied

Monitoring and Logging:

All authentication attempts and administrative actions are logged
Security logs are retained for at least 1 year and reviewed monthly
Automated alerts notify our security team of suspicious activity

Third-Party Security:

All third-party service providers must maintain SOC 2 or equivalent certifications
Data Processing Agreements (DPAs) are in place with all vendors handling personal data

For more information about our security practices, please refer to our Information Security Policy available upon request.

5.2 Security Limitations

Despite our security measures, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

You are responsible for:

Maintaining the confidentiality of your password
Restricting access to your computer and devices
Logging out after using shared devices
Promptly notifying us of any unauthorized access to your account

6. YOUR PRIVACY RIGHTS

Depending on your location, you may have certain rights regarding your personal information:

6.1 Rights for All Users

Access and Portability:
You have the right to access your personal information and request a copy in a portable format (CSV, JSON, or PDF).
Correction:
You have the right to request correction of inaccurate or incomplete personal information.
Deletion:
You have the right to request deletion of your personal information, subject to legal retention requirements.
Opt-Out of Marketing:
You have the right to opt out of marketing communications at any time by clicking "Unsubscribe" in our emails or contacting us.

6.2 Additional Rights for EU/EEA Residents (GDPR)

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):

Right to Restriction:
You can request that we restrict processing of your personal information in certain circumstances.
Right to Object:
You can object to processing of your personal information based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent:
Where we process your information based on consent, you can withdraw consent at any time.
Right to Lodge a Complaint:
You have the right to lodge a complaint with your local data protection authority.
Legal Basis for Processing
We process your personal information based on:
- Contractual Necessity:
  To provide our services as outlined in our Terms of Service
- Legal Obligation:
  To comply with applicable laws and regulations
- Legitimate Interests:
  To improve our services, prevent fraud, and ensure security
- Consent:
  For marketing communications and optional features (you can withdraw consent anytime)
Data Protection Officer:
For GDPR-related inquiries, contact our Data Protection Officer at: privacy@emformance.com

6.3 Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know:
You can request information about the categories and specific pieces of personal information we've collected, the sources, purposes, and third parties with whom we share it.
Right to Delete:
You can request deletion of your personal information, subject to certain exceptions.
Right to Opt-Out of Sale:
You have the right to opt out of the "sale" of your personal information. We do not sell your personal information.
Right to Non-Discrimination:
We will not discriminate against you for exercising your privacy rights.
Right to Correct:
You can request correction of inaccurate personal information.
Right to Limit Use of Sensitive Personal Information:
You can request that we limit use of your sensitive personal information (we only use it for permitted business purposes).
Authorized Agent:
You may designate an authorized agent to make requests on your behalf. We may require proof of authorization.
Shine the Light:
Under California's "Shine the Light" law, you can request information about disclosure of personal information to third parties for direct marketing purposes. We do not share personal information for third-party direct marketing.

6.4 Additional Rights for Canadian Residents (PIPEDA)

If you are a Canadian resident, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA):

Right to Access:
You can request access to your personal information and information about how it's used.
Right to Correct:
You can request correction of inaccurate personal information.
Right to Withdraw Consent:
You can withdraw consent for processing at any time (subject to legal or contractual restrictions).
Right to File a Complaint:
You can file a complaint with the Office of the Privacy Commissioner of Canada.

6.5 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email:
privacy@emformance.com
Phone:
+1 469-843-0206
Mail:
Emformance, Inc., 4012 Williamsburg Court Fairfax, VA 22032

We will respond to your request within 30 days (45 days for CCPA requests). We may require identity verification to process your request.

7. INTERNATIONAL DATA TRANSFERS

Emformance is based in the United States. If you are accessing our services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

7.1 EU-U.S. Data Transfers

For transfers of personal data from the EU/EEA to the United States, we rely on:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions where applicable
Your explicit consent where applicable

We implement appropriate safeguards to ensure that your personal information remains protected in accordance with this Privacy Policy and applicable data protection laws.

7.2 Data Processing Agreements

We enter into Data Processing Agreements (DPAs) with our customers that act as data controllers, outlining our obligations as a data processor. Contact us at privacy@emformance.com to request a DPA.

8. CHILDREN'S PRIVACY

Emformance is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@emformance.com and we will promptly delete such information from our systems.

9. THIRD-PARTY LINKS AND SERVICES

Our platform may contain links to third-party websites, applications, or services that are not owned or controlled by Emformance. This Privacy Policy does not apply to third-party websites or services.

We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services before providing them with your personal information.

Third-party integrations we use:

Plaid:
https://plaid.com/legal/#privacy-policy
Stripe:
https://stripe.com/privacy
Amazon Web Services (AWS):
https://aws.amazon.com/privacy/

10. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar tracking technologies to collect information about your browsing activities and to provide, maintain, and improve our services.

10.1 Types of Cookies We Use

Strictly Necessary Cookies:
These cookies are essential for the operation of our website and services. They enable core functionality such as authentication, security, and session management. You cannot opt out of these cookies.
Functional Cookies:
These cookies enable enhanced functionality and personalization, such as remembering your preferences and settings. You can control these cookies through your browser settings.
Analytics Cookies:
These cookies help us understand how users interact with our services by collecting and reporting usage information. We use this data to improve our platform.
Marketing Cookies:
These cookies are used to deliver relevant advertisements and track campaign effectiveness. You can opt out of marketing cookies through your browser settings or our cookie preference center.

10.2 Cookie Management

Browser Controls:
Most web browsers automatically accept cookies, but you can modify your browser settings to decline cookies or alert you when cookies are being sent. Please note that disabling cookies may affect the functionality of our services.
Cookie Preference Center:
You can manage your cookie preferences through our Cookie Preference Center available at the bottom of our website.
Do Not Track (DNT):
We do not currently respond to Do Not Track (DNT) signals because there is no industry standard for how to interpret them.

10.3 Similar Technologies

In addition to cookies, we may use:

Web Beacons (Pixels):
Small graphic images embedded in emails or web pages to track user activity and email open rates
Local Storage:
Browser storage mechanisms to save data locally on your device
Session Storage:
Temporary storage that is deleted when you close your browser

11. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

Notice of Changes:

We will post the updated Privacy Policy on this page with a new "Last Updated" date
For material changes, we will provide prominent notice (such as an email notification or in-app banner) at least 30 days before the changes take effect
Your continued use of our services after changes become effective constitutes acceptance of the updated Privacy Policy

Review Regularly:

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Version History:

Previous versions of this Privacy Policy are available upon request by contacting privacy@emformance.com.

12. CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Emformance Privacy Team

Email:
privacy@emformance.com
Phone:
+1 469-843-0206
Mail:
Info@Emformance.com
4012 Williamsburg Court Fairfax, VA 22032
Data Protection Officer (for GDPR inquiries):
privacy@emformance.com
Response Time:
We will respond to your inquiry within 30 days (45 days for CCPA requests).

13. SPECIFIC DISCLOSURES

13.1 California Privacy Disclosures

Categories of Personal Information Collected (Last 12 Months):

Identifiers (name, email, phone, IP address)
Commercial information (purchase history, transaction records)
Financial information (bank account numbers, payment card details)
Employment information (job title, salary, performance reviews)
Biometric information (none collected)
Internet activity (browsing history, usage data)
Geolocation data (approximate location from IP address)
Sensory information (none collected)
Professional information (job title, employer)
Education information (training certifications)
Inferences (preferences, characteristics, behavior)

Business Purposes for Collection:

Service delivery and fulfillment
Security and fraud prevention
Service improvement and development
Legal compliance
Marketing and communications (with consent)

Categories of Third Parties with Whom We Share Information:

Service providers (payment processors, cloud infrastructure, analytics)
Within your organization (administrators, HR managers, team members)
Legal and regulatory authorities (when required by law)
Business transaction parties (in case of merger or acquisition)

Sensitive Personal Information:

We collect and use sensitive personal information (SSN, financial account information) only for the following permitted purposes:

Performing services requested by you (payroll processing, direct deposit)
Security and integrity of systems
Fraud prevention
Legal compliance

We do not sell or share personal information for cross-context behavioral advertising.

13.2 Nevada Privacy Disclosures

Nevada residents have the right to opt out of the sale of personal information. We do not sell your personal information. If you have questions, contact privacy@emformance.com.

14. ADDITIONAL INFORMATION

14.1 Automated Decision-Making

We may use automated systems to analyze usage patterns and detect fraudulent activity. These automated processes do not make decisions that produce legal or similarly significant effects without human oversight.

If you are subject to automated decision-making and wish to request human review, contact privacy@emformance.com.

14.2 Data Minimization

We collect only the personal information necessary to provide our services and fulfill the purposes outlined in this Privacy Policy. We do not collect excessive or irrelevant information.

14.3 Transparency Reports

We may publish transparency reports disclosing the number and nature of government requests for user information we receive. These reports are available upon request.

APPENDIX: COOKIE LIST

Below is a list of cookies we use on our platform:

Cookie Name	Retention Period	Type	Duration
session_id	Maintains user session and authentication	Strictly Necessary	Session
carton	Prevents cross-site request forgery attacks	Strictly Necessary	Session
user_preferences	Stores user interface preferences	Functional	1 year
_ga	Google Analytics tracking	Analytics	2 years
_gid	Google Analytics session tracking	Analytics	24 hours
remember me	Remembers login credentials (if opted in)	Functional	30 days

Privacy Policy

Last Updated: December 2025

INTRODUCTION

Welcome to Emformance. We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how Emformance, Inc. ("Emformance," "we," "us," or "our") collects, uses, discloses, and safeguards your information when you use our platform and services.

By using Emformance, you agree to the collection and use of information in accordance with this privacy policy.

If you do not agree to these Terms, you may not access or use the Services.

1. INFORMATION WE COLLECT

We collect several types of information from and about users of our services, including:

1.1 Information You Provide to Us

Account Registration Information:

Full name (first and last name)

Email address

Phone number

Job title and department

Company/organization name

Business address

Password (encrypted and never stored in plain text)

Organization Setup Information:

Organization name, type, and industry

Number of employees

Business registration details

Tax identification numbers (EIN)

Business address and contact information

Website URL

Employee Information (HR Module):

Employee personal details (name, date of birth, SSN/SIN)

Contact information (address, phone, emergency contacts)

Employment information (job title, department, manager, start date, employment type)

Compensation details (salary, hourly rate, bonus structure)

Benefits enrollment information

Performance review data and feedback

Time-off requests and attendance records

Training and certification records

Disciplinary actions and notes

Payroll and Financial Information:

Bank account numbers and routing numbers (for direct deposit)

Tax withholding information (W-4, T4)

Pay stubs and payroll history

Expense reports and reimbursement requests

Invoices and payment records

Credit card information (processed through Stripe, not stored by Emformance)

Project and Task Information:

Project details and descriptions

Task assignments and completion status

Time tracking and timesheet entries

File attachments and documents

Comments and collaboration notes

Communications:

Support ticket submissions and correspondence

Survey responses and feedback

Chat messages and emails sent through our platform

1.2 Information Collected Automatically

Usage Data:

IP address and geolocation data

Browser type and version

Device information (type, operating system, unique device identifiers)

Pages viewed and features used

Time spent on pages

Referring website URLs

Access times and dates

Cookies and Similar Technologies:

We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities. See Section 10 for detailed information about our cookie practices.

Log Data:

Authentication attempts and login history

API requests and responses

Error logs and system diagnostics

Security events and incident logs

1.3 Information from Third-Party Sources

Banking Information (via Plaid):

Bank account verification data

Account and routing numbers

Bank name and account holder information

Account balance information (for verification purposes only)

Payment Information (via Stripe):

Payment method details

Transaction history

Payment status and receipts

Single Sign-On (SSO) Providers:

If you authenticate using Google, Microsoft, or other SSO providers, we receive basic profile information (name, email, profile picture) as permitted by your SSO provider settings.

2. HOW WE USE YOUR INFORMATION