Privacy Policy

1. Information We Collect

Personal Data

When you create an account or use our Service, we may collect personally identifiable information including your name, email address, phone number, mailing address, job title, and professional role within your organization.

Financial Data

To facilitate payroll processing, we collect sensitive financial information such as Social Security Numbers (SSNs), Employer Identification Numbers (EINs), bank account and routing numbers, salary and compensation details, tax withholding elections, and payment histories. This data is encrypted at rest using AES-256 encryption.

Usage Data

We automatically collect certain information when you access the Service, including your IP address, browser type and version, operating system, referring URLs, pages visited, time and date of your visit, time spent on pages, and other diagnostic data.

Cookies

We use cookies and similar tracking technologies to maintain your session, remember your preferences, and understand how you interact with our Service. See Section 7 for more detail.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide and maintain the Service, including payroll processing, tax calculations, and form generation (W-2, 1099-NEC, 941, 940).
• To create and manage your account, authenticate your identity, and enforce role-based access controls.
• To process transactions and send you related information, including pay stubs, tax documents, and filing confirmations.
• To communicate with you about updates, security alerts, and administrative messages related to your account or the Service.
• To monitor and analyze usage trends to improve the Service, user experience, and product functionality.
• To detect, prevent, and address fraud, security vulnerabilities, and technical issues.
• To comply with legal obligations, including tax reporting requirements and regulatory filings.

3. Information Sharing

We do not sell your personal information. We may share your data with the following categories of third-party service providers who assist us in operating the Service:

• Email Delivery (SendGrid): We use SendGrid to send transactional emails such as invitations, password resets, and payroll notifications. Your email address and message content are shared with SendGrid for delivery purposes.
• Cloud Storage (Cloudflare R2): Documents such as W-9 forms and other uploaded files are stored in Cloudflare R2 with tenant-level isolation. Files are organized by tenant and accessible only through time-limited presigned URLs.
• Hosting and Infrastructure (Railway / Vercel): Our application and databases are hosted on Railway and Vercel. These providers may process request data, logs, and performance metrics as part of their hosting services.

We may also disclose your information if required to do so by law, in response to valid legal process, to protect our rights or property, or in connection with a merger, acquisition, or sale of assets.

4. Data Security

We implement robust technical and organizational measures to protect your data:

• Encryption at rest: Sensitive data such as Social Security Numbers (SSNs) and Employer Identification Numbers (EINs) are encrypted using AES-256 encryption before being stored in our database.
• Encryption in transit: All data transmitted between your browser and our servers is protected using TLS (Transport Layer Security).
• Multi-tenant isolation: Row-level security (RLS) policies ensure that each organization’s data is strictly isolated from other tenants.
• Access controls: Role-based access controls limit data visibility based on user roles (business administrators, CPA staff, employees, contractors).
• Audit logging: Decryption of sensitive data is logged for audit purposes.

While we strive to use commercially acceptable means to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your personal and financial data for as long as your account is active or as needed to provide you with the Service. We may also retain certain data as required by law, including tax records which must be kept in accordance with IRS record-keeping requirements (generally a minimum of four years for payroll tax records). When data is no longer needed, we will securely delete or anonymize it.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Right to Access: You may request a copy of the personal data we hold about you.
• Right to Correction: You may request that we correct inaccurate or incomplete personal data.
• Right to Deletion: You may request deletion of your personal data, subject to legal retention requirements (for example, tax records we are required to maintain).
• Right to Data Export: You may request a machine-readable export of your personal data.

To exercise any of these rights, please contact us at privacy@dataentropy.io. We will respond to verified requests within 30 days.

7. Cookies and Tracking Technologies

We use the following types of cookies:

• Essential Cookies: Required for the Service to function, including session authentication and security tokens. These cannot be disabled.
• Preference Cookies: Used to remember your settings and preferences, such as language and display options.
• Analytics Cookies: Help us understand how visitors interact with the Service so we can improve functionality and user experience. These cookies collect information in an aggregated and anonymous form.

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features of the Service.

8. Children’s Privacy

The Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently gathered personal data from a child under 13, we will take reasonable steps to delete that information promptly. If you believe we have collected information from a child under 13, please contact us at privacy@dataentropy.io.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the purpose for collecting it, and the categories of third parties with whom we share it.
• Right to Delete: You may request deletion of the personal information we have collected, subject to certain exceptions.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
• No Sale of Data: We do not sell personal information to third parties as defined under the CCPA.

To make a CCPA request, contact us at privacy@dataentropy.io. We may require verification of your identity before fulfilling your request.

10. International Users

KronIQ is operated from the United States. If you are accessing the Service from outside the United States, please be aware that your data may be transferred to, stored, and processed in the United States where our servers are located and our central database operates. By using the Service, you consent to the transfer of your information to the United States, which may have different data protection laws than your country of residence.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the “Effective date” at the top of this page and, where appropriate, sending you an email notification. We encourage you to review this policy periodically to stay informed about how we protect your information.

12. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us: