Payologic

Privacy Policy

Effective Date: February 1, 2026 | Last Updated: February 1, 2026

Introduction

Payologic ("Company," "we," "us," or "our") operates the Payologic platform (the "Service"), a time tracking and payroll management solution for remote engineering teams and contractors.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Service. We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and the Personal Information Protection and Electronic Documents Act (PIPEDA).

By accessing or using our Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

1. Information We Collect

1.1 Information You Provide Directly
  • Account Information

    Name, email address, password (encrypted), organization name, job title, and profile photo.

  • Payment Information

    Billing address, payment method details (processed securely by our payment processor Stripe), and transaction history.

  • Contractor Information

    For organizations: contractor names, email addresses, hourly rates, payment preferences, and banking information for payroll processing.

  • Time Tracking Data

    Hours worked, project assignments, task descriptions, and approval workflows.

  • Communications

    Messages you send to us, support requests, and feedback.

1.2 Information Collected Automatically
  • Device Information

    IP address, browser type, operating system, device identifiers, and timezone.

  • Usage Data

    Pages visited, features used, time spent on the Service, and interaction patterns.

  • Cookies and Similar Technologies

    Session cookies for authentication, preference cookies, and analytics cookies. See our Cookie Policy for details.

  • Log Data

    Server logs including access times, error logs, and security events.

1.3 Information from Third Parties
  • Integration Data

    When you connect third-party services (GitHub, Jira, Slack), we receive information necessary to provide the integration features.

  • Single Sign-On

    If you authenticate via Google, we receive your basic profile information as authorized by you.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and maintain the Service, including time tracking and payroll features
  • Process payments and contractor payroll
  • Authenticate users and secure accounts
  • Send transactional communications (account verification, payment confirmations, security alerts)
  • Provide customer support and respond to inquiries
  • Analyze usage patterns to improve our Service
  • Detect, prevent, and address fraud, security issues, and technical problems
  • Comply with legal obligations and enforce our terms
  • Send marketing communications (with your consent, where required)
Legal Bases for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

  • Contract Performance

    Processing necessary to provide our Service to you.

  • Legitimate Interests

    For security, fraud prevention, service improvement, and business operations.

  • Legal Obligation

    When required to comply with applicable laws.

  • Consent

    For marketing communications and optional features.

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers

    With trusted third parties who assist in operating our Service (cloud hosting, payment processing, email delivery, analytics). These providers are contractually bound to protect your data.

  • Within Your Organization

    Time tracking and contractor data is shared with authorized administrators within your organization as part of the Service functionality.

  • Business Transfers

    In connection with a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.

  • Legal Requirements

    When required by law, court order, or governmental authority, or to protect our rights, safety, or property.

  • With Your Consent

    When you have given explicit consent to share your information.

Our Service Providers

We work with the following categories of service providers:

  • Cloud Infrastructure: Amazon Web Services (AWS)
  • Payment Processing: Stripe
  • Email Services: Resend
  • Analytics: Google Analytics (anonymized)
  • Security: Google reCAPTCHA

4. Data Retention

We retain your personal information for as long as necessary to:

  • Provide our Service to you
  • Comply with legal obligations (e.g., tax records, audit requirements)
  • Resolve disputes and enforce our agreements

Specific retention periods:

  • Account Data

    Retained while your account is active, plus 30 days after deletion request.

  • Financial Records

    Retained for 7 years as required by tax and accounting regulations.

  • Time Tracking Data

    Retained for the duration of your subscription plus 3 years for audit purposes.

  • Log Data

    Security logs retained for 1 year; analytics data for 26 months.

5. Data Security

We implement robust security measures to protect your personal information:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Secure password hashing using industry-standard algorithms
  • Two-factor authentication (2FA) support
  • Regular security audits and penetration testing
  • Access controls and principle of least privilege
  • SOC 2 Type II compliance (in progress)
  • Employee security training and background checks

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. International Data Transfers

Our Service is operated from the United States. If you are accessing our Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States.

For transfers from the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements (DPAs) with our service providers
  • Supplementary measures to ensure adequate protection

For transfers from Canada, we ensure compliance with PIPEDA requirements for cross-border data transfers.

7. Your Privacy Rights

7.1 Rights for EEA, UK, and Swiss Residents (GDPR)

Under the General Data Protection Regulation, you have the following rights:

  • Right to Access

    Request a copy of the personal data we hold about you.

  • Right to Rectification

    Request correction of inaccurate or incomplete data.

  • Right to Erasure

    Request deletion of your personal data (subject to legal retention requirements).

  • Right to Restrict Processing

    Request limitation of how we use your data.

  • Right to Data Portability

    Receive your data in a structured, machine-readable format.

  • Right to Object

    Object to processing based on legitimate interests or for direct marketing.

  • Right to Withdraw Consent

    Withdraw consent at any time where processing is based on consent.

  • Right to Lodge a Complaint

    File a complaint with your local data protection authority.

7.2 Rights for California Residents (CCPA/CPRA)

Under the California Consumer Privacy Act and California Privacy Rights Act, California residents have the following rights:

  • Right to Know

    Request disclosure of categories and specific pieces of personal information collected, sources, purposes, and third parties with whom we share it.

  • Right to Delete

    Request deletion of personal information we have collected.

  • Right to Correct

    Request correction of inaccurate personal information.

  • Right to Opt-Out of Sale/Sharing

    We do not sell or share your personal information for cross-context behavioral advertising.

  • Right to Limit Use of Sensitive Personal Information

    Limit how we use sensitive personal information (we only use it for providing our Service).

  • Right to Non-Discrimination

    We will not discriminate against you for exercising your privacy rights.

Categories of Personal Information Collected: Identifiers, financial information, commercial information, internet activity, geolocation data, professional information, and inferences drawn from the above.

7.3 Rights for Canadian Residents (PIPEDA)

Under the Personal Information Protection and Electronic Documents Act, you have the right to:

  • Access

    Request access to your personal information held by us.

  • Correction

    Request correction of inaccurate or incomplete information.

  • Withdraw Consent

    Withdraw consent to the collection, use, or disclosure of your information.

  • Complaint

    File a complaint with the Office of the Privacy Commissioner of Canada.

8. Exercising Your Rights

To exercise any of your privacy rights, you may:

  • Email us

    Send a request to [click to reveal email]

  • Use in-app settings

    Access, download, or delete your data from your account settings.

  • Contact support

    Reach our team at [click to reveal email]

We will respond to verifiable requests within 30 days (or 45 days for complex requests, with notice). We may need to verify your identity before processing your request.

If you are making a request on behalf of a California resident, you must provide written authorization from that individual.

9. Children's Privacy

Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [click to reveal email].

10. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. Our Service currently does not respond to DNT signals. However, you can manage your cookie preferences through your browser settings or our cookie consent tool.

11. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our Service.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the 'Last Updated' date
  • Sending an email notification for significant changes

We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us by email:

Payologic

Privacy Inquiries: [click to reveal email]

General Support: [click to reveal email]

For EEA residents, you may also contact your local Data Protection Authority. A list of EU Data Protection Authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en

© 2026 Payologic. All rights reserved.