Privacy Policy

**Last Updated:** January 18, 2025

Number Ready ("we," "our," or "us") operates the Number Ready payroll calculation platform at numbeready.com (the "Service"). This Privacy Policy explains how we collect, use, share, and protect your personal information.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

Name and email address

Company/business name

Password (encrypted and never stored in plaintext)

Payment information (processed securely through Stripe)

1.2 Employee and Payroll Data

To provide payroll calculation services, we process:

Employee information (names, employee IDs, positions/jobs)

Compensation details (wages, salaries, bonuses, commissions)

Hours worked and time tracking data

Payroll calculations and results

Tax-related information (as applicable to payroll calculations)

**Important:** We do not collect Social Security Numbers, bank account details, or tax filing information unless explicitly required for integration with third-party payroll processors.

1.3 Integration Data

When you connect third-party services:

**ClubReady credentials:** OAuth tokens for time tracking synchronization (encrypted, auto-expire after session)

**Gusto credentials:** OAuth tokens for payroll export (encrypted, revocable by you)

Integration preferences and settings

1.4 Usage Data

We automatically collect:

Pages visited and features used

Payroll periods accessed and calculation history

Time spent on the Service

Device information (browser type, operating system, IP address)

Log data (access times, error messages, performance metrics)

1.5 Cookies and Similar Technologies

We use cookies to:

Maintain your login session

Remember your preferences

Analyze Service usage

Provide security features

You can control cookies through your browser settings.

2. How We Use Your Information

We use collected information to:

**Provide the Service:** Calculate payroll, sync time tracking data, export to payroll processors

**Communicate with you:** Send account updates, payroll notifications, support responses

**Improve the Service:** Analyze usage patterns, fix bugs, develop new features

**Process payments:** Handle subscription billing through Stripe

**Ensure security:** Detect fraud, prevent unauthorized access, comply with legal obligations

**Comply with laws:** Meet tax, employment, and regulatory requirements

We do not:

Sell your personal information to third parties

Use your data for advertising purposes

Share employee data with anyone except as described in this policy

3. How We Share Your Information

3.1 Third-Party Service Providers

We share data with trusted partners who help us operate the Service:

|----------|---------|-------------|----------|

All third-party providers are contractually obligated to protect your data and use it only for the purposes we specify.

3.2 Legal Requirements

We may disclose information if required by law, such as:

Responding to subpoenas, court orders, or legal processes

Protecting our rights, property, or safety

Investigating fraud or security issues

Complying with tax, employment, or regulatory obligations

3.3 Business Transfers

If Number Ready is involved in a merger, acquisition, or asset sale, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

3.4 With Your Consent

We may share information for other purposes with your explicit consent.

4. Data Retention

We retain your information for as long as necessary to provide the Service and comply with legal obligations:

| Data Type | Retention Period | Reason |

|-----------|------------------|---------|

| **Active account data** | While subscription is active | Provide ongoing service |

| **Inactive accounts** | 30-day grace period | Allow reactivation |

| **Deleted accounts** | 30-day soft delete, then permanent | Allow recovery, then comply with deletion request |

| **Payroll records** | 7 years after termination | Tax and employment law compliance (IRS, FLSA, state laws) |

| **Payment history** | 7 years | Tax compliance and fraud prevention |

| **Application logs** | 90 days | Security monitoring and debugging |

| **Security logs** | 1 year | Incident investigation and compliance |

| **Audit trails** | 7 years | Legal and regulatory compliance |

| **Backups** | 30 days | Disaster recovery |

After retention periods expire, data is permanently deleted and cannot be recovered.

5. Data Security

We implement industry-standard security measures to protect your information:

5.1 Encryption

**In transit:** All data transmitted using TLS 1.3 encryption (HTTPS)

**At rest:** Database encrypted with AES-256 encryption

**OAuth tokens:** Encrypted before storage, automatically expire

**Passwords:** Hashed using bcrypt (never stored in plaintext)

5.2 Access Controls

Multi-factor authentication (MFA) required for all administrative access

Role-based access control (RBAC) limits data access

Regular access reviews and principle of least privilege

Database access restricted to authorized systems only

5.3 Infrastructure Security

Hosted on SOC 2 Type 2 certified infrastructure (Vercel, Neon/Supabase)

Automatic security patching and updates

DDoS protection and web application firewall

Continuous security monitoring and alerting

5.4 Monitoring & Incident Response

24/7 automated security monitoring

Incident response procedures with defined SLAs

Regular vulnerability scanning and penetration testing (planned)

Security breach notification within 72 hours (per GDPR)

**No system is 100% secure.** While we implement robust security measures, we cannot guarantee absolute security. If you discover a security vulnerability, please report it to security@numbeready.com.

6. Your Rights and Choices

6.1 Access and Correction

You can access and update your account information at any time through your account settings.

6.2 Data Portability

You can export your payroll data in standard formats (CSV, Excel) directly from the Service.

6.3 Deletion

You can request deletion of your account and associated data by:

Deleting your account through account settings, OR

Emailing support@numbeready.com

**Note:** We may retain certain data for legal compliance (e.g., payroll records for 7 years per IRS requirements).

6.4 Opt-Out of Marketing Communications

You can unsubscribe from marketing emails using the "Unsubscribe" link in any email.

**Note:** You cannot opt out of transactional emails (e.g., password resets, subscription receipts, security alerts).

6.5 California Residents (CCPA)

If you are a California resident, you have additional rights:

Right to know what personal information we collect, use, and share

Right to delete personal information (subject to legal exceptions)

Right to opt out of "sale" of personal information (we do not sell your information)

Right to non-discrimination for exercising these rights

To exercise these rights, contact us at privacy@numbeready.com.

6.6 European Union Residents (GDPR)

If you are in the EU/EEA, you have additional rights:

Right of access and rectification

Right to erasure ("right to be forgotten")

Right to restrict processing

Right to data portability

Right to object to processing

Right to withdraw consent

Right to lodge a complaint with a supervisory authority

To exercise these rights, contact us at privacy@numbeready.com.

Legal Basis for Processing (GDPR):

**Contract performance:** Processing necessary to provide the Service

**Legal obligation:** Compliance with tax, employment, and regulatory laws

**Legitimate interests:** Improving the Service, security, fraud prevention

**Consent:** Marketing communications, optional features

7. Children's Privacy

Number Ready is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@numbeready.com.

8. International Data Transfers

Your information is stored and processed in the United States. If you are accessing the Service from outside the United States, your information will be transferred to, stored, and processed in the United States.

For EU/EEA users, we rely on:

Standard Contractual Clauses (SCCs) approved by the European Commission

Adequacy decisions where applicable

Other lawful transfer mechanisms as required

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date.

**Material changes** will be communicated via:

Email notification to registered users

Prominent notice on the Service

30 days' advance notice before changes take effect

Continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

10. Third-Party Links

The Service may contain links to third-party websites or services (e.g., ClubReady, Gusto). This Privacy Policy does not apply to those third parties. Please review their privacy policies before providing any information.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us:

Number Ready

**Email:** privacy@numbeready.com

**Support:** support@numbeready.com

**Security Issues:** security@numbeready.com

For data protection inquiries or to exercise your rights, email privacy@numbeready.com with:

Your name and account email

Description of your request

Any supporting information

We will respond to all requests within 30 days.

12. Data Protection Officer

For GDPR-related inquiries, you may contact:

**Data Protection Officer:** Thomas Barker

**Email:** privacy@numbeready.com

Number Ready is committed to protecting your privacy and maintaining the security of your information. Thank you for trusting us with your payroll data.