This Privacy Policy outlines the policies and procedures for collecting, using, disclosing, and protecting your information using our services. It also informs you of your privacy rights and how the law protects you. By using our services, you agree to the collection and use of your data as described in this policy.
Company: Refers to Hourly, Inc.
Personal Data: Any information that relates to an identified or identifiable individual.
Service Provider: Hourly, Inc. uses third-party service providers to enhance service functionality and to process specific financial data. While Hourly, Inc. will make reasonable efforts to ensure these providers operate reliably, Hourly shall not be held liable for any losses, damages, or service disruptions arising from any errors, outages, or defects in the services provided by these third-party providers. Data processed by third parties is not to be resold, sublicensed, or repurposed beyond direct end-user benefit.
Cookies: Small files placed on your device to track your activity on our website.
You: The individual accessing the service or the legal entity on behalf of which such individual is accessing the service.
Website: Refers to Hourly, Inc., accessible at https://www.hourly.io.
Usage Data: Information collected automatically through the Service (such as IP address, browser version, and usage patterns).
SOC 2 Compliance: Refers to the standards and requirements that ensure the Company’s systems are securely managed to protect customer privacy.
While using our service, we collect the following types of personal data for specific purposes:
● First and Last Name: To personalize communications, provide customer support, and manage your account.
● Contact Details (Phone number, Email, Address): To communicate service updates, offer support, and send necessary notifications.
● Social Security Number or Taxpayer Identification Number: For employment and payroll purposes, including tax compliance.
● Financial Information (Bank Account details for payroll and billing purposes): To process payments, fulfill contractual obligations, and manage transactions securely.
● Employment and Business Information (Job title, Employer information): To ensure the proper functioning of our employment-related services and manage client accounts effectively.
We automatically collect Usage Data when using the service to improve user experience and troubleshoot. We process usage data under legitimate interests to improve our service and user experience.
● Device Information (IP address, browser type, operating system): Monitor technical performance and security.
● Interactions with the Service (e.g., pages visited, time spent on pages): To analyze user behavior and improve service functionality.
● Diagnostic Data (e.g., crash reports, performance metrics): To identify and fix issues and enhance overall system stability.
We use cookies and similar tracking technologies to monitor and store certain
information about your use of our service. You can configure your browser to refuse
cookies, which may limit your ability to use some of our Service's features.
Hourly, Inc. may use your Personal Data for the following purposes:
To Provide and Maintain Our Service: Data analysis, system administration, and maintenance to ensure seamless payroll processing, account management, and service availability.
To Manage Your Account: Personal data may be required to grant you access to various functionalities as a registered user, such as setting up payroll profiles or accessing transaction histories.
For Contract Performance: To fulfill the terms of any service or product purchase contracts you enter into with us, including processing payroll disbursements and tax filings.
To Communicate with You: We may use your personal data to provide updates, notices, and support-related messages, including promotional emails about new features (with an opt-out option).
For Legal Compliance: We retain specific data to comply with applicable laws and respond to lawful requests by public authorities, including meeting national security or law enforcement requirements, such as IRS audits or labor law investigations.
Hourly, Inc. requires all third-party service providers to adhere to strict confidentiality and data protection obligations. These service providers are prohibited from using your personal data for any purpose other than the services requested. The following additional provisions apply to third-party service providers:
Data Access: Service providers have access only to the personal data required to perform their services and are subject to rigorous confidentiality agreements.
Data Retention and Processing: Service providers may only retain your personal data as long as necessary to fulfill their contractual obligations. They are obligated to adhere to Hourly, Inc.’s privacy and security policies and industry standards such as SOC 2 and GDPR.
Service Providers' Subcontractors: If a service provider employs subcontractors, they must impose the same data protection standards as set forth in our agreements with them.
We ensure compliance with applicable privacy laws, including GDPR and CCPA, in our agreements with service providers like Plaid, Inc., who must demonstrate the necessary technical and organizational measures to safeguard your data.
To provide a transparent and robust service, we process your data for additional purposes with clear legal bases and safeguards:
Analytics and Service Improvement: Usage Data (e.g., IP addresses, page visits) is analyzed using tools like Google Analytics to identify trends, enhance user interfaces, and optimize payroll workflows. This processing is based on our legitimate interest to improve service quality, with data anonymized where possible to minimize privacy impact.
Marketing and Personalization: With your consent (where required by law, e.g., GDPR/CCPA), we may use contact details to send targeted marketing emails or suggest tailored payroll features. You can opt out via the unsubscribe link in emails or the "Do Not Sell My Personal Information" link on our website.
Fraud Detection and Security: Financial and employment data (e.g., bank details, SSN) are processed to detect and prevent fraudulent activities, such as unauthorized payroll withdrawals, under our legitimate interest to protect your account and comply with anti-money laundering (AML) laws. This includes real-time monitoring and flagging anomalies, with logs retained for 12 months post-resolution.
Research and Development: Aggregated, de-identified data may be used to develop new payroll tools or industry reports, ensuring no individual is identifiable. This is grounded in our legitimate interest to innovate, with strict access controls limiting use to internal R&D teams.
Retention and Deletion: Personal Data is retained for the duration necessary to fulfill these purposes, typically aligned with payroll cycles (up to 7 years for tax compliance under IRS rules) or legal requirements. After this period, data is securely deleted or anonymized unless an exception applies (e.g., litigation holds).
We are committed to complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Under certain circumstances, individuals have the right to request data deletion.
However, given our permanent retention policy, deletion requests will be evaluated under legal obligations and applicable exceptions.
Legal Exceptions: The Company may retain certain data if required for compliance with legal obligations, ongoing contractual obligations, or litigation purposes.
For data deletion requests under GDPR or CCPA, the Company will evaluate such requests under our permanent retention policy and applicable legal exceptions.
Hourly, Inc. may disclose your personal data to third parties under the following circumstances:
Service Providers: We may share your personal data with third-party vendors who assist us in providing the Service.
Business Transactions: Personal data may be transferred in the case of mergers, acquisitions, or asset sales.
Legal Requirements: We may disclose your data if required by law or to protect the rights, property, or safety of the Company or others.
We take the security of your personal data seriously and use administrative, technical, and physical safeguards to protect it from unauthorized access, use, or disclosure. Despite these measures, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee its absolute security.
To meet SOC 2 audit requirements, we implement stringent security measures, including:
Access Control: Only authorized personnel can access your personal data, with multi-factor authentication (MFA) in place for all critical systems.
Monitoring: We perform regular audits to detect and prevent unauthorized access or data breaches.
Your information, including personal data, may be processed at the Company’s operating locations and other locations where our Service Providers operate. If we transfer your data to other jurisdictions, we ensure that adequate data protection mechanisms are in place to safeguard your personal data.
We are committed to ensuring you can exercise your data protection rights as provided by applicable privacy laws, including the General Data Protection Regulation (GDPR) and theCalifornia Consumer Privacy Act (CCPA). Depending on your location, you may have some or all of the following rights:
You have the right to request access to the personal information we have collected about you. Upon receiving a verifiable request, we will provide you with a copy of our personal data, including details about how your data is used and shared and for what purposes.
You can request a correction or update if your personal information is inaccurate or incomplete. We will promptly rectify any incorrect or outdated information upon verification.
You may request the deletion of personal information we have collected about you, subject to certain legal exceptions (such as compliance with our legal obligations, fraud prevention, or contractual requirements). If your request qualifies, we will delete your personal data and confirm the deletion.
For GDPR-compliant services, you have the right to request that we provide you with your personal data in a structured, commonly used, and machine-readable format, and you can request that we transfer it directly to another data controller.
If you are a resident of California, you have the right to opt out of the sale or share your personal information for targeted advertising or other business purposes. You can exercise this right by using the “Do Not Sell My Personal Information” link on our website or by contacting us directly.
Under GDPR, you can object to the processing of your personal data in specific circumstances, such as when it is processed for direct marketing purposes or based on legitimate interests. You may also request that we restrict our use of your data while a complaint or issue is being resolved.
Suppose you are dissatisfied with the outcome of a data request under any applicable state privacy law (such as the CCPA or other similar regulations). In that case, you have the right to appeal our decision. In our response to your request, we will provide information on how to file an appeal.
To exercise any of these rights, you can submit a verifiable request through one of the following methods:
Email: Send a detailed request to privacy@hourly.io, including your full name, the email address associated with your account, and a description of your request.
US Mail: Send your request to Hourly, Inc., 660 Homer Ave, Palo Alto, California 94301.
Please provide sufficient information regarding your request so we can verify your identity and understand its nature. We may ask for additional information, such as government-issued identification, to confirm your identity before processing your request.
We aim to respond to all verifiable requests within 30 days. If we need more time to process your request, we will notify you within this period and explain the delay, along with an estimated completion date.
To protect your privacy, we will take reasonable steps to verify your identity before fulfilling any request. This may involve requesting additional information such as proof of identity (a copy of your driver’s license) and details about your interaction with our service.
We will only use the information you provide to verify your identity and fulfill your data request. If you submit a request on behalf of another user, you may be required to provide proof of authorization (such as a power of attorney).
We comply with the Children’s Online Privacy Protection Act (COPPA) and do not knowingly collect personally identifiable information from anyone under 18. If we learn that we have inadvertently collected personal data from a minor, we will take steps to delete such information promptly. Our services are not directed at individuals under 18; we do not knowingly collect personally identifiable information from anyone under 18.
Sensitive Personal Information. We do not process sensitive personal information to infer characteristics about consumers under the California Consumer Privacy Act (“CCPA”).
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the updated policy on this page. You are advised to review this Privacy Policy periodically for any changes.
For any questions regarding this Privacy Policy or to exercise your privacy rights, please contact us:
Mail: 660 Homer Ave, Palo Alto, California 94301
Phone: +1 (650) 472-3030
Email: privacy@hourly.io
Website: https://www.hourly.io
Our pledge is simple: if our platform doesn’t meet your needs, we will refund 100% of your subscription cost for the first 90 days of service.