Privacy Policy

We protect sensitive fields with encryption, role-based access, and audit trails. We do not sell your data. You can request an export or deletion at any time, subject to records we are legally required to keep. We only collect what we need to run onboarding, time, payroll preparation, and the rest of the service.

The sections below are the legal version — if anything here conflicts with that summary, the legal text governs, but we’ll do our best to keep them in sync.

We collect only what we need to run payroll, onboard employees, and keep your account working. This includes:

• Account data — email, name, company role, hashed password, and authentication metadata.
• Employer data — business name, EIN, state tax IDs, bank account for funding payroll, and pay schedules.
• Employee data (under your instruction as data controller) — name, address, SSN or ITIN, bank account for direct deposit, W-4 and state-equivalent elections, I-9 documents, pay rates, and timesheets.
• Usage data — IP address, device type, pages visited, actions taken. Used for security, fraud prevention, and product improvement.

We use the data you give us to provide the service you signed up for: onboarding employees, collecting timesheets, calculating wages and tax previews, preparing payroll records for configured providers, and keeping audit-ready records.

We use aggregated, non-identifiable usage data to improve the product. We do not use your payroll data or employee data to train machine-learning models.

Data is stored with our managed application, database, and storage providers in production U.S. regions. Sensitive payroll fields such as SSNs and bank account numbers are encrypted at the field level before persistence. Traffic between your browser and our services is encrypted in transit.

We rely on established processors for hosting, database, storage, payments, email, and bank-linking services. A current subprocessor list is available on request from privacy@moneyloop.ai.

Internally, access is limited by role and production access is kept to the people operating or supporting the service. The app records privileged reads and writes to an audit log where those controls have been implemented.

We share data with third-party processors only where necessary to deliver the service, such as payment providers, bank-linking providers, email delivery, and document storage.

• Access. Request a copy of the personal data we hold about you.
• Correction. Ask us to fix anything that is wrong.
• Deletion. Ask us to delete your data (subject to retention rules below).
• Portability. Request your data in a machine-readable format.
• Objection. Object to any processing that is based on our legitimate interests.

To exercise any of these, email privacy@moneyloop.ai. We respond within 30 days.

We use a small number of functional cookies to keep you signed in and remember your preferences. We may use first-party product analytics to understand aggregate usage. We do not use advertising cookies and we do not share cookie data with ad networks.

If analytics controls are enabled in your workspace, you can opt out without affecting the rest of the service.

MoneyLoop is not directed at anyone under 16. We do not knowingly collect personal data from minors. If you believe we have collected data from a minor, contact us and we will review and delete it where required.

If you are a California resident, you have the right to know what personal information we have collected, the right to delete it, the right to correct it, the right to opt out of the sale or sharing of personal information, and the right to limit the use of sensitive personal information.

We do not sell personal information and we do not share it for cross-context behavioral advertising. To exercise any California right, email privacy@moneyloop.ai.

For users in the European Economic Area, the UK, and Switzerland, our legal bases for processing are: performance of a contract, compliance with legal obligations, and our legitimate interest in operating the service securely.

For data transferred outside the EEA, we rely on the European Commission’s Standard Contractual Clauses and, where applicable, the UK Addendum. You have the right to lodge a complaint with your local supervisory authority.

We retain payroll and employment records for the period needed to provide the service and satisfy applicable legal, accounting, tax, and dispute-resolution obligations. Account and usage data is retained while your account is active unless a longer period is required for security or legal reasons.

When you request deletion, we remove eligible personal data from live systems as soon as reasonably practical. Backup copies age out on their normal rotation.

If a security incident affects your personal information, we will notify the primary account contact and any regulators as required by applicable law.

We maintain incident-response procedures and will share appropriate follow-up details with affected accounts.

For privacy questions, data requests, or just to tell us we got something wrong: