Legal

WhizFlow Privacy Policy

Effective Date: March 19, 2026

Important: This document is a business-ready draft based on the current WhizFlow product behavior visible in the codebase. Replace bracketed placeholders before publication and have counsel review it for applicable privacy laws, including U.S. state privacy laws, GDPR/UK GDPR, and any payroll or employment-related obligations that apply to your customers.

[Company Legal Name], doing business as WhizFlow ("WhizFlow," "we," "us," or "our"), provides workflow software for payroll, time reporting, file intake, report delivery, accounting integrations, and related business operations. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use the WhizFlow platform, website, applications, and related services (collectively, the "Services").

1. Scope

This Privacy Policy applies to personal information we collect:

  • from users, administrators, and invited users of WhizFlow accounts;
  • from customer-uploaded files, contact records, and workflow activity submitted to the Services;
  • through integrations, support communications, billing events, and system logs; and
  • through our website, login pages, and related online properties that link to this Privacy Policy.

This Privacy Policy does not govern third-party sites, services, or integrations that have their own policies.

2. Information We Collect

Depending on how the Services are used, we may collect the following categories of information.

A. Account and profile information

  • name;
  • work email address;
  • password and password-related metadata;
  • organization name;
  • role, permissions, invitation status, and account status;
  • login history and last-login timestamps.

B. Contact and client information

  • client or account names and external IDs;
  • contact names;
  • email addresses;
  • mobile numbers;
  • delivery preferences and report-recipient settings;
  • notes and account configuration details.

C. File and workflow information

  • uploaded documents and file contents;
  • payroll, time, ACH return, PDF, CSV, Excel, IIF, and similar operational files;
  • file names, paths, sizes, types, processing status, and related metadata;
  • PDF password values and report scheduling information;
  • workflow, task, queue, and audit activity associated with your use of the Services.

D. Integration and configuration data

  • QuickBooks or other accounting integration metadata and connection state;
  • email delivery configuration, sender settings, and recipient settings;
  • SFTP usernames, directory information, and transfer metadata;
  • billing and subscription status information.

E. Device, technical, and usage data

  • IP address;
  • browser and device information;
  • session identifiers and authentication cookie/session data;
  • application logs, error logs, and service diagnostics;
  • approximate geolocation inferred from IP, where used for security or fraud prevention.

F. Billing and payment information

If you pay for the Services, payment card data is generally processed by our payment processor and not stored in full by WhizFlow. We may receive billing-related information such as customer name, billing email, subscription status, invoice status, and limited payment metadata from our payment processor.

3. Sources of Information

We collect personal information:

  • directly from you;
  • from your employer, organization, or account administrator;
  • from other authorized users within your organization;
  • from files, records, or contacts uploaded to the Services;
  • from integrated third-party systems you connect to the Services; and
  • automatically through operation of the Services.

4. How We Use Information

We may use personal information to:

  • provide, operate, maintain, and secure the Services;
  • authenticate users and manage accounts, roles, invitations, and sessions;
  • ingest files via web upload, SFTP, APIs, or other supported methods;
  • process, convert, route, and deliver reports, files, and workflow outputs;
  • send transactional emails, verification messages, password reset messages, invitations, and service notifications;
  • support integrations such as accounting platform connectivity and billing;
  • troubleshoot issues, monitor performance, prevent abuse, and enforce our agreements;
  • improve product functionality, reliability, and user experience;
  • comply with law, resolve disputes, and protect the rights, safety, and property of WhizFlow, our users, and others.

We do not use customer-uploaded payroll and workflow data for advertising or to build unrelated public marketing profiles.

5. Cookies and Similar Technologies

We use cookies and similar technologies that are reasonably necessary to operate the Services, including authentication cookies, session management technologies, and security-related mechanisms. We may also use limited technical tracking necessary for service administration, diagnostics, and abuse prevention.

If you deploy WhizFlow on public-facing properties that use analytics or marketing cookies not described here, this Privacy Policy should be updated before publication.

6. How We Disclose Information

We may disclose personal information:

  • to service providers and infrastructure vendors that help us host, secure, operate, email, support, bill, or monitor the Services;
  • to integration providers you choose to connect, such as accounting or payment platforms;
  • within your organization, including administrators and authorized users;
  • in connection with a merger, financing, acquisition, reorganization, sale of assets, or similar transaction;
  • to comply with law, legal process, or enforceable governmental request;
  • to protect the rights, safety, and security of WhizFlow, our users, or others; and
  • with your direction or consent.

We do not sell personal information for money. We do not share personal information for cross-context behavioral advertising based on the current product configuration reflected in the codebase review.

7. Data Retention

We retain personal information for as long as reasonably necessary to provide the Services, fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, enforce our agreements, and maintain appropriate business records.

Retention periods may vary depending on:

  • account status and subscription state;
  • legal, tax, payroll, accounting, and recordkeeping requirements;
  • backup and disaster recovery practices; and
  • security, fraud-prevention, and audit requirements.

8. Security

We use administrative, technical, and organizational measures designed to protect personal information, including access controls, authentication measures, tenant-isolation controls, and other safeguards appropriate to the nature of the Services.

No method of transmission or storage is completely secure. You are responsible for keeping credentials secure, using strong passwords, controlling recipient lists, and securing systems that connect to the Services.

9. International Transfers

Your information may be processed in countries other than the country where you are located, including countries where our vendors or infrastructure providers operate. Where required by law, we will use appropriate safeguards for cross-border transfers.

10. Your Privacy Rights

Depending on your location, you may have rights to request access, correction, deletion, portability, or restriction of certain personal information, or to object to certain processing.

Because WhizFlow is a business platform, we often process personal information on behalf of our customers. If your information is controlled by a WhizFlow customer, we may direct your request to the relevant customer or account administrator.

To submit a privacy request, contact [Privacy Contact Email].

11. Children's Privacy

The Services are intended for business use and are not directed to children under 13, or under the minimum age required by applicable law. We do not knowingly collect personal information directly from children for consumer use.

12. Third-Party Services

The Services may include links to, or integrations with, third-party services. Their privacy practices are governed by their own policies. We encourage you to review the applicable third-party privacy notices, especially for payment processing, accounting integrations, email providers, and hosting providers.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated version and update the effective date. Where required by law, we will provide additional notice or obtain consent.

14. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact:

[Company Legal Name]
[Mailing Address]
[Privacy Contact Email]
[Support Email]

Publication Checklist

Before publishing, replace:

  • [Company Legal Name]
  • [Mailing Address]
  • [Privacy Contact Email]
  • [Support Email]
Looking for terms? See our End User License Agreement.