Privacy Policy

NannyKeeper, Inc. ("NannyKeeper," "we," "us," or "our") operates the NannyKeeper household employer payroll and tax compliance platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using NannyKeeper, you consent to the data practices described in this policy.

We are committed to protecting your privacy and handling your data with transparency. Given the sensitive nature of payroll and tax information, we employ industry-leading security measures to protect your data.

1. Information We Collect

1.1 Employer Information

When you register as a household employer, we collect:

• Full legal name, email address, and phone number
• Home address (street, city, state, ZIP code)
• Social Security Number (SSN) for tax reporting purposes
• Employer Identification Number (EIN) if applicable
• Payment and billing information (processed by Stripe)
• State tax registration information

1.2 Employee Information

For each household employee (nanny, caregiver, etc.) you add:

• Full legal name, date of birth, and contact information
• Home address and work state
• Social Security Number (SSN) for tax withholding and W-2 generation
• Employment details (pay rate, schedule, start date)
• W-4 tax withholding elections
• Bank account information for direct deposit (routing and account numbers)

1.3 Payroll and Tax Information

• Hours worked, wages paid, and payment history
• Federal, state, and local tax withholdings
• Year-to-date earnings and tax summaries
• Generated tax documents (pay stubs, W-2s, Schedule H)
• Tax payment confirmations and filing records

1.4 Nanny Referral Program

If you participate in our nanny referral program, we collect:

• First name and email address
• Referral activity (links shared, employers referred)
• Reward history and fulfillment status
• Marketing email consent preference

This information is used to administer the referral program, fulfill rewards (via Amazon gift cards), and send program-related communications. We may share your email with gift card fulfillment providers (e.g., Amazon, Tremendous) solely for reward delivery. You may request deletion of your referral profile by contacting us at the email below.

1.5 Technical Information

• IP address, browser type, and device information
• Usage data and interaction with our Service
• Cookies and similar tracking technologies

2. How We Use Your Information

We use the information we collect to:

• Calculate payroll, taxes, and withholdings in compliance with federal and state laws
• Generate required tax documents (W-2s, Schedule H, quarterly tax summaries)
• Process direct deposit payments to employees
• Send reminders about tax filing deadlines and provide guidance
• Send transactional emails (pay stubs, tax reminders, account notifications)
• Process subscription payments and manage your account
• Provide customer support and respond to inquiries
• Comply with legal obligations and respond to lawful requests
• Improve our Service and develop new features
• Detect and prevent fraud or unauthorized access

3. Data Security

We implement robust security measures to protect your sensitive information:

• Encryption at Rest: Social Security Numbers, EINs, and bank account information are encrypted using AES-256-GCM, a military-grade encryption standard
• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3
• Access Controls: Row-level security ensures you can only access your own data; employees can only view their own records
• Audit Logging: All access to sensitive data is logged for security monitoring and compliance purposes
• PCI Compliance: Payment information is processed by Stripe, a PCI-DSS Level 1 certified payment processor; we never store your credit card details
• Regular Security Assessments: We conduct ongoing security reviews and vulnerability assessments

While we implement industry-standard security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the fullest extent possible.

4. Third-Party Service Providers

We share your information with trusted third-party service providers who assist in operating our Service:

4.1 Stripe (Payment Processing)

Stripe processes subscription payments and facilitates direct deposit transfers. They receive employer billing information and employee bank account details for ACH transfers. Stripe is PCI-DSS Level 1 certified. See Stripe's Privacy Policy.

4.2 Stripe Connect (Bank Verification & ACH Transfers)

Stripe Connect verifies employee bank accounts and processes direct deposit ACH transfers. They receive bank account details solely for verification and payment processing. See Stripe's Privacy Policy.

4.3 Supabase (Cloud Infrastructure)

Supabase provides our database infrastructure and authentication services. All data is encrypted at rest and in transit. See Supabase's Privacy Policy.

4.4 Resend (Email Communications)

Resend delivers transactional emails including pay stubs, tax reminders, and account notifications. They receive email addresses and message content. See Resend's Privacy Policy.

All third-party providers are contractually obligated to protect your data and use it only for the purposes we specify. We do not sell your personal information to third parties.

5. Data Retention

We retain your information for as long as necessary to provide our Service and comply with legal obligations:

• Tax Records: We retain payroll and tax records for a minimum of 7 years as required by IRS regulations and state tax authorities
• Account Data: We retain account information for as long as your account is active, plus 7 years after closure for tax compliance
• Audit Logs: Security and access logs are retained indefinitely for compliance and fraud prevention
• Marketing Data: You may opt out of marketing communications at any time; we will honor your preferences within 10 business days

6. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

6.1 California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and disclose
• Request deletion of your personal information (subject to legal retention requirements)
• Opt out of the "sale" or "sharing" of personal information (we do not sell your data)
• Non-discrimination for exercising your privacy rights
• Correct inaccurate personal information
• Limit use of sensitive personal information to purposes necessary for the Service

To exercise these rights, contact us at privacy@.... We will respond within 45 days.

6.2 Other U.S. State Privacy Laws

Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws have similar rights to access, correct, and delete their personal information. Contact us to exercise these rights.

6.3 All Users

• Access and download your data through your account settings
• Update or correct your personal information at any time
• Close your account (tax records will be retained as required by law)
• Opt out of non-essential communications

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your session and authenticate your identity
• Remember your preferences and settings
• Analyze usage patterns to improve our Service
• Ensure security and prevent fraud

Essential cookies are required for the Service to function. You may disable non-essential cookies through your browser settings, but this may affect functionality.

8. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

9. International Data Transfers

NannyKeeper is based in the United States and our Service is designed for U.S. household employers. If you access our Service from outside the United States, your information will be transferred to and processed in the United States, which may have different data protection laws than your country of residence.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and/or by posting a notice on our website prior to the change becoming effective. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: