Payroom

Privacy Policy

Last updated May 9, 2026

Payroom (“Payroom,” “we,” “us”) is operated from Ontario, Canada. We help people understand their household cashflow and decide how much they can safely pay toward bills and credit cards without overdrafting. To do that we connect to your financial accounts, read recent transactions and balances, and present the results in your Payroom account. This policy explains what personal information we collect, how we use it, who we share it with, and the rights you have over it.

Payroom is available to residents of Canada (excluding Quebec) and the United States who are 18 years of age or older. This policy applies to the Payroom web and mobile applications and to payroom.app. It does not apply to any third-party service you may access through Payroom, including your bank or Plaid. Links to the relevant third-party policies are included in the sections below.

1. Information we collect

Information you give us directly

When you create an account or use Payroom you provide us with:

  • Account credentials. Email address and, for email sign-in, a password. We never see a password from Google sign-in — Google verifies you and tells us you are signed in.
  • Profile and onboarding answers. Any information you enter during onboarding, such as confirming or editing detected income, recurring bills, and per-account preferences like protected buffers.
  • Support correspondence. Emails and messages you send to us.

Information we receive from Plaid

With your explicit authorization, Payroom uses Plaid Inc. to connect to your bank. When you link an institution, Plaid collects credentials and multi-factor prompts directly from you and returns a limited set of information to Payroom:

  • Account metadata. Institution name, account nickname, last four digits of the account number, account type (checking, savings, credit card), and current balance.
  • Transactions. Posted and pending transactions (date, amount, merchant description, category) for the accounts you link.
  • Identity details (optional) associated with the linked account, such as the name on the account, used to help you verify which account is which.

Plaid’s handling of your credentials and data is governed by Plaid’s End User Privacy Policy. Payroom never sees or stores your bank login credentials.

Information collected automatically

When you use Payroom we collect technical information needed to operate and secure the service:

  • Device and session data. IP address, browser type and version, operating system, and session cookies used to keep you signed in.
  • Usage events. Anonymous or pseudonymous telemetry about which screens you viewed and actions you took inside Payroom, used to diagnose bugs and improve the product.
  • Error reports. Stack traces and diagnostic context sent to our error-tracking provider when something breaks.

2. How we use your information

We use the information described above to:

  • Provide the core product: aggregate account balances and transactions, forecast your household cashflow, and calculate how much you can safely pay toward bills or credit cards.
  • Detect recurring income and bills and suggest them to you for confirmation.
  • Send you account and product communications you have asked for, including overdraft-risk alerts and bill reminders.
  • Keep Payroom secure: authenticate you, prevent fraud and abuse, and investigate suspicious activity.
  • Diagnose and fix bugs, measure performance, and improve features.
  • Comply with our legal obligations.

We do not sell your personal information, and we do not use your financial data to serve advertising.

3. How we share your information

Payroom shares your information only with service providers acting on our behalf (sometimes called “subprocessors”), with you, and where required by law. Our current subprocessors are:

  • Plaid — secure connection to your financial institutions and transaction retrieval.
  • Supabase — managed PostgreSQL storage and authentication. Your data is stored encrypted at rest.
  • Render — hosting for the Payroom API.
  • Vercel — hosting for the Payroom web application.
  • Sentry — error tracking and diagnostics.
  • Resend — transactional email delivery (alerts, account notifications).

Each subprocessor is contractually bound to use your data only to provide services to Payroom and to protect it with appropriate technical and organizational safeguards. All of these providers are based in the United States; see the Cross-border data transfers section below for what that means for Canadian users.

We may disclose information when required by law, subpoena, court order, or other valid legal process — including orders issued in Canada or the United States — or when we reasonably believe disclosure is necessary to protect the rights, property, or safety of Payroom, our users, or the public.

4. How long we keep your data

We keep your information only as long as we need it to provide Payroom to you, to meet legal obligations, or to resolve disputes.

  • Active accounts. Account, transaction, and forecasting data is retained while your account is active so that forecasts remain accurate and trend history is available to you.
  • Inactive-account deletion.If your account has had no sign-in activity for 24 months we will email you a warning at your registered address with a 30-day notice before permanent deletion. You can cancel the deletion at any time during that 30-day window by signing in to Payroom or clicking “Keep my account” in the warning email. If we do not hear from you within 30 days of the warning, your account is soft-deleted and enters the same 30-day grace window as a self-service deletion; after that grace window your transactional data is permanently purged.
  • Account deletion from Payroom. When you delete your account from the Accounts page in Payroom, we immediately revoke the connection to Plaid for all of your linked institutions and destroy any encrypted Plaid access tokens we hold for you, then soft-delete your account for a 30-day grace window during which you can contact support to restore it; after the grace window we permanently purge your transactional data.
  • Account deletion by email. You can also request deletion at any time by emailing security@payroom.app. We acknowledge email deletion requests within 7 days; at that point we revoke the Plaid connection, destroy encrypted access tokens, and start the same 30-day soft-delete grace window as the self-service flow. Because the 30-day grace window is measured from the soft-delete (not from email receipt) and the hard-purge runs once a night, the worst-case time from email receipt to full deletion is up to 38 days: up to 7 days of acknowledgement, 30 days of grace, and up to 24 hours waiting for the next nightly purge run.
  • Deletion audit record. When a deletion completes we keep a minimal audit record (a one-way SHA-256 hash of the user identifier, the deletion timestamp, and the number of linked institutions revoked) for up to seven years so that we can demonstrate compliance with applicable law if asked. No financial data, email address, or other personal information is retained in this record. The hash is deterministic so we can verify, on request, that a deletion occurred for a specific account when provided with the original identifier — but the record on its own cannot be used to reconstruct who you are.
  • Database backups. Your data may persist in encrypted backups for a short period after deletion while those backups expire on a rolling schedule (currently up to 30 days). During that window the data is not restored into production and is not accessible through Payroom.

5. Your rights and choices

Depending on where you live, Canadian privacy law (PIPEDA, plus Ontario law) and US state privacy laws give you some or all of the following rights in relation to the personal information we hold about you:

  • Access. Ask for a copy of the personal information we hold about you and information about how we use it.
  • Correction. Ask us to correct information that is inaccurate or incomplete. Most profile data (account nicknames, income, bills, account policies) you can correct yourself from inside Payroom; for anything else, contact us.
  • Deletion. Delete your account yourself from the Accounts page, or email us to request deletion. See the retention section above for the full deletion flow, including the 30-day grace window during which you can contact support to restore the account.
  • Withdrawal of consent. Withdraw consent to our continued collection, use, or disclosure of your personal information. Depending on the scope of your withdrawal this may mean we can no longer provide Payroom to you.
  • Disconnect an institution. Disconnect a specific linked institution yourself from the Accounts page — this immediately stops Payroom from fetching new transactions from that institution and destroys the associated Plaid access token. You can also email us; we will process email disconnect requests within the same 7-day acknowledgement window that applies to deletions, at which point the token is destroyed and sync stops.

To exercise any of these rights, email security@payroom.app. We will respond to verified requests within 30 days; if you are a US resident exercising rights under a state privacy law, see section 9 below for the statutory response window that applies.

Verifying your identity. To protect your privacy we may need to verify your identity before acting on a request — typically by confirming it from the email address on file. For sensitive requests (such as deletion or a full data export) we may ask for additional information to match against our records. We will not act on requests we cannot reasonably verify and will tell you why.

Your consent record. We keep a dated, per-event record of each time you accept our Terms of Service and Privacy Policy — at signup, when you authorize a new bank connection, and whenever you accept an updated version of either policy. You can request a copy of your consent history from us at any time using the email above.

If you are in Canada and believe we have not handled your personal information in accordance with PIPEDA, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada.

6. How we protect your information

We use a layered approach to protect your information in transit and at rest:

  • All traffic between your browser or device and Payroom is encrypted using TLS 1.2 or higher.
  • Data is stored in a managed PostgreSQL database that is encrypted at rest with AES-256.
  • Plaid access tokens are additionally encrypted at the application layer using AES-256-GCM before being written to the database.
  • Administrative access to production systems requires multi-factor authentication. The number of people with access is kept to the minimum necessary.
  • End-user accounts require multi-factor authentication (TOTP, via an authenticator app) at signup and at every sign-in, before any financial data is fetched or any institution is linked via Plaid.
  • We monitor our dependencies for known vulnerabilities and patch on a defined schedule.

No security program is perfect. If you believe your account has been compromised or you have discovered a vulnerability, please contact us at security@payroom.app. Our machine-readable security contact is also published at /.well-known/security.txt (per RFC 9116) for researchers using automated disclosure tools.

7. Children

Payroom is not directed to anyone under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

8. Cross-border data transfers

Payroom is operated from Canada but the service providers we use to store data, host the application, send email, and track errors are based in the United States. By using Payroom you acknowledge that your personal information will be transferred to, stored in, and processed in the United States, and that while it is in the United States it is subject to US law — including lawful access by US courts, regulators, and law-enforcement authorities.

We require each of our US-based providers to protect your information with safeguards comparable to those required under Canadian law, and we use only established providers with published security and privacy programs.

9. Applicable privacy laws and geographic availability

Payroom is designed to comply with:

  • The federal Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada.
  • Applicable provincial privacy laws in the Canadian provinces we serve, including Ontario common law and relevant sector legislation.
  • US state privacy laws where applicable, including the California Consumer Privacy Actas amended by the California Privacy Rights Act (“CCPA/CPRA”), and equivalent laws in Virginia, Colorado, Connecticut, Utah, and Texas.

Rights of US residents

US residents in states with a comprehensive consumer privacy law have the following rights in addition to those described in section 5:

  • Right to know the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, the purposes for collection, and the categories of third parties with whom we share it.
  • Right to delete the personal information we hold about you, subject to legal exceptions (for example, where retention is required by law).
  • Right to correct inaccurate personal information.
  • Right to opt out of sale or sharing of personal information, and to limit the use of sensitive personal information.
  • Right to non-discrimination. We will not deny you service, charge you different prices, or provide a different level of quality because you exercised any of these rights.

We do not sell or share your personal information as those terms are defined by the CCPA/CPRA and have not done so in the twelve months preceding the effective date of this policy. We do not use your personal information for cross-context behavioural advertising.

Sensitive personal information.Some of the information we collect is classified as “sensitive personal information” under the CCPA/CPRA — specifically, your financial account information (balances, transactions, and the last four digits of account numbers) retrieved via Plaid. We use this information only to provide the Payroom service described in section 2 above; we do not use or disclose it for any purpose that would trigger the right to limit its use.

Categories of personal information collected.In the twelve months before the effective date of this policy, we may have collected the following categories of personal information (as defined by Cal. Civ. Code §1798.140): identifiers; commercial information; internet or other network activity information; geolocation data (approximate, derived from IP); financial information (including CA customer-record categories under §1798.80(e)); and inferences drawn from the above to support forecasts and safe-payment recommendations. The sources, purposes, and sharing categories are described in sections 1, 2, and 3 of this policy.

Response times. We respond to verified requests within 45 days of receipt. If we need more time we will tell you before the initial 45-day window expires and may extend by up to an additional 45 days as permitted by law.

To exercise any of these rights, email security@payroom.app. If we deny your request, you may appeal by replying to our response; we will review and answer your appeal within 45 days.

Quebec availability

Payroom is not currently available to residents of Quebec. If you are a resident of Quebec, please do not create an account; we are not structured today to comply with Quebec’s Act Respecting the Protection of Personal Information in the Private Sector (Law 25) and we do not accept users from Quebec until we are. We will announce availability in Quebec once the required controls are in place.

10. Changes to this policy

We may update this policy from time to time. If we make material changes we will notify you by email or through an in-app prompt before the changes take effect, and we will ask you to re-accept the updated policy if required. The “Last updated” date at the top of this page always reflects the current version.

11. Contact us and our Privacy Officer

Payroom’s Privacy Officer is accountable for our compliance with this policy and with applicable Canadian privacy law.

  • Privacy Officer: Mark Tawfik, Privacy Officer
  • Email: security@payroom.app
  • Mailing address: 462 William Dunn Cres, Newmarket, ON, Canada, L3X 3L2

For any privacy question, request, or complaint, reach us using the email above. We will acknowledge your message promptly and respond within 30 days.