Privacy Policy

Last updated: March 24, 2026

This Privacy Policy describes how Zimyo Inc., a Delaware corporation ("Zimyo," "we," "us," or "our"), collects, uses, shares, and protects your personal information when you use our website at zimyo.us, our platform, and related services (collectively, the "Service"). This policy applies to all users of the Service within the United States.

By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Service.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, work email address, job title, company name, company size, and phone number when you register or contact us.
  • Employee Data: Information you enter about your employees, including names, addresses, Social Security Numbers, tax filing status, bank account details for direct deposit, compensation data, and employment records. This data is provided by you as the employer.
  • Billing Information: Payment card details and billing address, processed securely through our PCI-compliant payment processor. We do not store full card numbers on our servers.
  • Communications: Messages, feedback, and support requests you send to us.

1.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, actions taken, timestamps, and session duration.
  • Device Information: Browser type, operating system, screen resolution, and device identifiers.
  • Network Data: IP address, approximate geographic location (city/state level), and referring URL.
  • Analytics Data: We use Google Analytics to collect aggregated usage statistics. Google Analytics uses cookies to track interactions. You can opt out using the Google Analytics Opt-out Browser Add-on.

1.3 Information from Third Parties

  • Integrations: If you connect third-party services (payroll providers, benefits platforms, accounting software), we may receive data from those services as authorized by you.
  • Public Sources: We may collect publicly available business information to improve our service offerings.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service, including AI-powered HR operations.
  • Process payroll, tax filings, and compliance-related tasks as directed by you.
  • Communicate with you about your account, service updates, and support requests.
  • Send product announcements, feature updates, and marketing communications (with your consent; you may opt out at any time).
  • Detect, prevent, and respond to security incidents, fraud, and abuse.
  • Comply with legal obligations, including tax reporting and employment law requirements.
  • Improve our AI models using anonymized, aggregated data that cannot identify individuals.
  • Conduct internal analytics and research to improve service quality.

3. How We Share Your Information

We do not sell your personal information. We share your information only in these circumstances:

  • Service Providers: With trusted third-party vendors who perform services on our behalf (cloud hosting, payment processing, email delivery, analytics). These providers are contractually bound to use your data only for the services they provide to us.
  • Legal Compliance: When required by law, regulation, legal process, or governmental request, including tax authorities (IRS, state agencies) for payroll processing.
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred. We will notify you via email before your data is subject to a different privacy policy.
  • With Your Consent: When you explicitly authorize sharing with a third-party integration or partner.
  • Safety and Protection: To protect the rights, property, or safety of Zimyo, our users, or the public as required or permitted by law.

4. Data Security

We implement industry-standard security measures to protect your data:

  • All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
  • Sensitive data at rest (Social Security Numbers, bank account details) is encrypted using AES-256 encryption.
  • Access to production systems is restricted to authorized personnel with multi-factor authentication.
  • We conduct regular security assessments and vulnerability testing.
  • Employee access to customer data follows the principle of least privilege.
  • All access to customer data is logged and auditable.

While we take extensive measures to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but will notify affected users promptly in the event of a data breach, in accordance with applicable state notification laws.

5. Data Retention

  • Account Data: Retained for the duration of your active subscription plus 30 days after cancellation for data export.
  • Employee and Payroll Data: Retained as required by federal and state tax laws (typically 4 to 7 years depending on record type and jurisdiction).
  • Audit Logs: Retained for 3 years for compliance and security purposes.
  • Analytics Data: Aggregated analytics data is retained indefinitely. Individual session data is retained for 26 months.
  • Marketing Data: Retained until you unsubscribe or request deletion.

After the applicable retention period, data is permanently deleted from our systems, including backups, within 90 days.

6. Your Privacy Rights

Depending on your state of residence, you may have specific privacy rights under state law, including the California Consumer Privacy Act (CCPA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act, and similar state legislation. These rights may include:

  • Right to Know: Request a description of the personal information we have collected about you, including the categories, sources, purposes, and third parties with whom it has been shared.
  • Right to Access: Request a copy of your personal information in a portable, machine-readable format.
  • Right to Delete: Request deletion of your personal information, subject to legal retention requirements.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt Out: Opt out of the sale or sharing of personal information. Note: Zimyo does not sell personal information.
  • Right to Non-Discrimination: Exercise your privacy rights without receiving discriminatory treatment.

To exercise any of these rights, contact us at privacy@zimyo.us. We will respond to verified requests within 45 days. If additional time is needed, we will notify you of the extension and the reason.

7. Cookies and Tracking Technologies

We use the following types of cookies:

  • Essential Cookies: Required for the Service to function (authentication, security, session management). These cannot be disabled.
  • Analytics Cookies: Google Analytics cookies to understand how visitors use our website. These collect aggregated, anonymous data.
  • Preference Cookies: Remember your settings (theme, language) for a better experience.

We do not use third-party advertising cookies or tracking pixels. You can manage cookie preferences through your browser settings. Disabling essential cookies may affect Service functionality.

8. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child under 18, we will promptly delete it. If you believe a child has provided us with personal information, please contact us at privacy@zimyo.us.

9. International Data

The Service is hosted and operated in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We do not currently offer the Service to users in the European Economic Area (EEA) or United Kingdom, and we do not process data subject to the GDPR.

10. AI and Automated Decision-Making

Our Service uses AI agents to assist with HR operations. Regarding data and AI:

  • AI agents process employee data only as directed by you to perform HR tasks (payroll, onboarding, performance reviews).
  • We do not use your employee data to train AI models for other customers. Each customer's data is isolated.
  • AI-generated recommendations (compliance alerts, performance review drafts) are suggestions only and require human approval before implementation.
  • We use anonymized, aggregated data across our customer base to improve the general performance and accuracy of our AI systems. No individual employee or company can be identified from this aggregated data.
  • You may request a human review of any AI-assisted decision by contacting support@zimyo.us.

11. Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. There is currently no industry standard for responding to DNT signals. Our Service does not alter its data collection practices in response to DNT signals. We limit tracking to the analytics described in this policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to the address on your account at least 30 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

13. Contact Us

For questions, concerns, or requests regarding this Privacy Policy, contact us at:

Zimyo Inc.
United States
Email: privacy@zimyo.us
Website: zimyo.us

If you are not satisfied with our response, you may file a complaint with your state's Attorney General or relevant data protection authority.