Privacy Policy
This Privacy Policy (“Policy”) describes how Paychex, Inc. and our subsidiaries and affiliates, with its corporate offices located at 911 Panorama Trail South, Rochester, NY 14625 (“Paychex,” “we,” “us,” or “our”), transmit, use, share and protect business, financial, and personal information. This Policy applies to all information provided, transmitted, or submitted to Paychex, including in connection with the services provided to or on behalf of You or our clients (“Services”), when you interact with us, and/or on this website and mobile applications (“Site”).
Data privacy, and the privacy of the information provided, is important to us. We use reasonable care to protect data provided to us by or on behalf of our clients or prospective clients (“Clients”) and their workers or from visitors of our Site (collectively “You” or “Your”) from loss, misuse, unauthorized access, disclosure, alteration, and untimely destruction. This Policy governs personal information collected, processed, or disclosed by Paychex for its own purposes as well as information provided to us as a service provider for our Clients. It protects information collected online as well as offline. We may receive personal information from our Clients about their current and/or prospective workers, as well as workers’ dependents and/or family members as needed to provide Services. Paychex will collect and process Your personal information as instructed or permitted by our Clients or in accordance with this Policy.
We do not grant access to personal information except as set forth herein. We do not share or sell personal information provided or transmitted to our Site with any third parties for their own marketing purposes. At times, we will provide links to other websites not affiliated with Paychex. We encourage You to be aware when You leave our Site, and to read privacy policies regarding how third parties may use or process Your information.
What Information is Collected
We collect information that we need to provide our Services, when you interact with us, to administer and improve the Site or our Services or to create and offer new products, for research purposes, and to fulfill any legal and regulatory requirements.
The categories of personal information that we may collect include the following:
- Contact information to allow us to communicate with You or to provide the Services
- Financial and bank account information as needed to provide the Services
- Social Security number, date of birth, name, address, email address, phone number, including mobile phone number, and other details as needed to provide the Services
- Credit, debit, or payment card information if used
- Credit or debt history regarding creditworthiness or credit history, with proper disclosures
- Health and benefits information, which may include health plan numbers, beneficiary or dependent identification and contact information, and other health information as needed to provide the Services
- Employment history and application information submitted through our recruiting and applicant tracking Service
- Geolocation data, including Your IP address, to provide Services or if geolocation Services are enabled for time and attendance tracking
- Other information as needed to provide specific Services, enhance our Services, or to create and offer additional products or services, including with business partners
- Other information and documentation provided as part of Paychex’ customizable fields or Services, to be stored within the Site and Services, which may include personal information, personal health information, and/or other human resource information Client seeks to collect and retain through the Site. Clients are responsible for the maintenance and retention of any information or documentation stored with Paychex’ customizable features
How Personal Information is Collected or Transmitted
To access or use certain information, features, or Services, You may be required to provide personal information. Personal information is primarily collected, submitted, and/or transmitted:
- When a Client provides it to Paychex to facilitate the processing of the Services
- From You when You utilize the Site or Services
- From applications, forms, webinars, surveys, and other information You provide us
- If You provide us with comments or suggestions, interact with us, request information about our Services, or contact our customer service or support departments via phone, email, chat or other forms of communication
- From consumer and business reporting agencies regarding Your creditworthiness or credit history
- Between Paychex, its business partners, and third party vendors
- From information You may provide via Social Media. For information regarding safe and productive participation in our social media community, view our Social Media Guidelines
How Personal Information is Used
We may process personal information to:
- Facilitate current, prospective, or former employer requested Services, transactions, investments, rewards, distributions and/or benefits
- Administer and improve our Site
- Facilitate applicant tracking and recruitment
- Facilitate billing and collections
- Contact Clients and consumers with information on Services, new Services or products, or upcoming events, including via SMS or MMS text messaging if mobile phone number is provided for that purpose
- Offer advanced analytics and insights to Clients
- Market services to Clients and current and prospective consumers, and for auditing those interactions
- Detect fraud or theft or for other security purposes
- Comply with legal, reporting, and regulatory requirements
- Maintain, manage, or service accounts
- Provide customer service or support
- Verify consumer identity as well as eligibility to receive services, information, and products
- Conduct research, assessments, and analytics relating to our services and develop new products and technological improvements
- Send transactional communications as part of our Services
- Improve, upgrade, or enhance our services or business operations
- Administer quality and safety maintenance for our Site or services
- For other purposes that are compatible with this Privacy Policy or where permitted by applicable law
- In any other way we may describe when You provide the information, or for which You provide authorization
Parties with Whom Information May Be Shared
Information is shared to facilitate the Services requested by or on behalf of our Clients or for our business operations. We may share information with:
- Our affiliates, partners, or subsidiary organizations
- Government agencies to fulfill legal, reporting, and regulatory requirements
- Attorneys, accountants, and auditors
- Credit reporting agencies to supply vendor references on Client’s behalf or to provide credit related Services as requested by You
- Our employees, affiliated companies, subsidiaries, contractors, agents and third-party partners and vendors to perform Services related to Your account, to offer additional services, perform analysis to determine qualification to receive other services, collect amounts due, or for our business operations
- Third-party providers for services that You may sign-up for via our Site or Services or other business partners with whom we work with to develop or market certain products or services
- Banking and brokerage firms to process payroll-related and/or securities transactions
- To a buyer or successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred
- Credit bureaus and similar organizations, law enforcement or government officials. We reserve the right to release information if we are required to do so by law or if, in our business judgment, such disclosure is reasonably necessary to comply with any court order, law, or legal process, in a fraud investigation, an audit or examination
- Health and welfare providers in support of benefit Services
- Cloud providers, customer management platforms, security providers, and similar services in connection with providing products, Services and in the support of daily operations
- Any other entity disclosed by Paychex when You provide the information, or for which You provide authorization
Data Retention
We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including but not limited to the provision of Services, transactions requested by, or on behalf of, Clients, and necessary and essential business purposes such as complying with our legal obligations, maintaining business and financial records, resolving disputes, maintaining security, developing products and services, detecting and preventing fraud and abuse, and enforcing our agreements.
Artificial Intelligence
We may utilize and/or offer access to artificial intelligence tools, products, and/or services (“AI”) for various purposes including to provide our Services, interact with You, improve efficiency and our business operations, and/or for the business purposes detailed in this Policy. Your interactions with us, information provided during the course of Services, and any information You provide to our AI technology may be collected and used as set forth in this Policy. We may combine personal information from You with data we obtain from our Clients and external sources. When training, testing, validating and/or aligning our own AI models and our third-party AI models, we take appropriate steps to mitigate potential privacy impacts in compliance with applicable law. We will not use Your personal information to train models (via generative artificial intelligence) unless we obtain Your consent. To the extent that we use such information to fine-tune or train AI, we will do so just to provide services to you. We do not use your personal information for automated decision-making or profiling.
Your use of AI tools is dependent upon the information that You and/or our Clients submit for the Services. You are responsible for ensuring the accuracy of all data input into such tools and for confirming the accuracy and validity of any output. You acknowledge that our tools are not intended or designed to replace or override human decision-making and You may not use our tools to make or substantially assist with any legal, financial, or employment decisions. Once authorized, such tools may capture, record and transcribe Your information, comments, and/or voice. We will treat all voice interactions and transactions as though You authorized them, and as though they are authorized interactions and transactions, even if another voice or person initiated or completed them. Furthermore, Paychex does not guarantee the accuracy of content produced via AI.
Biometrics – Collection, Transmission, Retention and Destruction
For the purposes of this Policy, “biometrics” may include an individual’s physiological characteristics that can be used, singly or in combination with each other or with other identifying data, to establish individual identity. Examples of biometrics may include, but are not limited to, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which a template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted.
In addition, the workers/users of Clients that use Paychex timekeeping devices may provide an iris, finger scan and/or facial geometry scan as part of the timekeeping process, which the technology converts into a mathematical, encrypted algorithm, or template. These templates are sometimes called “biometrics.” For purposes of this Policy, Paychex broadly includes within the term “biometrics” the templates created in the timekeeping process and treats the templates as if they are considered “biometrics” under applicable laws, even if they do not constitute biometrics under any particular law.
Through this Policy and in other ways, Paychex complies with laws relating to biometrics.
However, notwithstanding anything Paychex does for its own compliance with laws relating to biometrics, Clients are solely responsible for their own compliance with all applicable laws and regulations relating to biometrics, including, without limitation, the collection, possession, use, capture, access, storage, disclosure, retention, transmission, and/or permanent destruction and/or use of biometrics, and with respect to Client’s use of Paychex products and Services for which Client’s workers/users provide biometrics. Without limiting the foregoing, to the extent required by law, Clients should provide their workers and users of biometric timekeeping devices with notice of Client’s use of biometrics. Clients should also obtain any necessary informed consents and authorizations from their workers/users. These consents should be valid, compliant with applicable law, and authorize Clients and their vendors (including Paychex) to collect, possess, capture, access, disclose, retain, store, use, and/or transmit biometrics.
Some details about biometrics:
Collection of Templates
- Templates generated during the timekeeping process as described above are collected by Clients using Paychex’ timekeeping products and services. While some may consider the templates to be biometric information or identifiers, Paychex does not consider them to be so.
- Some laws require employers to provide workers with notice of the use of biometrics in timekeeping and to obtain worker consent.
- Paychex timekeeping devices have “notice and consent” screens that users and workers must agree to during the enrollment process. Workers/users who do not provide this consent will not be able to use any biometric feature of the device (i.e., finger scan, iris scan, or facial geometry recognition). Clients must also ensure that they are meeting their own obligations to gather informed consent from their workers/users and otherwise comply with any applicable laws or regulations.
- If a Client’s worker/user is using biometrics to record time, Paychex will presume the above notices and consent processes are being followed at Client’s worksite.
- Note: Some applications allow the use of a smartphone device, and the device itself collects biometrics for access to the application. The consent process is part of the smartphone and is controlled by the user/worker. When smartphone devices are used, geolocation information may be provided to Client to ensure that workers/users are located at their appropriate work location.
Template Transmission and Storage
- Following collection at Client’s worksite, the resulting templates are stored in the timekeeping device, and are also stored by Clients on a database hosted by either the Client, Paychex, or a third-party web hosting service.
- Paychex requires that Clients use reasonable care related to the transmission by Clients or storage by Clients of templates and biometrics on any Paychex-hosted or third-party database.
- To the extent Paychex provides transmission between itself and Clients or hosts Clients’ storage of biometrics, it uses reasonable standards of care within Paychex’ industry, and which are the same as the manner in which other confidential and sensitive information is transmitted and stored.
- Paychex does not sell, lease, trade, or otherwise profit from biometrics.
- Upon Client request, Paychex collects latitude and longitude coordinates from the device as part of the timekeeping process when geolocation services are enabled.
Template Destruction
- Templates are and shall remain the property of Client. Clients are responsible for template destruction when the template is no longer needed or within one (1) year from Client’s last contact with a worker/user, whichever is first.
- Paychex will not access or view templates under any circumstances without express Client permission, and then only for purposes provided for in Client agreements.
- When instructed by its Clients to destroy templates, Paychex will promptly comply with that request. Paychex will destroy the templates of former or inactive Clients who fail to destroy such data, within a reasonable time period after Paychex’ last interaction with the Client. All templates are destroyed through an automated process that does not involve Paychex accessing the templates themselves.
How Cookies and Other Related Technologies Are Used
Our Site uses cookies and similar technologies. A “cookie” is a piece of data that our Site may provide to Your browser when You visit our Site. The information stored in a cookie may be used for user convenience purposes and/or Site functionality, such as reducing repetitive messages, tracking helper tool versions, and retaining user display preferences. If a user rejects a cookie, they may be unable to use certain features of our Site.
We use session cookies to limit popup windows to a single browser instance. We may also use Java scripting in cooperation with cookies and “spotlight images,” “pixel tag,” or “web beacons” to track Site traffic and email responses. A “spotlight image,” “pixel tag,” or “web beacon” is an electronic image, called a 1-by-1 pixel or clear GIF, that can recognize certain types of information on Your computer or device, such as Your cookie number, time and date of page view or location.
During Your interaction, a Service may automatically collect information from Your activity or device including:
- Computer, device, and connection information, such as browser type and version, operating system and other software installed on Your device, mobile platform and unique device identifier and other technical identifiers, including IP addresses, error reports and performance data
- Usage data such as user preferences including features, settings, date and time stamps, and pages visited
Paychex uses third-party service providers who use cookies, web beacons, and similar technologies to collect, transmit, or receive information from our Site and elsewhere on the internet to improve our Site, Services, user experience, and for our own marketing purposes, including but not limited to, Google Analytics. For more information regarding how Google uses information from sites that use its service, please visit Google’s privacy policy.
If You are simply browsing or navigating through our Sites, information about Your computer and the pages You visit on our Site is transmitted and may be collected by Paychex. This data is often referred to as clickstream or navigation data. We use this information for research, analysis, and reporting so that we can improve our navigation, page structure, and page content to help visitors find information more quickly and provide more value when they find what they are looking for on our Sites. Additionally, as You interact with different pages and content on our Site, this behavioral data may be tracked and used to provide targeted content and Site recommendations. If You use an account to access our Site or Services, Paychex may also use certain technologies to record Your mouse movement, clicks, page visits, and screen information to enhance Your experience, for our own security purposes, and to improve our Site or Services. We may share this information with third parties as necessary for our business purposes. You consent to our use of this technology when You login to Your account.
The following are things You can do while visiting our Site to limit the sharing of Your information:
- Disable cookies within Your browser before visiting our Site:
- Choose not to submit information via web forms located within our Site;
- Choose not to enroll in or purchase our products or Services;
- Choose not to “opt-in” to certain programs that are available on our Sites;
- Choose not to complete any surveys available on our Site.
Aggregated, Non-Personal or Non-Identifiable Information
We may collect or process general, non-personal, or statistical information about the users of the Site, our Services, and our related products and services. We may also deidentify, anonymize, and/or aggregate certain personal information collected from or about users of our Site, our Services, or when You interact with us. We may process and disclose this information without restriction (so long as no attempt to re-identify the data is made).
Do Not Track
Some browsers support a “Do Not Track” (“DNT”) feature, a privacy preference that You can set in certain web browsers, which is intended to be a signal to websites and services that You do not wish to be tracked across different websites or online services You visit. Our Site does not operate any differently when it receives DNT signals from your internet web browser.
Children Under 13 Years of Age
This Site is not intended for children under 13 years of age. We do not knowingly collect and/or transmit any personal information from children under 13 years of age. All dependent data needed for benefits enrollment shall be provided by the employee/guardian and kept secure as indicated in this Policy. If you are under 13 years old, you should not use our Site.
Security
Paychex uses reasonable care to protect the confidentiality, integrity, and availability of Your information. We continue to invest in our award-winning security capabilities, including personnel security and physical security; system security, access control, and monitoring; data backup and business continuity management; and vulnerability and intrusion detection. Specifically, we:
- Maintain policies and procedures covering physical and logical access to our workplaces, systems, and records
- Apply physical, electronic, and procedural safeguards aligned with industry-standard practices
- Utilize virus detection and prevention, firewalls, and other computer hardware and software to protect against unauthorized access to or alteration of Your information
- Encrypt sensitive information transmitted over the internet
- Ensure that only employees with a legitimate business reason have access to Client information, through formal approval processes, access controls, and internal auditing
- Require information security awareness training for employees upon hire, annually thereafter, and to apply this training to their jobs every day
- Provide ongoing training and awareness to our employees about security best practices, including internal phishing simulations for education and testing purposes
- Employ advanced technologies for the backup and recovery of Your information
- Monitor compliance with established policies through ongoing security risk assessments and internal audits
While we help protect the security and integrity of Your information through procedures and technologies designed for this purpose, the safety and security of Your information also depends on You. We may give You, or You may choose, account credentials to access certain parts of our Site or Services. It is solely Your responsibility to maintain the security and confidentiality of Your account credentials and the information and Services accessible through Your account and the Site. You are not permitted to share or sell Your account credentials to any third-party, unless authorized. If You suspect fraudulent or abusive activity relating to Your account, or if Your credentials have been lost, stolen or compromised in any way, You should immediately change Your potentially compromised credentials and notify Paychex and Your employer.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect Your personal information, Paychex cannot guarantee the security of any information transmitted to us. Any transmission of information is at Your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Site.
For additional information about our commitment to protecting the security and integrity of Your information, please refer to our Security page.
Accessibility
Meaningful inclusion is very important to us, including providing reasonable accommodations for persons with disabilities. If You need assistance or have any questions, please send them to accessibility@paychex.com.
How to Access and Correct Your Information
Keeping Your information accurate and up-to-date is very important. Clients can review and correct account information on the Site, or by contacting a customer service representative. If You have an account on the Site, You may be able to make changes to Your information using the online tools, after logging in. Changes to information regarding a worker’s dependent(s) or family member(s) must be completed by the worker and/or the worker’s employer.
California Consumer Privacy Rights
If You do business in California or are a consumer in California, please visit our CCPA Privacy Policy for more information regarding our processing of Your information. The CCPA Privacy Policy is incorporated by reference herein.
Changes to This Privacy Policy
This Policy may be revised from time to time due to legislative changes, changes in technology, our privacy practices, or new uses of Your information not previously disclosed in this Policy. We reserve the right to update this Privacy Policy in our sole discretion at any time, with or without advance notice, unless otherwise required by law. Revisions are effective upon posting and Your continued use of this Site or our Services will indicate Your acceptance of those changes. Please refer to this Policy regularly.
Contact Information
If You have any comments, concerns or questions about this Privacy Policy, please contact Paychex at: Privacy_Office@paychex.com.
Last Updated; June 3, 2025
Paychex, Inc
911 Panorama Trail South, Rochester, NY 14625.