Privacy & Security
A Commitment to Privacy and Security
At Paychex, the safety and security of your personal and account information are among our top priorities.
Our Part: How Paychex Protects You
We help keep your personal and account information secure by adhering to top-rated security protocols*
*Industry-leading “A” rating by Security Scorecard
We help protect against unauthorized access and alteration to customer data through the use of malware detection and prevention, firewalls, and other industry-standard technologies. Paychex encrypts sensitive information transmitted online and uses advanced technologies for information backup and recovery.
Only authorized personnel have access to confidential information. We require our employees to have information security training and implement these practices every day.
Physical and Workplace Safety
We abide by industry best practices, policies, and procedures regarding the security of our workplaces, systems, and records.
Our commitment to security starts with employees who are well-trained on how to prevent, protect, and respond to safety and security issues. We regularly train our teams on cyber and physical security, data and asset protection, and how to respond to an active threat – to protect our clients, their data, our physical locations, and each other. We also keep an eye on things for added protection. Our security team proactively monitors the areas near our physical locations to watch for weather and security-related incidents that may impact those locations, our employees, and the clients we serve. And we provide safety and security coverage for our employees traveling domestically and abroad for business, to promote a safe and secure working environment regardless of where they travel.
Paychex maintains SOC 1 Type 2 and SOC 2 Type 2 reports over various products and services. Clients may request copies of these reports through their Paychex Sales or Service contact. For additional information regarding SOC reporting and its standard, please visit the AICPA’s Audit and Assurance website.
Your Part: Keep Your Information Secure
Know what to look for and do when it comes to the safety and security of your information, employees, and business.
Recognize Potential Risks
We urge you to take all the necessary precautions when handling and protecting your company hardware, data, employees, and facilities.
Use the Highest Level of Authentication Available
When using any online application that requires a log-in, it is best practice to always leverage the highest level of authentication possible. Multi-Factor Authentication (MFA), available on the Paychex Flex® application across mobile and desktop devices, provides users with an additional layer of protection. While this authentication is an extra step, beyond your user name and password, it authenticates your identity when signing into your account.
Use Logout Features
After viewing your account or performing any transaction online, use the Log Out button when finished, and close your browser completely. This ensures that no one can view your account information after you've logged out.
Keep Login Credentials Confidential
Your user ID, username, password, picture, and/or pin code all represent keys that allow you to access your account information on our system. Do not disclose these credentials to others.
Your privacy and the privacy of your information are important to us. We do not share or sell personal information collected on the site with any third parties for their own marketing purposes.
How to Protect Your Information
Learn how you can protect yourself and your business from phishing scams, and get access to security resources including government agencies, credit bureaus, and consumer organizations.
Get answers to common security questions, such as what to do when you receive a suspicious email, how Paychex protects your personal information, and whom to contact if you have an issue.
Report a security vulnerability
If you believe you have discovered a vulnerability, we appreciate your help in disclosing it to our Enterprise Data Security team in accordance with this Responsible Disclosure Policy.
Active Security Notifications
- New Paychex Security Notice: Be Aware of Fake Paychex Flex® Login Pages
- Paychex Security Notice: Know What to Do About Fake Websites Using the Paychex Name
- Paychex Security Notice: Suspected Fraudulent Investment Scheme in Brazil
- Paychex Security Notice: Unemployment Benefit Fraud Rampant During COVID-19
- Paychex Security Update: Fake Job Postings
- Paychex Security Notice: Spoof Email coming from Paychex Domains
- Paychex Security Notice: New Google Ads Phishing Scam Targeting PEO Users
- Paychex Security Update: Defend Against COVID-19 Cyber Threats
- Paychex Security Update: Beware of Phishing Campaigns Targeting W-2 Information
- Paychex Security Update: Trickbot Using Fake Paychex Email Domain to Deliver Malware
- Paychex Security Update: Beware of False IRS "Tax Transcript" Email
If you believe an unauthorized party has accessed your account or information, please contact us immediately.
Once you suspect potentially fraudulent activity, you must take action to safeguard your personal and account information. See what steps you can take to address specific examples, and learn some best practices for handling your account information.
I am an employee of a Paychex client and I need technical support
Please log into www.paychexflex.com and click on the ? mark icon on the bottom right side of the page to get support via chat.
I received a suspicious telephone call, text message, email, or letter from someone who claimed to be from Paychex.
Contact your local Paychex branch.
Payroll support is available 24/7, 365 days per year.
I clicked on a link in a suspicious email. I gave out my online account information. My anti-virus software notified me that I had a virus.
Have your computer reviewed by an information technology professional at your business.
If you believe the virus affects your Paychex account, please contact your local Paychex branch.
Payroll support is available 24/7, 365 days per year.
Learn how to help reduce future risks to your online information.