Privacy Policy

Last Updated: March 21, 2026

Important: AI Use Disclosure & No Legal Advice

⚠️ EmployArmor uses artificial intelligence (AI) to analyze employment law compliance requirements, generate customized documents, and provide risk assessments. This AI-powered functionality is designed to assist users in navigating complex regulatory landscapes, but it comes with important caveats.

• AI-Generated Content is Informational Only: All outputs from our AI tools, including policies, notices, consent forms, bias audits, and compliance reports, are provided for general informational and educational purposes. They are not tailored legal advice and may not fully address the unique circumstances of your organization or jurisdiction.

• Mandatory Legal Review: Before implementing any AI-generated document or recommendation, it must be thoroughly reviewed and customized by a qualified attorney licensed in your relevant jurisdiction. EmployArmor does not guarantee the accuracy, completeness, or applicability of AI outputs to specific legal matters.

• Not a Law Firm: EmployArmor is a technology platform, not a law firm or legal service provider. We do not offer legal representation, counseling, or advice. Using our platform does not establish an attorney-client relationship, and we are not responsible for any legal outcomes resulting from your use of our services.

• Limitations of AI: AI models may occasionally produce errors, hallucinations, or outdated information based on training data. Users are solely responsible for verifying all information against current laws and regulations, such as those enforced by the U.S. Equal Employment Opportunity Commission (EEOC) or state labor departments.

• Ethical AI Use: We prioritize responsible AI deployment, adhering to principles outlined in guidelines from the Federal Trade Commission (FTC) on AI fairness and transparency. However, users must ensure their own compliance with emerging AI regulations, like the EU AI Act or proposed U.S. federal AI oversight.

By proceeding with our services, you acknowledge these limitations and agree to consult legal professionals for any binding decisions. For more on AI in employment, refer to official resources like the EEOC's guidance on AI and algorithmic discrimination.

1. Introduction

EmployArmor ("we," "us," or "our") is an innovative AI-powered platform dedicated to helping organizations achieve employment law compliance. Our service streamlines tasks such as generating compliant hiring policies, conducting bias audits for AI tools in recruitment, tracking consent for employee data processing, and assessing risks under regulations like Title VII of the Civil Rights Act, the Fair Credit Reporting Act (FCRA), and the California Consumer Privacy Act (CCPA).

This Privacy Policy outlines our practices for collecting, using, disclosing, and protecting your personal and organizational information when you visit our website (employarmor.com), register for an account, or use our platform. We are committed to transparency, security, and respect for user privacy, in line with global standards such as the General Data Protection Regulation (GDPR) and the CCPA.

By accessing or using EmployArmor, you consent to the data practices described in this policy. If you do not agree, please do not use our services. We recommend reviewing this policy periodically, as it may be updated to reflect changes in our operations, technology, or applicable laws.

Our platform is designed for business users, such as HR professionals, compliance officers, and legal teams in organizations of all sizes. We do not target consumers or individuals acting in a personal capacity. For jurisdiction-specific details, see Section 8 on Your Rights.

This policy does not address third-party websites or services linked from our platform; their privacy practices are governed separately.

2. Information We Collect

To deliver our compliance services effectively, we collect various types of information. We categorize this data below, explaining what we gather, how, and why. All collection is done with your consent where required by law, and we minimize data to what is necessary (data minimization principle under GDPR).

2.1 Account Information

When you create an account or subscribe, we collect:

• Personal Identifiers: Full name, email address, phone number (optional), and password (hashed for security).
• Billing Details: Payment information (e.g., credit card details, processed via Stripe— we do not store full card data), billing address, and tax ID.
• Organization Affiliation: Company name, role within the organization (e.g., HR Manager), and verification details to prevent fraudulent accounts.

This data enables secure authentication, personalized dashboards, and subscription management. We use secure protocols like HTTPS and two-factor authentication (2FA) to protect it.

2.2 Organization Data

To tailor compliance recommendations, you provide:

• Business Profile: Company size (e.g., number of employees), industry (e.g., tech, healthcare), locations/jurisdictions (e.g., U.S. states, EU countries), and operational details like remote work policies.
• Compliance Configurations: Preferences for regulatory focus, such as EEOC guidelines, OSHA standards, or international labor laws.

This information helps our AI analyze relevant risks, such as disparate impact in hiring under the Uniform Guidelines on Employee Selection Procedures (41 CFR Part 60-3). We source some public data (e.g., industry benchmarks) from reliable .gov sites like the U.S. Department of Labor's website.

2.3 Employee & Hiring Data

For assessments, you may input anonymized or aggregated data about:

• Workforce Details: Employee demographics (high-level, e.g., diversity stats without identifiers), roles, tenure, and turnover rates.
• Hiring Processes: Job descriptions, interview protocols, applicant tracking system (ATS) integrations, and details on AI usage (e.g., resume screening tools).
• Sensitive Inputs: Where necessary for compliance (e.g., pay equity audits), limited protected characteristics under laws like the Genetic Information Nondiscrimination Act (GINA), but only if you explicitly provide and consent.

We process this to generate reports on potential biases or non-compliance, always emphasizing pseudonymization to protect privacy. For guidance, see the FTC's resources on employment background checks.

2.4 AI Tool Configurations

Users register AI systems used in employment, including:

• Tool Descriptions: Names, vendors (e.g., LinkedIn Recruiter AI), purposes (e.g., predictive hiring), and data inputs/outputs.
• Audit Parameters: Settings for bias testing, such as adverse impact ratios per EEOC thresholds (80% rule).

This enables automated compliance tracking, alerting you to updates like New York City's Local Law 144 on AI bias audits.

2.5 Compliance Documents

We store:

• Generated/Uploaded Files: AI-created policies (e.g., anti-discrimination notices), consent forms, training modules, and uploaded legacy documents.
• Metadata: Version history, edit timestamps, and approval status.

Documents are encrypted at rest and in transit, with access logs for auditing.

2.6 Scan & Assessment Results

Our platform performs:

• Automated Scans: Results from AI-driven reviews of your configurations against regulations, including risk scores and remediation suggestions.
• Regulatory Analysis: Outputs referencing sources like the EEOC's enforcement guidance.

These are stored to track progress and provide historical insights.

2.7 Usage Data and Technical Information

Automatically collected via cookies and analytics:

• Device and Network Data: IP address, browser type/version, operating system, device ID, and location (approximate, via IP geolocation).
• Behavioral Logs: Pages viewed, time spent, features used (e.g., document generation frequency), search queries, and error reports.
• Analytics: Aggregated trends via tools like Google Analytics (anonymized).

This helps us improve usability, detect abuse, and optimize performance. We do not track sensitive activities like specific employee data inputs.

We do not collect biometric data, financial account numbers (beyond billing), or precise geolocation without consent.

3. How We Use Your Information

We use collected data purposefully and proportionately, aligning with our legitimate interests (e.g., service delivery) and legal obligations. Key uses include:

• Service Provision and Maintenance: Authenticating users, hosting your compliance workspace, and ensuring platform reliability. For example, usage data helps us scale servers during peak compliance seasons (e.g., end-of-year audits).

• AI-Driven Features: Feeding your inputs into AI models to generate documents, run simulations (e.g., "what-if" scenarios for policy changes), and produce assessments. This involves natural language processing to interpret regulations from sources like the U.S. Code on Labor Standards.

• Consent and Compliance Tracking: Managing user consents for data processing, generating audit trails, and notifying you of expiring consents under laws like the Illinois Biometric Information Privacy Act (BIPA).

• Risk Assessments and Scans: Analyzing configurations against benchmarks, such as FLSA overtime rules or ADA accommodation requirements, to flag potential violations.

• Training and Guidance: Delivering educational content, like webinars on AI ethics in HR, personalized based on your industry.

• Payments and Subscriptions: Processing transactions via Stripe, handling refunds, and managing tiers (e.g., basic vs. enterprise plans with advanced AI features).

• Communications: Sending transactional emails (e.g., password resets), service updates, and compliance alerts (e.g., new EEOC rulings). Marketing emails require opt-in, and you can unsubscribe anytime.

• Platform Improvement: Aggregating anonymized data for R&D, such as refining AI accuracy or A/B testing UI changes. We may share insights with partners under strict NDAs.

• Legal and Security Compliance: Responding to lawful requests (e.g., subpoenas), preventing fraud, and enforcing terms of service. For instance, we retain logs to investigate unauthorized access.

• Analytics and Research: Creating de-identified reports on industry trends, like AI adoption in hiring, to inform public resources without revealing user specifics.

We never use data for unrelated purposes, such as targeted advertising, and we do not sell your personal information.

4. AI-Generated Content

At the core of EmployArmor is advanced AI technology that democratizes access to employment compliance tools. Our models, powered by third-party providers like OpenAI or Anthropic, process your inputs to:

• Analyze Requirements: Scan for alignment with laws like the National Labor Relations Act (NLRA) or state pay transparency mandates.
• Generate Documents: Produce templates for offer letters, non-disclosure agreements (NDAs), or AI disclosure notices, customized to your jurisdiction.
• Assess Risks: Simulate scenarios, e.g., evaluating if an AI hiring tool complies with the Colorado AI Act.

Critical Disclaimer: AI outputs are probabilistic and based on patterns in training data, which may not capture the latest case law (e.g., recent Supreme Court decisions on affirmative action). They are not substitutes for professional judgment.

• Accuracy and Bias Mitigation: We fine-tune models with diverse datasets and implement safeguards against hallucinations. However, users must validate outputs—e.g., cross-check with official EEOC forms.

• Transparency: Each generated item includes a watermark noting its AI origin and a suggested review checklist.

• Intellectual Property: You own the outputs you generate, but we retain rights to the underlying AI models. Do not input confidential client-attorney privileged information.

For deeper insights, review FTC guidelines on AI transparency in consumer-facing tools, adapted for employment contexts.

EmployArmor promotes ethical AI use, encouraging audits for fairness as per NIST's AI Risk Management Framework.

5. Sharing and Disclosure of Information

We share data only when necessary, with safeguards like data processing agreements (DPAs) ensuring GDPR/CCPA compliance.

• Service Providers: Third parties assist operations:

  • Supabase: For database and auth; see their privacy policy.
  • Vercel: Hosting; privacy details.
  • Stripe: Payments; privacy policy.
  • AI Providers: E.g., OpenAI for generation; data is processed transiently, not stored long-term. Review OpenAI's privacy practices.
  • Analytics Tools: Google Analytics for usage; IP anonymized.

• Business Transfers: In mergers/acquisitions, data may transfer with notice.

• Legal Requirements: We disclose if compelled by law, e.g., court orders or to prevent harm. We notify users unless prohibited.

• With Consent: For integrations (e.g., exporting to HRIS systems) or referrals.

We do not share with marketers or for profiling. International transfers (e.g., to U.S. servers from EU) use Standard Contractual Clauses (SCCs).

6. Data Retention and Deletion

Retention periods balance service needs with privacy rights:

• Account Data: As long as active, plus 30 days post-deletion for backups.
• Documents/Assessments: Until deleted by you or account closure; legal holds extend if required (e.g., for litigation under Sarbanes-Oxley).
• Usage Logs: 12-24 months for security, then anonymized.
• Billing: 7 years per tax laws.

Request deletion via support@employarmor.com. We'll confirm and process within 45 days (CCPA) or 1 month (GDPR), retaining only what's legally mandated (e.g., transaction records). For EU users, see our data protection addendum.

We securely erase data using industry standards like NIST SP 800-88.

Do Not Sell

EmployArmor does not sell your personal information for monetary consideration.

However, under the California Consumer Privacy Act (CCPA/CPRA), sharing data with analytics providers like Google Analytics may qualify as "sharing" personal information. You have the right to opt out.

To opt out of analytics tracking:

• Click "Decline" on our cookie banner (shown on your first visit)
• Clear your browser cookies and reload the page — the banner will reappear
• Or email us at support@employarmor.com and we will process your opt-out request within 15 business days

California residents may also submit opt-out requests via the California Attorney General's portal. We do not discriminate against users who exercise this right.

7. Cookies and Tracking Technologies

Cookies enhance functionality:

• Essential: For login, security (e.g., CSRF tokens).
• Functional: Remember preferences, like dashboard layouts.
• Analytics/Performance: Track aggregate usage via Google Analytics; opt-out via Google's tool.
• Third-Party: From embedded services (e.g., Stripe widgets).

We use no advertising cookies. Manage via browser settings or our cookie banner. For details, see our Cookie Policy. Note: Disabling may limit features.

8. Your Privacy Rights (CCPA, GDPR, and More)

EmployArmor respects global privacy laws. Rights vary by location:

• Access: Obtain details on processing (e.g., via data export).
• Correction: Update inaccurate info (e.g., email).
• Deletion ("Right to be Forgotten"): Remove non-essential data.
• Portability: Receive structured data (e.g., JSON export).
• Objection/Restriction: Challenge processing (e.g., for direct marketing).
• Opt-Out of Sales: We don't sell data; for "sharing" under CCPA (e.g., analytics), use Do Not Sell My Personal Information links.
• Non-Discrimination: No penalties for exercising rights; verified requests get equal service.

U.S. Residents (CCPA/CPRA): As a "business" under CCPA, we collect categories like identifiers and professional info. No sales/sharing for monetary gain. Exercise via support@employarmor.com or CCPA portal. See California Attorney General's CCPA guide.

EU/UK Residents (GDPR/UK GDPR): As a processor/controller, we appoint a EU representative. Rights include data protection impact assessments (DPIAs) for high-risk processing. Contact our DPO at dpo@employarmor.com. Reference EDPB guidelines.

Other Jurisdictions: E.g., Brazil's LGPD or Canada's PIPEDA—similar rights apply.

Verification: Provide ID/proof; appeals available. Response: 30-45 days, extendable.

9. Children's Privacy

Our services are for adults in professional contexts. We do not knowingly collect data from those under 13 (COPPA) or 16 (GDPR). If aware, we delete promptly and report as required. Parents: Contact us to access/delete child data.

10. Data Security

Security is paramount. Measures include:

• Technical: Encryption (AES-256), firewalls, regular penetration testing (via certified firms).
• Organizational: Access controls (RBAC), employee training, incident response plans per NIST Cybersecurity Framework.
• Compliance: SOC 2 Type II audited; GDPR Article 32 compliant.

Risks exist (e.g., phishing), so use strong passwords and report issues. In breaches, we notify per law (e.g., 72 hours under GDPR) via HHS breach portal if health data involved (rare).

11. International Data Transfers

U.S.-based, we transfer data globally. For adequacy (e.g., to EU), we use SCCs, Binding Corporate Rules (BCRs), or approved mechanisms. Transfers logged and audited.

12. Changes to This Privacy Policy

Updates reflect evolutions like new AI regs or platform features. Minor changes posted here; material ones emailed (for registered users) with 30-day notice. Continued use = acceptance. Historical versions available on request.

13. FAQ

What personal data does EmployArmor collect?

We collect account details, organization info, employee/hiring data (as provided), AI configurations, documents, scan results, and usage logs. See Section 2 for details. We prioritize minimal collection.

How does EmployArmor use AI, and is it safe?

AI analyzes compliance and generates docs, but outputs need attorney review. We mitigate biases per NIST AI standards. No AI processes sensitive data without consent.

Do you share my data with third parties?

Only with service providers (e.g., Stripe) under contracts. No sales. See Section 5.

How can I delete my data?

Email support@employarmor.com. We'll process within legal timelines, retaining only required data.

What rights do I have under CCPA/GDPR?

Access, correction, deletion, portability, etc. Exercise via support. U.S. users: No data sales. EU: DPO contact available.

Are cookies used, and how do I manage them?

Yes, essential and analytics. Opt-out via browser or our banner. See Section 7.

What if I'm in the EU—how are transfers handled?

Via SCCs; full details in our DPA.

Does using EmployArmor create a lawyer-client relationship?

No. We're a tech platform; consult attorneys for advice. See AI Disclaimer.

How long is data retained?

Account-active period + backups; documents until deleted. See Section 6.

Who can I contact for questions?

support@employarmor.com or dpo@employarmor.com for privacy.

(FAQ structured for potential JSON-LD schema implementation: FAQPage with mainEntity as Question/Answer pairs, enhancing SEO via Google's rich results.)

14. Contact Us

Questions? Reach us at support@employarmor.com. For privacy inquiries, dpo@employarmor.com. We're here to help ensure your compliance journey is smooth and secure.

Word count: Approximately 2,450. This policy is for informational purposes; consult legal experts for application.