Privacy Policy

Upward365, LLC ("Upward365," "we," "our," or "us") provides a human resources software-as-a-service platform and related services ("Services") to business customers ("Customers"). This Privacy Policy explains how we collect, use, disclose, and protect personal information when our Services are used by Customers, their employees, candidates, or other authorized users ("you").

1. Scope of This Policy

This Privacy Policy applies to:

  • Personal information collected through our SaaS platform, websites, and support channels.
  • Data we process on behalf of our Customers as a data processor/service provider.
  • Personal information of Customer employees, contractors, and job applicants managed within the Services.

This Policy does not cover how individual Customers handle employee or applicant data. Customers remain responsible for their own privacy practices and compliance with applicable laws.

2. Information We Collect

2.1 Information Provided by Customers

  • Account and Profile Information: Name, business email, phone number, job title, organization details.
  • Employee and Candidate Data (as entered by Customers): Employment records, contact details, job history, performance data, compensation, and other HR-related information.
  • Credentials and Authentication Data: Usernames, passwords, access logs.

2.2 Automatically Collected Information

  • Usage Data: Log files, pages visited, features used, date/time stamps, IP addresses.
  • Device and Browser Data: Device type, operating system, browser type, settings, language, cookies, and similar technologies.

2.3 Third-Party Sources

We may receive information from:

  • Integration partners (e.g., payroll providers, HRIS Systems, background check services).
  • Public sources (e.g., professional networking sites).

3. How We Use Information

We use personal information to:

  1. Provide Services – Deliver HR management, payroll, recruitment, compliance, and reporting functions.
  2. Customer Support – Respond to inquiries, troubleshoot issues, and provide product guidance.
  3. Security & Compliance – Detect, prevent, and respond to fraud, unauthorized access, or violations of law or agreements.
  4. Service Improvement – Analyze usage patterns to improve performance, user experience, and new features.
  5. Legal Obligations – Comply with applicable labor, employment, and data protection laws.
  6. Business Operations – Billing, auditing, and contractual administration.

We will not use personal information for marketing or unrelated purposes without explicit consent.

4. Legal Bases for Processing (GDPR)

Where applicable (e.g., EEA, UK), we rely on:

  • Performance of a Contract – To provide Services to Customers.
  • Legitimate Interests – To secure, maintain, and improve Services.
  • Legal Obligations – To comply with labor, tax, or regulatory requirements.
  • Consent – Where required for specific data uses (e.g., optional integrations).

5. How We Share Information

We may share information with:

  • Service Providers/Subprocessors – Cloud hosting, analytics, support tools, payroll/benefits providers.
  • Integration Partners – When Customers enable integrations with third-party systems.
  • Legal and Regulatory Authorities – When required by law, subpoena, or regulatory obligations.
  • Business Transactions – In mergers, acquisitions, or asset transfers, subject to confidentiality safeguards.

We do not sell personal data for monetary gain.

6. Data Retention

  • Customer data is retained for the duration of the contract and securely deleted or returned upon termination, unless required by law.
  • User account and audit logs are retained as needed for compliance, dispute resolution, and security.
  • Aggregated or anonymized data may be retained for analytics without identifying individuals.

7. Security Measures

We implement appropriate technical and organizational measures, including:

  • Data encryption in transit and at rest.
  • Role-based access controls and authentication safeguards.
  • Regular penetration testing and vulnerability management.
  • Employee training on security and privacy.

8. International Data Transfers

If personal data is transferred across borders:

  • We rely on approved transfer mechanisms (e.g., Standard Contractual Clauses, adequacy decisions).
  • Customers are notified of any subprocessors with access outside their jurisdiction.

9. Your Privacy Rights

Depending on your location, you may have the right to:

  • Access, correct, or delete your personal data.
  • Restrict or object to processing.
  • Request data portability.
  • Withdraw consent at any time (where consent is the basis for processing).
  • File a complaint with a supervisory authority.

Requests should be directed to your employer (the Customer) who controls your data, or to us where we act as data controller.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Authenticate users and maintain sessions.
  • Improve performance and security.
  • Analyze usage trends.

Customers can manage cookie preferences through browser settings or opt-out tools.

11. Children's Privacy

Our Services are not directed to individuals under 16. We do not knowingly collect data from children without parental consent.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be effective upon posting, and Customers will be notified of material changes.

13. Contact Us

For questions or concerns about this Privacy Policy, please contact:

Mailing Address: 5133 NE Seneca Dr., Ankeny, IA, 50021
Email: info@upward365.com