Privacy Policy

1. Who We Are

MyHRProof, LLC ("MyHRProof," "we," "us," or "our") operates the MyHRProof mobile application and website located at myhrproof.com. We are a U.S.-based company. For privacy-related questions, contact us at: privacy@myhrproof.com.

2. Information We Collect

2.1 Information You Provide

• Account information: name, email address, password (stored as a hash — we never store your plain-text password)
• Incident records: descriptions, categories, dates, times, locations, photos, voice memos, and documents you log in the app
• Uploaded documents: employee handbooks or other files you upload for AI policy analysis
• Payment information: processed entirely by Stripe. We never see or store your full card number.
• Support communications: emails or messages you send to our support team

2.2 Information Collected Automatically

• Device type, operating system version, and app version
• IP address (used for fraud prevention, not stored long-term)
• Crash reports and error logs (no incident content included)
• Feature usage analytics (e.g., "user opened incident log screen") — no content

2.3 Location Data

If you enable location capture for incidents, we record the GPS coordinates you choose to attach to a specific entry. This is always optional and requires your explicit permission. We do not track your location in the background.

3. How We Use Your Information

• To provide, maintain, and improve the MyHRProof platform
• To process your subscription payments
• To run AI analysis when you request it (your data is not used to train AI models without explicit consent)
• To send you service-related communications (receipts, security alerts, feature updates)
• To respond to your support requests
• To prevent fraud and abuse
• To comply with legal obligations

We do not use your information to serve you targeted advertisements. We do not sell your personal data to third parties. We do not share your incident records with employers, background check companies, or any third party without a valid court order.

4. Encryption and Security

Your incident records and uploaded documents are encrypted at rest using AES-256 encryption. All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher. Your account is protected by password hashing (bcrypt). We offer two-factor authentication and recommend enabling it.

We follow industry-standard practices and conduct regular security reviews. In the event of a data breach that affects your personal data, we will notify you as required by applicable law within 72 hours of discovery.

5. Data Sharing

We share your data only in these limited circumstances:

• Service providers: hosting (AWS), payment processing (Stripe), email delivery (SendGrid), crash analytics (Sentry) — all bound by confidentiality agreements and prohibited from using your data for their own purposes
• Legal requirements: if we receive a valid, legally enforceable court order or subpoena, we may be required to disclose data. We will notify you before complying unless prohibited by law.
• Business transfer: if MyHRProof is acquired or merges with another company, your data may transfer to the successor entity, who will be bound by this Privacy Policy
• Your explicit consent: we will never share your data for any other purpose without asking you first

6. Your Rights

Depending on where you live, you may have the following rights regarding your personal data:

• Access: request a copy of all personal data we hold about you
• Correction: request correction of inaccurate data
• Deletion: request that we delete your account and all associated data
• Portability: request your data in a machine-readable format
• Opt-out of sale: we do not sell personal data, so this right is satisfied by default
• Non-discrimination: exercising your privacy rights will not affect your access to MyHRProof

To exercise any of these rights, email us at privacy@myhrproof.com. We will respond within 30 days.

7. California Residents (CCPA / CPRA)

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the following rights:

• Right to Know: Request a list of personal information we have collected, its sources, business purpose, and third parties we share it with.
• Right to Delete: Request deletion of your personal information, subject to legal exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt Out of Sale or Sharing: We do not sell or share your personal information. This right is satisfied by default.
• Right to Limit Sensitive Personal Information: We use sensitive personal information only as needed to provide the Service.
• Right to Non-Discrimination: Exercising your CCPA rights will never affect your access to MyHRProof.

To submit a verified consumer request, email privacy@myhrproof.com with subject "CCPA Request" from the email on your account. We will respond within 45 days.

Do Not Sell or Share My Personal Information: MyHRProof does not sell your data. To formally submit this opt-out, email privacy@myhrproof.com with subject "Do Not Sell My Information."

8. Health and Emotional Data Disclaimer

MyHRProof is not a covered entity under HIPAA. We are not a healthcare provider, insurer, or business associate of a HIPAA-covered entity. The Mental Health and wellbeing resources in the app are for general informational and self-documentation purposes only — they are not medical advice, diagnosis, or treatment.

Any personal information you enter in wellness or mental health sections is treated with the same encryption protections described in this Policy, but it is not protected by HIPAA and should not be considered medical records. If you are experiencing a mental health emergency, please contact a licensed healthcare professional or call 988 (Suicide & Crisis Lifeline).

9. Advertising and Endorsement Disclosures (FTC)

MyHRProof does not display third-party advertisements. Any affiliate relationships, sponsorships, or paid partnerships we enter into will be clearly disclosed per FTC guidelines. Content we publish on social media that involves a material connection or compensation will be labeled "#ad" or "#sponsored." Testimonials displayed on our website are genuine and unpaid.

10. Data Breach Notification

In the event of a data breach reasonably likely to harm you, we will notify affected users by email within 72 hours of discovery, describe what happened and what data was involved, explain steps we are taking, and notify applicable state regulators as required by law. To report a suspected security vulnerability, email privacy@myhrproof.com with subject "Security Report."

11. Children's Privacy (COPPA)

MyHRProof is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we learn that we have collected data from a person under 18, we will delete it promptly. If you believe a minor has provided us with personal data, contact privacy@myhrproof.com immediately.

12. Data Retention

We retain your data for as long as your account is active or as needed to provide services. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law (e.g., payment records required for tax compliance are retained for 7 years).

13. Third-Party Links

Our app and website may contain links to third-party websites. We are not responsible for the privacy practices of those sites. Please review their privacy policies before providing any personal data.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email and by posting a prominent notice in the app at least 30 days before the changes take effect. Your continued use of the service after that date constitutes acceptance of the updated policy.

15. Contact Us

For privacy-related questions, requests, or concerns:
Email: privacy@myhrproof.com
Mail: MyHRProof, LLC, Privacy Team, [Address], United States