Hrdeck

Hrdeck is a policy and communication platform built for HR teams and companies to address compliance, policy and communication management. our solution makes companies be compliant to protect your company from liabilities and reputation. 

Contact Info

recrula.com
717 K street
Sacramento, CA95814

info@email.com
00 (123) 456 78 90

Learn More

Privacy Policy

PRIVACY POLICY

HRdeck.com | Aspect Solutions Inc. Effective Date: December 1, 2025 Last Updated: December 2025

1. Introduction

HRdeck.com, operating under parent company Aspect Solutions Inc.  (collectively, “we,” “us,” “our,” or “Company”), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website—hrdeck.com—and utilize our HR compliance and regulatory compliance platform (collectively, the “Services”).

Services Covered

  • Website: hrdeck.com
  • HR compliance platform and tools
  • Employee handbook generator
  • Compliance document templates
  • HR policy templates and resources
  • State and federal compliance tracking
  • Regulatory update notifications
  • HR training and compliance resources
  • All related features and integrations

Services NOT Covered

This Privacy Policy does not apply to: – Employee data your employer stores through HRdeck – Your employer controls that data – HR professionals employed by HRdeck (separate privacy notice provided) – Job applicants to Aspect Solutions Inc. (separate notice provided) Important: If you are an employee of a company using HRdeck, your employer is the data controller. Request privacy information from your employer regarding how your employment data is handled.

Legal Compliance

We comply with all applicable privacy laws, including: – California Consumer Privacy Act (CCPA) – Effective January 1, 2020 – California Privacy Rights Act (CPRA) – Effective January 1, 2023 – California Online Privacy Protection Act (CalOPPA) – Ongoing – Senate Bill 446 (SB 446) – Data breach notification (30-day timeline) – Assembly Bill 947 (AB 947) – Citizenship/immigration status protections – Applicable state and federal privacy laws as they evolve

2. Definitions

“Personal Information” means information that identifies, relates to, describes, or could reasonably be linked with a particular person. This includes information about website visitors, customers, and prospects. “Sensitive Personal Information (SPI)” means: – Government-issued identifiers – Financial account information – Precise geolocation data – Racial or ethnic origin – Religious beliefs – Union membership – Citizenship and immigration status – Genetic data – Biometric information – Health information – Sexual orientation or sex life information – Contents of communications (unless we are intended recipient) “Service Provider” means a third party that processes Personal Information on our behalf under a written contract limiting use to specified business purposes. “Data Controller” means the entity that determines the purposes and means of personal information processing. “Data Processor” means the entity that processes personal information on behalf of a controller (e.g., HRdeck processing data on behalf of a client employer).

3. Information We Collect

3.1 Information You Provide Directly

We collect Personal Information you voluntarily provide: Account Registration: – Name, email address, phone number – Company name and business information – Business title and HR role – Mailing address and location – Account username, password, and security questions – HR team member names and contact information Payment Information: – Billing address and contact details – Payment method information (processed securely by third-party providers) – We do not store full credit card numbers – All payment processing is handled by PCI-DSS 3.2.1 compliant providers – Billing history and transaction records Communication: – Information provided through email, phone, contact forms, or support tickets – Messages, attachments, and content in communications – Feedback, complaints, and inquiries – Support requests and troubleshooting logs Service Usage: – Compliance needs and regulatory requirements – Current HR policies and procedures – Staffing and organizational information (if disclosed) – Employee handbook preferences – Compliance document selections and customizations – Training preferences and completion records – Integration setup information Surveys and Research: – Responses to surveys and questionnaires – Feedback on our Services – Participation in user research or beta testing – Voluntary demographic information – Experience and satisfaction data Documentation: – Documents you upload (current policies, handbooks, etc.) – Compliance checklists and assessment results – HR resource downloads and selections – Training materials and certificates

3.2 Information Collected Automatically

We automatically collect certain information: Device Information: – Device type, manufacturer, and model – Operating system and version – Browser type, version, and settings – Mobile network information – Unique device identifiers – Device settings and capabilities – Hardware specifications Usage Data: – Pages and features accessed – Actions taken on our Services (clicks, views, feature usage) – Links clicked and navigation patterns – Time spent on pages and session duration – Search queries and filters applied – Interaction patterns and user journey – Features accessed and frequency – Error logs and troubleshooting data – Compliance template selections – Document downloads and usage – Training module completion – Integration connections and usage Location Data: – General location (city and state) from IP address – Country and region information – We do not collect precise GPS data unless you explicitly permit it – Approximate location from cell tower or WiFi (if enabled) Cookies and Tracking Technologies: Types of Cookies We Use:Session cookies – For login and authentication – Performance cookies – For analytics and website performance – Functional cookies – For remembering preferences – Security cookies – For CSRF protection – Analytics cookies – For Google Analytics, usage patterns – Preference cookies – For language, theme, settings Third-Party Tracking:Google Analytics – For website analytics and usage patterns – Mixpanel – For product analytics and feature usage (if implemented) – HubSpot – For marketing analytics (if integrated) – Other analytics providers – As needed for service improvement

3.3 Information from Third Parties

We receive Personal Information from: Service Providers: – Payment processors (Stripe, PayPal, Square) – Email delivery services (SendGrid, Mailgun) – Analytics providers (Google, Mixpanel) – Hosting providers (AWS, Google Cloud, DigitalOcean, Cloudflare) – Customer support platforms (Help Scout, Zendesk) – SMS providers (Twilio) Business Partners and Integrations: – Integrated platforms you authorize (Google Workspace, Microsoft 365, Slack) – HR and payroll systems you integrate with – ATS and recruiting platforms (with your consent) – Compliance research and law firm partners – Professional associations and HR networks – Business information providers (Dun & Bradstreet, LinkedIn, etc.) Publicly Available Sources: – Business registries and public databases – Industry directories and regulatory filings – Social media profiles (if you link accounts) – HR and compliance blogs or publications – Chamber of Commerce information

4. Legal Basis for Processing Personal Information

We process your Personal Information based on: Performance of a Contract: To provide Services you have requested and maintain your account Your Consent: When you have explicitly agreed to specific processing activities Legitimate Business Interest: To improve our Services, protect against fraud, maintain security, conduct analytics, communicate important information, provide customer support Legal Obligation: To comply with applicable laws, regulations, and legal processes Sensitive Personal Information: We process SPI only when you have explicitly consented or when processing is necessary to provide Services

5. How We Use Your Personal Information

5.1 Service Delivery

  • Providing, maintaining, and improving our HR compliance platform
  • Processing account registration, authentication, and account management
  • Managing subscriptions, billing, and payment processing
  • Fulfilling your requests for information, services, or customer support
  • Communicating about your account, services, and transactions
  • Delivering compliance tools, templates, and resources
  • Providing regulatory update notifications and compliance alerts
  • Tracking your compliance status and providing recommendations
  • Enabling integrations with your third-party HR systems
  • Providing training, webinars, and compliance resources
  • Customizing compliance documents for your jurisdiction

5.2 Communication

  • Sending administrative communications and account updates
  • Responding to inquiries, support requests, and questions
  • Providing technical support and troubleshooting
  • Notifying you of changes to Services, Terms, or Privacy Policy
  • Sending security alerts and suspicious activity notifications
  • Confirming important account actions
  • Providing compliance update notifications and alerts
  • Communicating about regulatory changes affecting your business

5.3 Marketing and Outreach

  • Sending promotional materials and newsletters (only if you opt in)
  • Personalizing your experience based on stated interests
  • Notifying you about new compliance resources and features
  • Conducting market research and customer satisfaction surveys
  • Analyzing marketing campaign effectiveness
  • Opt-Out Available: You can opt out by clicking “Unsubscribe”

5.4 Service Improvement and Analytics

  • Analyzing usage patterns, user behavior, and service performance
  • Conducting A/B testing and user experience optimization
  • Developing new features, services, and functionality
  • Understanding customer demographics and preferences (aggregated and anonymized)
  • Identifying trends, pain points, and improvement areas
  • Measuring feature adoption and engagement
  • Improving compliance tool accuracy and usefulness

5.5 Security and Fraud Prevention

  • Protecting against fraud, unauthorized access, and security threats
  • Investigating and preventing illegal activities
  • Enforcing our Terms of Service and agreements
  • Protecting rights, property, and safety of Company, users, and employees
  • Conducting security audits and compliance reviews
  • Detecting and responding to security incidents
  • Monitoring for suspicious account activity
  • Preventing spam, abuse, and policy violations

5.6 Legal and Regulatory Compliance

  • Complying with applicable laws, regulations, and legal processes
  • Responding to government requests and regulatory requirements
  • Establishing, exercising, and defending legal claims
  • Maintaining required records and documentation

5.7 Data Retention Schedule

We retain Personal Information only as long as necessary:
Data Type Retention Period Basis
Account Information Active account + 3 years post-closure Legal compliance, dispute resolution
Transaction/Payment Records 7 years Financial compliance (GAAP standards)
Support and Communication Records 2-3 years or as required Service continuity, dispute resolution
Marketing Data and Preferences 2 years or until unsubscribe Legitimate marketing interest
Log and Analytics Data 90 days to 1 year Performance optimization, security
Compliance Template History 1-3 years or as required Audit trail, dispute resolution
Sensitive Personal Information Only as necessary Minimal collection principle
Aggregated/Anonymized Data Indefinite No personal identification possible

6. Disclosure of Your Personal Information

6.1 We Do NOT Sell Your Personal Information

Clear Statement: We do not sell your Personal Information to third parties for monetary consideration. We have not sold personal information in the last 12 months and maintain this commitment. We also do not share your Personal Information for cross-context behavioral advertising without your consent.

6.2 Disclosure to Service Providers and Contractors

We share Personal Information with service providers who perform services on our behalf. All service providers are bound by written Data Processing Agreements requiring CCPA/CPRA compliance. Service Provider Categories:
Category Examples Purpose
Payment Processors Stripe, PayPal, Square Process payments, manage billing
Cloud Infrastructure AWS, Google Cloud, DigitalOcean, Cloudflare Hosting, storage, backup, security
Email Services SendGrid, Mailgun, AWS SES Send emails and notifications
Analytics Providers Google Analytics, Mixpanel Analyze usage data, improve Services
Customer Support Help Scout, Zendesk, Intercom Manage support tickets and inquiries
Professional Services Law firms, accountants, auditors Compliance, financial, legal services
Business Partners Integration partners, consultants Service delivery, consulting

6.3 Disclosure for Business Transfers

If we are involved in a merger, acquisition, or similar transaction, your Personal Information may be transferred. We will provide advance notice and opportunity to opt out.

6.4 Legal Requirements and Protection

We may disclose Personal Information when required by law or in response to legal processes, government requests, or to protect rights and safety.

6.5 Aggregated and Anonymized Data

We may disclose aggregated or anonymized data (from which no individual can be identified) to: – Researchers and analysts – HR compliance organizations and associations – SHRM and professional organizations – Regulatory agencies (aggregated only)

7. Your Privacy Rights and How to Exercise Them

7.1 California Consumer Rights (CCPA/CPRA)

California residents have the following rights: – Right to Know – Request what personal information we collect and use – Right to Delete – Request deletion of personal information – Right to Correct – Request correction of inaccurate information – Right to Opt-Out of Sales/Sharing – Opt out of data sales or behavioral advertising – Right to Limit SPI – Limit use of sensitive personal information – Right to Non-Discrimination – Equal service regardless of privacy choices – Right to Opt-Out of ADMT – Opt out of automated decision-making – Right to Authorized Agent – Designate someone to make requests on your behalf

7.2 Account Access and Management

You can access and manage your information by: – Logging into your account dashboard – Contacting us at support@hrdeck.com.

7.3 Marketing Communications Opt-Out

You can opt out of marketing by: – Clicking “Unsubscribe” in any marketing email – Adjusting preferences in your account settings – Emailing support@hrdeck.com

8. Data Security

8.1 Security Measures

We implement reasonable security practices including: – Encryption of data in transit (TLS 1.2+) and at rest (AES-256) – Access controls and multi-factor authentication – Network firewalls and intrusion detection systems – Regular security assessments and penetration testing – Employee training on data protection – Secure deletion of data at end of retention period – Incident response procedures for unauthorized access

8.2 Data Breach Notification

In the event of a data breach: – We will notify affected California residents within 30 calendar days – We will notify the California Attorney General within 15 days if 500+ residents are affected – Notifications will describe the breach, information involved, and protective steps – Per Senate Bill 446 requirements

8.3 Limitations on Security

While we implement reasonable security measures, no system is completely secure. You acknowledge and accept inherent risks of using an online service.

9. Third-Party Links and Services

Our Services may contain links to third-party websites. We are not responsible for third-party content or privacy practices. You should review third-party privacy policies before providing information.

10. International Data Transfers

Our Services are operated in the United States. By using our Services, you consent to the transfer of your Personal Information to the US and its processing under US law.

11. Children’s Privacy

We do not knowingly collect information from children under 13. For users 13-15, we provide notice and opportunity for opt-out. If we learn we have collected information from a child under 13 without consent, we will delete it immediately.

12. California Residents’ Specific Rights

12.1 California Online Privacy Protection Act (CalOPPA) Compliance

We comply with all CalOPPA requirements and provide clear, conspicuous privacy policies and opt-out mechanisms.

12.2 Consumer Complaints

If you have complaints, you may file with: California Attorney General Consumer Protection Section, 1300 I Street, Sacramento, CA 95814 Phone: (916) 322-3360, Website: oag.ca.gov

13. Data Processing Agreements

All service providers maintain written Data Processing Agreements requiring: – Compliance with CCPA, CPRA, and all privacy laws – Appropriate security measures – Use of data only for specified purposes – No sale or unauthorized sharing of data – Cooperation with consumer privacy requests

14. Risk Assessments and Audits

We conduct annual privacy impact assessments and regular security audits evaluating: – Nature and scope of data processing – Privacy and security safeguards – Vulnerability assessments – Compliance with privacy principles – Consumer rights implementation effectiveness

15. Your Choices and Preferences

15.1 Account Settings

You can manage preferences by: – Updating profile and company information – Adjusting notification preferences – Managing data collection preferences – Controlling cookie settings – Accessing privacy request history

15.2 Cookie Management by Browser

Users can manage cookies through their browser settings: – Delete cookies upon exit – Block third-party cookies – Disable all cookies (may limit functionality) – Use Do-Not-Track options (if supported)

16. Contact Us for Privacy Questions

Primary Contact: HRdeck Privacy Team Email: support@hrdeck.com Mailing Address: Aspect Solutions Inc. 717 K Street Sacramento, CA 95814 Attn: Privacy Team For Complaints: California Privacy Protection Agency Email: info@cppa.ca.gov Website: cppa.ca.gov

17. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Changes will be posted with an updated “Last Updated” date. For material changes, we will provide 30 days’ advance notice.

18. CCPA/CPRA Compliance Summary

Requirement Status Reference
Collection Transparency ✓ Comprehensive Section 3
Business Purpose Disclosure ✓ Detailed Section 5
All Consumer Rights ✓ Implemented Section 7
Service Provider Contracts ✓ Documented Section 13
Data Security ✓ Comprehensive Section 8
Data Retention Limits ✓ Specified Section 5.7
Data Breach Notification (SB 446) ✓ 30-day timeline Section 8.2
SPI Protections ✓ Enhanced Throughout
Annual Risk Assessment ✓ Committed Section 14
Security Audits ✓ Regular Section 14
CalOPPA Compliance ✓ Full Section 12
AB 947 Compliance ✓ Citizenship/Immigration Section 3

19. Important Notice for HR Professionals

19.1 Dual Role Clarification

If you are an HR professional using HRdeck: – Your personal information (name, email, contact) is covered by this policy – Employee data your employer stores through HRdeck is controlled by your employer – Request employee data privacy information from your employer – HRdeck acts as a data processor on behalf of your employer

19.2 Data Processing Agreements with Employers

HRdeck maintains Data Processing Agreements with client employers that: – Clarify that the employer is the data controller – Specify that HRdeck is the data processor – Require CCPA/CPRA and privacy law compliance – Enable employees to exercise their rights through their employer Last Updated: December 2025 Effective Date: December 1, 2025