Ea EmployAPI

Privacy Policy

Last Updated: November 11, 2025

EmployAPI ("we," "us," or "our") operates the https://employapi.com website and the EmployAPI HR data service (the "Service"). This Privacy Policy informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service.

1. Information We Collect

A. Information You Provide to Us:

  • Account Information: When a company registers for an account, we collect information such as company name, address, and contact person details.
  • Client HR Data: Our clients use the Service to process HR data about their employees, job applicants, contractors, and suppliers ("Client Data"). This data is highly sensitive and can include, but is not limited to:
    • Identity information (e.g., name, contact details)
    • Government identifiers (e.g., IRD number, Social Security Details)
    • Financial information (e.g., bank account details for payroll)
    • Employment details (e.g., work history, resume, performance reviews, time-tracking data)
    • Sensitive health and benefits information
  • Support and Contact Information: Information you provide when you contact us for support or with inquiries.

B. Information Collected Automatically:

  • Usage Data: We may collect information on how the Service is accessed and used ("Usage Data"). This may include your computer's IP address, browser type, pages visited, time and date, and other diagnostic data.
  • Cookies and Tracking Data: We use cookies and similar tracking technologies. Please see our separate Cookie Policy for details.

2. How We Use Your Information

We use the collected data for various purposes:

  • To provide and maintain the Service and process data as instructed by our clients
  • To notify you about changes to our Service
  • To provide customer support
  • To gather analysis or valuable information so we can improve our Service
  • To monitor the usage of the Service
  • To detect, prevent, and address technical issues
  • To comply with legal obligations

Our Role as a Data Processor

We process Client Data strictly as a "Data Processor" on behalf of our clients, who are the "Data Controllers." We process this data only in accordance with our clients' instructions as outlined in our Terms of Service and any applicable Data Processing Agreement.

3. Legal Basis for Processing

Our processing of Client Data is performed under the legal basis of the legitimate interests of our clients (the Data Controllers) to manage their human resources. We process this data under contract to provide the Service.

4. Data Sharing and Disclosure

We do not share or disclose any Client Data with third-party sub-processors. We may share your information in the following limited situations:

  • For Business Transfers: In connection with a merger, sale, or asset transfer
  • To Comply with Laws: Where required by law or to respond to valid legal requests by public authorities (e.g., a court or a government agency)

We do not sell, rent, or trade your personal data or Client Data.

5. International Data Transfers

Your information, including Personal Data, is processed at our operating offices and in any data centers where our infrastructure is located. As our target customers are in New Zealand and Australia, we are committed to storing and processing data in accordance with the privacy laws of these jurisdictions.

6. Data Security

The security of your data is critically important to us. We use industry-standard administrative, technical, and physical safeguards to protect your data, including encryption of data in transit and at rest. Access to sensitive Client Data is strictly limited to authorized personnel with a legitimate need to know. However, no method of transmission over the Internet or electronic storage is 100% secure.

7. Your Data Protection Rights (New Zealand and Australia)

Under the Privacy Act 2020 (New Zealand) and Privacy Act 1988 (Australia), individuals have rights regarding their personal information. Because we act as a Processor for Client Data, if you are an employee, applicant, or contractor of one of our clients, you should direct your requests to access, correct, or update your information directly to your employer (the Data Controller). We will support our clients in fulfilling these requests as required by law and our contractual agreements.

Data Protection Authorities

  • New Zealand: Office of the Privacy Commissioner
  • Australia: Office of the Australian Information Commissioner

8. Data Retention

We will retain Client Data only for as long as necessary to provide the Service to our client, comply with our legal obligations, resolve disputes, and enforce our agreements. The specific retention period is determined by our clients, and we will delete or return data as per their instructions.

Retention Periods

  • Client Data after account termination: 30 days
  • Analytics data: 730 days
  • Support tickets: 1095 days
  • Audit logs: 1825 days

9. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Privacy Inquiries

privacy@employapi.com

Privacy policy and data protection inquiries

Data Protection Officer

dpo@employapi.com

Data protection officer contact

Company Address

123 Business Street
Auckland, Auckland 1010
New Zealand

Ready to Get Started?

Join forward-thinking companies building compliant HR systems with our API-first platform.

Get Your Free API Key View Pricing