PEO_Tools.
Sign in Run the demo →

Legal

Privacy Policy

Last updated: June 2026

This Privacy Policy describes how PEO Tools ("we," "us," "our") collects, uses, and protects information in connection with the PEO Tools platform and the white-label PEO tax engine.

1. Information We Collect

Broker accounts

When you sign up as a broker, we collect your name, business name, work email, phone number, website URL, and state of operation. We use this to operate your account, communicate with you about the Service, and send you lead alerts.

Rate card data

We store the PEO rate card data you upload (admin fees, plan premiums, carrier names). This data is used solely to power the computation engine on your deployment.

Prospect inputs and lead data

When a prospect uses your embedded engine, we receive the financial inputs they enter (e.g., projected income, payroll, filing status, number of employees) and, when they verify their phone to unlock the full report, their phone number. This data is associated with your broker account and delivered to you as a lead. Prospect lead data belongs to you. We do not sell it, route it to any other party, or use it for any purpose beyond delivering it to you and operating the Service.

Analytics

We run self-hosted Matomo analytics at analytics.peotools.com on peotools.com pages. Matomo is configured to respect Do Not Track signals, does not share data with third parties, and its data stays on our own infrastructure. We do not use Google Analytics or any third-party analytics platform.

Usage data

We collect standard server logs (IP addresses, browser type, pages visited, timestamps) for security and operational purposes. Logs are retained for 90 days and are not used for advertising.

2. How We Use Information

  • To operate and deliver the Service - running computations, delivering leads, sending lead alerts.
  • To communicate with you about your account, billing, and material service changes.
  • To detect fraud, abuse, or security incidents.
  • To improve the Service (aggregate, anonymized analytics only - never individual prospect data).

We do not use your data or your prospects' data for advertising. We do not sell or rent data to any third party.

3. Data Sharing

We share data only in these limited circumstances:

  • With you: your leads and account data are yours and are delivered to you.
  • Service providers: infrastructure providers (hosting, email delivery) who process data on our behalf under strict data processing agreements and who never receive prospect lead data for their own use.
  • Legal requirements: if required by law, court order, or to protect our legal rights.

4. Data Retention

  • Lead data: retained as long as your broker account is active. Deleted within 30 days of account termination upon request.
  • Broker account data: retained for the life of the account plus 1 year after termination for legal and billing purposes.
  • Prospect inputs (pre-verification): session-scoped and not persisted beyond the session unless the prospect verifies their phone.
  • Server logs: 90 days.

5. Security

We use TLS encryption for all data in transit. Data at rest is encrypted on our hosting infrastructure. Phone verification codes are one-time-use and expire after 10 minutes. We do not store raw phone verification codes after use.

6. Your Rights

If you are a broker account holder, you may request access to, correction of, or deletion of your account data at any time by contacting us. If you are a prospect whose data was captured through a broker's deployment, please contact that broker directly - they are the data controller for their leads. We will assist brokers in responding to such requests.

7. Changes to This Policy

We may update this policy. We will notify active broker accounts by email at least 14 days before material changes take effect.

Questions about this policy? Contact us.