Privacy Policy

Effective Date: January 1, 2020 (view archived version)

I. Corporate Commitment to Privacy

This Privacy Policy describes how we collect, use, disclose, store and otherwise process information through and through the products and/or services provided by or through Zenefits (collectively “Services”). In addition, this policy states how you can control the collection, correction and/or deletion of information. We will not use or share your information with anyone except as described in this Privacy Policy.

We urge you to read this Privacy Statement so that you understand our commitment to you and your privacy, and how you can participate in that commitment.

II. Scope

This Privacy Policy applies to personal information and other information collected by Zenefits or its service providers from or about:

  1. visitors to, or users of, its websites;
  2. current customers using the Services pursuant to a written agreement with Zenefits;
  3. prospective and current customers using the Services pursuant to a clickwrap, browserwrap, or other online agreement;
  4. service providers and business partners;
  5. other third-parties that use the Services, including without limitation including without limitation the end users of prospective and current customers.

As used in this Privacy Policy, “you” or “your” means, collectively, the entities or individuals set forth in (i) – (v) of this Section II.

III. FTC Enforcement Power

Zenefits is subject to the investigatory and enforcement powers of the Federal Trade Commission.

IV. Personal Information

Definition of Personal Information

Personal information refers to any information relating to an identified or identifiable natural person, such as an identification number, physical, physiological, mental, economic, cultural, or social identifiers.

Definition of Personal Information (Special Categories of Information)

Special categories of personal data refers to genetic and biometric data which can identify a unique individual. Under GDPR, these categories require additional privacy protections.

V. Definition of Non-Personal Information

We may also collect information that is related to you but that does not personally identify you (“Non-personal Information”). Non-personal Information also includes information that could personally identify you in its original form, but that we have modified (for instance, by aggregating, anonymizing or de-identifying such information) in order to remove or hide any Personal Information.

VI. Consent

Zenefits collects personal information about you in connection with many of our services. When working or using our company, you may be prompted to make an account which may hold personal information such as your name, mailing address, email address, or credit card information. Prior to collecting this information, Zenefits will obtain your consent. At any point in time, you can revoke consent and we will cease using and processing your data immediately.

VII. Information Collected Automatically

Zenefits may also collect Technical Information about you when you visit our websites, which your web browser automatically sends whenever you visit a website on the Internet. “Technical Information” is information that does not, by itself, identify a specific individual but which could be used to indirectly identify you. Our servers automatically record this information, which may include your Internet Protocol (“IP”) address, browser type, browser language, and the date and time of your request. Gathering your information helps us ensure our websites and other services work correctly and support out customer analytic efforts.

VIII. Information Collected Automatically (Examples)

Email communication

We may use pixel tags and cookies in our marketing emails so that we can track your interaction with those messages, such as when you open the email or click a URL link that’s embedded within them. When recipients click on one of those URLs, they pass through a separate web server before arriving at the destination page on a company website. We use tools like pixel tags and cookies so that we can determine interest in particular topics and measure and improve the effectiveness of our communications.

Mobile communication

When you download or use our mobile-device applications, or access one of our mobile-optimized websites, we may receive information about your mobile device, including a unique identifier for your device.

Cookies and Similar Technologies

We may collect information about your use of the websites through cookies and similar technology. A “cookie” is a unique numeric code that we transfer to your computer so that we can keep track of your interests and/or preferences and recognize you as a return visitor to the websites. For example, we may use these technologies to collect information about the ways visitors use our websites, to support the features and functionality of our websites, and to personalize your experience when you use our websites.

IX. Information Collected from Other Sources

Zenefits may also collect information about you from other sources to help us correct or supplement our records, improve the quality or personalization of our service to you, and prevent or detect fraud. We work closely with third parties (for example, business partners, service providers, sub-contractors, advertising networks, analytics providers, search information providers, fraud protection services) and may receive information about you from them. The following are some examples:

Third-Party Vendors

In order to provide the services and improve Zenefits’ websites, we may engage the services of third-party vendors. In the process of supplying services to Zenefits, these third-party vendors may need to collect Personal Information about you.

Log Files

Log files record website activity on our services and enable us to gather statistics about our users’ browsing habits. These entries help Zenefits determine (among other things) how many and how often users have accessed or used our services, which pages they’ve visited, and other similar data.

Clear GIFs

Clear GIFs, sometimes called “web bugs” or “web beacons,” are small electronic images that are placed on a web page or in an email message. We use clear GIFs to monitor user behavior, deliver cookies, collect information, count visits, understand usage and campaign effectiveness, and to tell if a recipient has opened and acted upon an email.

X. Permitted Use of Personal Information

Zenefits uses your personal information to provide you products and services, such as to fulfill your requests for products or to help us personalize our offerings to you. We also use your personal information to support our business functions, such as fraud prevention, marketing, and legal functions. To do this, we combine personal and non-personal information, collected online and offline, including information from third party sources. The following are some examples:

Fulfill Requests

To fulfill your requests for products and services and communicate with you about those requests;

Understand Customer Behavior

To better understand customer behavior so that we may improve our marketing and advertising efforts and to improve the distribution of our products and services;

Personalize Offerings

To help us personalize our service offerings, websites, mobile services, and advertising;


To comply with legal and/or regulatory requirements;

Responding to Customer

To respond to reviews, comments, or other feedback you provide us;

Industry Benchmarking

For industry benchmarking and analysis consistent with our legitimate business purpose;

XI. Promotional Messaging or Advertising

Zenefits uses your contact information to recommend products and services that might be of interest to you, to send you marketing and advertising messages such as newsletters, announcements, or special offers or to notify you about our upcoming events.

XII. Ability to Opt-In to Promotional Messaging or Advertising

Zenefits allows you to opt-in to receive advertisements based on your interests. If you do not opt-in, you will still receive advertisements but they will not be tailored to your interests.

XIII. Disclosure of Categories of Personal Information

The California Consumer Privacy Act (CCPA) requires us to disclose categories of personal information we collect and how we use it, the categories of sources from whom we collect personal information, and the third parties with whom we share it, which we have explained above.
We collect the following categories of personal information and in the preceding twelve months, we have disclosed these categories of personal information for a business purpose to affiliates, service providers and third parties:

  • Identifiers such as your name, username, email address, phone number, unique device identifiers, your IP address
  • Personal information categories described in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) such as signature, insurance policy number and health insurance information
  • Personal characteristics protected by law, such as your gender and age
  • Commercial information, such as purchases made and payment information
  • Internet or electronic network activity information, such as information about your device and your use of our Services
  • Geo-location data, when shared through your device settings or photos
  • Electronic, visual, or similar information, such as photos
  • Professional or employment information, when you link your account to other accounts
  • Education information
  • Inferences we draw or derive about users, such as your interests or preferences
  • Other information you provide, such as your profile picture, bio, pins, and comments

We use and disclose this information for the business purposes described in this Privacy Policy, including: provision of Services, detect security incidents and prevent fraud, debug and repair errors, maintain your account, provide customer service, process or fulfill orders, conduct research and development and other activities to improve our service, show advertising, market our services, and understand how users interact with our services.

XIV. Disclosure of Personal Information for Business Purposes

If Zenefits sells any part of its operations, Zenefits may transfer personal information in connection with the sale. Prior to a sale occurring, Zenefits will contact you to gain your consent for the disclosure of your personal information.

XV. Disclosure of Personal Information for Legal and Safety Reasons

Zenefits may be required to disclose personal information to the authorities, law enforcement agencies, government agencies, or legal entities. We may disclose information by law, litigation, or as a matter of national security to comply with valid legal process including subpoenas, court orders or search warrants, and as otherwise authorized by law. We may also need to disclose personal information in the event of an emergency that threatens an individual’s life, health, or security.

XVI. Disclosure of Personal Information Via Links to Third-Party Websites, Services, and Applications

Using our website or services may link to third party web websites, services, and applications. Zenefits is not responsible for any personal information collected through these means. Information collected is governed through the third party’s website’s Privacy Policy. Any interactions you have with these web websites, services, or applications are beyond the control of Zenefits. When you post information to or through such services, those websites’ privacy policies and cookie usage policies apply directly. We urge you to read the privacy and security policies of any external websites before providing any personal information while accessing those websites.

XVII. Onward Transfer Liability

In cases of onward transfer to third parties of your personal data, Zenefits is potentially liable. In particular, Zenefits remains responsible and liable if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with its principles, unless Zenefits proves that it is not responsible for the event giving rise to the damage.

XVIII. Use of Cookies and Other Technologies (e.g. Web Beacons)

Zenefits uses cookies to operate and improve our website as well as to simplify the interaction with you. When you visit our websites, our servers send a cookie to your computer or mobile device to help personalize your experience and advertisements. Cookies help us better understand user behavior and facilitate effectiveness of advertisements. Cookies only stand to recognize your web browser but information collected from cookies is not personally identifiable. Zenefits may also use web beacons or other technologies in conjunction with cookies to gather information about your visit to our websites. Web beacons may be embedded through our website or electronic communications and can allow servers to collect information related to your visit. Web beacons are primarily use to provide content and advertisements that are more relevant to you.

XIX. Ability to Disable Technologies

Some web browsers (including some mobile web browsers) provide settings that allow you to control or reject cookies or to alert you when a cookie is placed on your computer, tablet or mobile device. Although you are not required to accept cookies, if you block or reject them, you may not have access to all features available through our services. For more information, visit the help page for your web browser or see

XX. Consequences of Disabling Technologies

Please note that if you disable your web browser’s cookies and other technologies, certain features of our website and services will be disabled and you will limit the functionality we can provide when you visit our site.

XXI. Security Measures Taken to Protect Personal Information by Zenefits

Security of all information is of the utmost importance for Zenefits. Zenefits uses technical and physical safeguards to protect the security of your personal information from unauthorized disclosure. Nevertheless, such security measures cannot prevent all loss, misuse or alteration of personal information and we are not responsible for any damages or liabilities relating to any such incidents to the fullest extent permitted by law. In the case of a data breach, we will notify you without delay of any loss, misuse or alteration of personal information that may affect you.

XXII. Security Measures to Protect Personal Information by Third Parties

We require that our third party service providers and channel partners agree to keep all confidential information we share with them and to use the information only to perform their obligations in the agreements we have in place with them. These third party service providers and channel partners are expected to maintain privacy and security protections that are consistent with Zenefits’ privacy and information security policies.

XXIII. Data Retention and Storage

Zenefits retains your information for business purposes as long as is reasonably necessary to provide you with our products and services, but in no event for longer than twenty-seven (27) months. Zenefits will also retain your information as reasonably necessary to comply with our legal obligations, resolve disputes and enforce our agreements. We may also retain cached or archived copies of your information for a reasonable period of time, but in no event for longer than twenty-seven (27) months. At any point in time, you can withdraw consent and we will immediately stop processing your data.

XXIV. Choice: Your Privacy Rights

Zenefits gives you choices about the ways we collect, use, and share your personal information. You can choose what contact information will be stored in your account and preferences. However, if you choose not to provide certain details, some of your experiences with us may be affected. If at any point in time you wish to know what data we process about you, you can request to access the information by contacting us by visiting this page if you have a account or this page if you do not have a account.

XXV. Collection of Information from Children

We recognize the importance of protecting the privacy and safety of children. Our website and services are primarily directed towards the general audience and are not directed towards children. We do not knowingly collect information about children under the age of 13 without the consent of a parent or guardian, however there may be instances where a parent or guardian opts, at their sole discretion, to upload and/or store such information (such as adding a dependent to an insurance policy). A parent or guardian of a child may contact us by visiting this page if they have a account or this page if they do not have a account to request that we delete such information.

XXVI. International Transfer of Personal Information

Zenefits may share customer information within our family of companies for a variety of purposes, for example to provide you with the latest information about our products and services and offer you our latest promotions. To facilitate our global operations, Zenefits may transfer personal data from your home country to other Zenefits locations across the world. To protect your personal information, we will only transfer data to countries who provide an “adequate” level of personal data protection. If the data is transferred to counties without ‘adequate’ protection as determined by the European Parliament, we will use additional safeguards to ensure your data is protected.

XXVII. Contact Point to Update/Delete Personal Information

You have the right to access and limit the use and disclosure of your personal data. If you would like to express your point of view, challenge an explanation of data use, or otherwise obtain further information, contact us by visiting this page if you have a account or this page if you do not have a account. If at any time after registering for information, your personal information changes, notify us and we will update your contact information. Please note, at any time, if you desire to obtain or transfer your information, we will provide you with your personal data in a structured and commonly used electronic format.

XXVIII. Location of Data Processing/Storage

Personal information collected about EU data subjects via our website or our Services is processed in the United States by Zenefits or by a third party acting on our behalf. When you provide personal information to Zenefits, you consent to the processing of your information in the United States. Our websites are hosted in the United States.

XXIX. California Privacy Rights

If you are a California resident, then under this Privacy Policy and pursuant to the California Consumer Privacy Act (CCPA), you have the following rights:

Right to Know and Access

You may submit a verifiable request for information regarding the: (1) categories of personal information we collect, use or share; (2) purposes for which categories of personal information are collected or used by us; (3) categories of sources from which we collect personal information; and (4) specific pieces of personal information we have collected about you. To make such a request, please call us at +1 855-547-2456 or visit this page if you have a account or this page if you do not have a account. In order to verify any request, you may need to log in to your account or respond to an email verification request.

Right to Delete

You also have the right to request the deletion of your personal data that have been collected in the past 12 months. To make such a request, please visit . In order to verify any request, you may need to log in to your account or respond to an email verification request.

Do Not Sell My Personal Information

We do not sell personal information. However, the Service Providers we partner with (for example, our advertising partners) may use technology on the Service that “sells” personal information as defined by the CCPA law. If you wish to opt out of the use of your personal information for interest-based advertising purposes and these potential sales as defined under CCPA law, you may do so calling us at +1 855-547-2456 or visiting this page if you have a account or this page if you do not have a account.

Right to Equal Service

We will not discriminate against you if you exercise your privacy rights, including by: (1) denying goods or services to you; (2) charging different prices or rates for goods or services, including the use of discounts or other benefits or imposing penalties; (3) providing a different level or quality of goods or services to you; or (4) suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

Exercising Your CCPA Data Protection Rights

To exercise any of your California Privacy Rights, you can call us at +1 855-547-2456 or visit this page if you have a account or this page if you do not have a account. In order to verify any request, you may need to log in to your account or respond to an email verification request.
We will disclose and deliver the required information free of charge within 45 days of receiving your verifiable request. The time period to provide the required information may be extended once by an additional 45 days when reasonably necessary and with prior notice.

A list of the categories of personal information we collect and how we use that information is set forth in Section XIII of this Privacy Policy.

XXX. Europe Privacy Rights

If you are a resident of the European Union, then under this Privacy Policy and pursuant to the General Data Protection Regulation (GDPR), you have the following rights:

Right of Access

At any point in time, you can confirm your data is being processed and request to access your data. If you wish to access/confirm you data is being processed, please contact us by visiting this page if you have a account or this page if you do not have a account.

Right to Consent

Before collecting and using your personal data, Zenefits will obtain consent. At any point in time, you can revoke consent and Zenefits will stop using and processing your personal data.

Right to Erasure

You have the right to request Zenefits erases all of your personal data on a number of grounds, including if the data is no longer necessary for its original purpose or if you withdraw consent. If Zenefits receives a request, we will inform all third parties who have the data of this request. For additional information on when you can request data erasure, please contact us by visiting this page if you have a account or this page if you do not have a account.

Right to Rectification

If any personal data is inaccurate or incomplete, you can request Zenefits corrects the data. When this occurs, Zenefits will notify third parties who have access to the data of the change. If you wish to alter your data, please contact us by visiting this page if you have a account or this page if you do not have a account.

Right to Restrict Processing

Even if personal data is still stored by a company, now or in the future, you can request Zenefits stops using or processing your data. If you wish to restrict data processing, please contact us by visiting this page if you have a account or this page if you do not have a account.

Right to Object

You have the right to object to your personal data being processed for profiling, direct marketing, scientific research, and statistics. If you wish to object, please contact us by visiting this page if you have a account or this page if you do not have a account.

Rights Related to Automatic Decision Making and Profiling

At any point in time, you can contact a Zenefits representative to express your point of view, challenge an explanation of data use, or otherwise obtain further information on automatic data processing.

Right to Data Portability

You have the right to transfer your personal data from one electronic processing system to another without being prevented from doing so by Zenefits’ data processor. Unless extended by Zenefits request, within ninety (90) days, Zenefits will respond to the request and provide you with the desired information for free in a structured and commonly used electronic format.

Exercising of Your GDPR Data Protection Rights

You may exercise your rights of access, rectification, cancellation and opposition by contacting us by visiting this page if you have a account or this page if you do not have a account. Please note that we may ask you to verify your identity before responding to such requests. If you make a request, we will try our best to respond to you as soon as possible.

You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, if you are in the European Economic Area (EEA), please contact Your local data protection authority in the EEA.