OnboardingGenie

Privacy Policy

OnboardingGenie is designed as a transient system for sensitive onboarding documents — a tool to collect, verify, package, and hand off, not a long-term archive. This policy describes what data we collect, how long we keep it, and how we protect it along the way.

1. Who We Are

OnboardingGenie is an onboarding platform operated by i550 Productions LLC (the "Service"). Organizations ("customers," "admins") use the Service to collect onboarding paperwork from their employees, contractors, clients, patients, borrowers, or other recipients ("recipients"). Recipients access the Service via a one-time magic link and do not create accounts.

2. Information We Collect

From admins (account holders): name, email address, organization name, training step configuration (slide content, quiz questions, video URLs, completion thresholds), and — for paid subscribers — billing information collected and processed by Stripe (we do not see or store credit card numbers).

From recipients, depending on which onboarding template the admin uses:

  • Name, email address, phone number, and mailing address
  • Government-issued identification documents (driver's license, passport)
  • Tax Identification Numbers: Social Security Number (SSN) or Employer Identification Number (EIN) submitted via W-9, W-4, or W-8BEN forms
  • Employment eligibility documents (I-9 supporting documents)
  • Banking information for direct deposit (routing and account numbers)
  • Electronic signatures (drawn or typed)
  • Emergency contact information
  • Signed documents acknowledging policies, agreements, and disclosures
  • Training completion data: video watch percentage, slide completion count, quiz responses and scores
  • Any additional information the admin has included in their custom template

From all users: technical data from normal web interaction (IP address, browser type, timestamps of actions taken) used for security monitoring and service operation.

3. How We Use Information

We use information solely to operate the Service: facilitating onboarding and training delivery between admins and recipients, generating compliance documents (signed W-9 PDFs, I-9 records, training completion certificates), producing QuickBooks vendor exports when requested, sending transactional emails (invites, completion notifications, retention reminders, support replies), and processing subscription payments for paid features. We do not sell personal information. We do not use recipient data for advertising or marketing.

4. Sensitive Data Handling

Tax Identification Numbers (SSN/EIN) and banking information are stored in our database to support compliance document generation and QuickBooks export. These fields are masked in the admin interface (showing only the last four digits) but stored in full during the active retention window so that downloadable W-9 PDFs and QB exports contain complete data. Government IDs, signed documents, and other uploaded files are stored in Firebase Storage with access controlled through our Cloud Functions — there is no direct client access to Storage.

5. Data Retention

OnboardingGenie is not a long-term document archive. Uploaded files and sensitive form data are retained only for a limited period:

  • Trial / expired accounts: Files and sensitive data are retained for 90 days after onboarding completion, then moved to an archived state for 90 more days (during which an admin can request recovery with one click), then permanently deleted.
  • Pro subscribers: Files and sensitive data are retained for 365 days after onboarding completion, then archived for 90 more days, then permanently deleted.
  • Test onboardings (flagged as test by an admin or super admin) are retained for 30 days and then permanently deleted with no grace period.
  • Cancelled onboardings follow the same retention clock, measured from the cancellation date.

At permanent deletion ("purge"): uploaded files are removed from our Storage bucket. Sensitive form fields (SSN, EIN, bank account numbers) are nulled from our database. A non-sensitive audit record — name, email, completion timestamps, steps completed — is retained indefinitely so that admins can answer questions like "did Jane complete her onboarding?" without our continuing to hold her Social Security Number.

Admins receive email notifications 30, 10, and 1 day before files are archived, so that downloads can be completed while files are still available. Admins who have already downloaded an onboarding package do not receive further reminders for that onboarding. Organizations that need longer-term archival should download compliance packages at completion and store them in their own document management system.

Admin account information (name, email, organization record) is retained while the account is active and for a reasonable period thereafter to support reactivation and financial records. Admins may request account deletion by contacting support.

6. Who Sees What

Recipient data is visible only to authenticated members of the recipient's organization (owner, admin, or member roles, with the member role further restricted to onboardings they personally invited). Recipients see only their own submissions, not other recipients' data. Our super admin has technical access for support and system operation purposes, logged via audit trail. We do not view recipient data except as necessary to resolve a specific support request or investigate a security or legal matter.

7. Third-Party Services

We use the following providers:

  • Google Firebase (Firestore, Cloud Functions, Storage, Authentication, Hosting) — our infrastructure provider. Data is stored in Google Cloud data centers in the United States.
  • Resend — transactional email delivery.
  • Stripe — subscription billing for paid features. Stripe handles all payment card data. We receive only subscription status and a customer identifier.
  • Google Cloud Vertex AI (Gemini) — used only when an admin uploads a document for automated template extraction. The document is sent to Gemini for parsing; per Google's terms, this content is not used to train Google's models.
  • Optional integrations initiated by admins: AddYourHours for contractor time tracking, QuickBooks for vendor imports.

8. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, port, or delete personal information about you. To exercise these rights:

  • Recipients: contact the organization that invited you in the first instance. We act as a processor on their behalf and will coordinate with them on your request.
  • Admins: email privacy@onboardinggenie.com. We will respond within 30 days.

9. Children's Privacy

The Service is not directed to children under 13 and we do not knowingly collect information from them. If we learn we have collected information from a child under 13, we will delete it.

10. Security

See our Security Policy for details on how we protect information, including encryption, access control, and incident response.

11. Changes to This Policy

We may update this policy as the Service evolves. Material changes will be announced via email to admins at least 14 days before taking effect. The "Last updated" date at the top of this page reflects the most recent revision.

12. Contact

Questions about this policy? Email privacy@onboardinggenie.com.