Pinkerton AI processes the workforce, payroll, benefits, insurance, and audit data your business needs to operate — and nothing else. This page explains what we collect, why we collect it, how we protect it, and how you can exercise your rights.
Effective date: April 28, 2026
Last updated: April 28, 2026
Pinkerton Payroll & Insurance is the data controller for the platform.
Pinkerton Payroll & Insurance ("Pinkerton AI", "we", "us") provides the Pinkerton AI Suite — a single platform for HR, payroll, benefits, insurance, claims operations, non-profit fund management, and the autonomous workforce engine described elsewhere on this site.
When you use the platform as a tenant administrator, an employee, or an authorized representative, we act as a data controller for account data and operational telemetry, and as a data processor for the workforce, payroll, benefits, and insurance records that you instruct us to process on your behalf. The applicable Data Processing Addendum (DPA) is incorporated into your Master Services Agreement.
Our principal place of business is in Florida, United States. Production infrastructure runs in Google Cloud's us-central1 region by default. Data residency in additional regions is available on request for Sovereign and PinkCloud Dedicated tier customers.
Four categories of personal data — collected only when needed to operate a service you have asked us to deliver.
Account & Authentication Data
Name, work email, hashed password, MFA factors, role assignments, session tokens, and audit logs of authentication events.
Workforce & Payroll Data
Employee records, hire/termination dates, compensation, tax withholdings, bank routing for direct deposit, garnishments, time entries, and benefit elections — collected only to operate the payroll, HR, benefits, and insurance services you have engaged.
Compliance & Document Records
Form W-4, I-9, offer letters, benefit forms, tax filings, and supporting evidence retained per the audit retention window of your SLA tier (90 days, 1 year, or 7+ years).
Operational Telemetry
Pages visited, API calls, AI proposals, approval decisions, and exception events. Used to detect fraud, debug service incidents, meet SOC 2 control requirements, and improve the platform.
Operate the service, meet legal obligations, prevent fraud, and improve the platform — in that order.
Service operation
Run payroll, generate paystubs, file taxes, enroll employees in benefits, compile insurance claims, post journal entries, render audit packets — every action you have engaged Pinkerton AI to perform on your data.
Legal compliance
Tax withholding and remittance, ERISA notices, ACA reporting, EEO-1, OSHA recordkeeping, state new-hire reporting, COBRA administration, multi-state wage and leave law obligations, and audit response. Retention follows the longer of statutory minimums and your SLA tier (90 days / 1 year / 7+ years).
Fraud and abuse prevention
Anomaly detection, variance investigations, duplicate-payment scans, ghost-employee detection, and audit-trail integrity monitoring. Findings flow into the Exception Marketplace where authorized humans review and resolve.
AI and machine learning
Pinkerton AI calls Google Vertex AI / Gemini at inference time to draft proposals, classify documents, and generate narratives. Your customer data is never used to train Google's foundation models.AI proposals always pass through human approval gates configured by the tenant's autonomy mode (observe, recommend, prepare, approve-to-execute, policy-autonomous, exception-only, or locked-governance).
Platform improvement
Aggregated, de-identified telemetry helps us improve performance, reliability, and feature quality. We do not sell personal data, ever.
Vendors that process customer data on our behalf.
Each subprocessor is bound by a written agreement that limits processing to documented Pinkerton AI instructions and meets the security standards of our SOC 2 program. We notify customers of new subprocessors at least 30 days in advance.
| Subprocessor | Purpose |
|---|---|
| Google Cloud Platform | Compute, storage, networking, KMS, and managed databases (us-central1). |
| Google Cloud KMS | Platform-managed envelope encryption. Customer-managed keys (BYOK) available on PinkCloud Dedicated tier. |
| Google Vertex AI / Gemini | LLM and embedding inference. Customer data is NOT used to train Google's foundation models. |
| Stripe | Payment processing for platform fees and (where applicable) tenant-level payment workflows. |
| Plaid | Bank account verification and transaction sync where the customer has connected a bank account. |
| SendGrid (Twilio) | Transactional email (notifications, password resets, audit packets, tax receipts). |
Default residency is us-central1. Other regions on request.
Production data is stored in Google Cloud Platform's us-central1 region. Where law (e.g. EU GDPR, UK GDPR, Swiss FADP) requires safeguards for cross-border transfers, we rely on Standard Contractual Clauses (SCCs) and supplementary measures — including AES-256-GCM encryption at rest, TLS 1.3 in transit, and customer-managed keys on PinkCloud Dedicated tier.
Tenants on Sovereign or PinkCloud Dedicated tier can route to a Vertex AI endpoint in their region (e.g. europe-west1) so customer data never crosses regional boundaries during inference. Multi-region availability is documented in your Order Form.
Retention scales with your SLA tier and the legal floor of the data type.
| Tier | Audit retention | Notes |
|---|---|---|
| Core | 90 days | Sufficient for SOC 2 Type 1. |
| Pro | 1 year | Sufficient for SOC 2 Type 2. |
| Sovereign | 7 years | Covers IRS / state DOL audit windows. |
| PinkCloud Dedicated | 7 years + cold storage | Customer-managed keys; tenant-level erasure on request. |
Tax records, payroll history, and benefit elections may be retained beyond your tier window when required by federal or state law. We document the legal basis for any extension on your tenant's data map.
What you can ask us to do — and how to ask.
Right of Access
Request a copy of personal data we hold about you. Tenant administrators can export employee records directly from the dashboard. Other data subjects may write to privacy@pinkertonpi.com.
Right of Rectification
Correct inaccurate or incomplete personal data. For employee records, contact your tenant administrator. For account data, use the Settings page.
Right to Erasure
Request deletion of personal data, subject to mandatory retention under tax, employment, or insurance law. Requests are honored within 30 days unless legally precluded.
Right to Restrict Processing
Restrict how we process your data while a dispute or correction is being resolved. Restricted records are flagged in the audit log and remain readable but are not used for new processing.
Right to Data Portability
Export your data in JSON or CSV format. Tenant admins can trigger evidence packets directly; individual employees can request portable exports via privacy@pinkertonpi.com.
Right to Object
Object to processing based on legitimate interests, including profiling. AI-driven proposals always pass through human approval gates per the autonomy mode of your tenant.
Authentication only. No advertising or cross-site tracking.
Pinkerton AI uses first-party cookies and HTTP-only authentication tokens to keep you signed in, prevent CSRF, and remember your tenant context across page loads. We do not use advertising cookies, third-party tracking pixels, or browser fingerprinting.
Marketing pages on this site use privacy-respecting analytics that aggregate page views without persistent identifiers. You can review or disable analytics cookies in our Cookie Settings (footer link, where available in your jurisdiction).
The platform is not intended for individuals under 16.
Pinkerton AI is a B2B workforce platform. We do not knowingly collect personal data from children under 16. Where an employee record is for a minor (e.g. a youth employment program), the tenant is responsible for parental consent and complying with applicable child-labor and education laws; Pinkerton AI processes that record only as a processor under the customer's instructions.
Material changes get advance notice.
We will post any updates to this Privacy Policy on this page and update the "Last updated" date. For material changes that affect how we process customer data, we will notify tenant administrators at least 30 days before the change takes effect, via in-app notice and the email address on file.
Questions, requests, or complaints — we respond within 30 days.
Privacy team
Postal address
Pinkerton Payroll & Insurance
Attn: Privacy Officer
Florida, United States
EU / UK representatives
Available on request for tenants subject to GDPR or UK GDPR.