Employee Portal

Privacy Policy

Effective date: May 18, 2026

ECI Software Solutions (“ECI Software Solutions,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy describes the personal information we collect through the Employee Portal at employee.ecisolutions.org (the “Service”), why we collect it, who we share it with, and the rights you have over it. Please read this Policy together with our Terms of Service.

1. Scope of This Policy

This Policy applies only to personal information processed through the Service in connection with your engagement with ECI Software Solutions or one of our affiliated client accounts. It does not apply to information collected by the public marketing site at ecisolutions.com or by any third-party product to which we link. For information processed through ECI Software Solutions’s commercial software products, see the corporate Privacy Statement.

2. Data Controller

For the purposes of the EU and UK General Data Protection Regulation, the California Consumer Privacy Act (as amended by the CPRA), and equivalent laws in other jurisdictions, ECI Software Solutions is the controller of personal information collected through the Service. The data protection contact is: andrew@ecisolutions.org.

3. Information We Collect

We collect the following categories of personal information:

3.1 Identity & Contact Information

  • full name, email address, country of residence;
  • residential address; phone number; optional Telegram and WhatsApp handles;
  • job title and engagement type (hourly / monthly).

3.2 Engagement & Compensation Information

  • start date, contract term, hourly rate or monthly salary;
  • timesheet entries, period totals, and approval status;
  • payment-period records, claim dates, claim and paid timestamps.

3.3 Government Identifiers & Tax Information

  • tax identification number (e.g., U.S. SSN, EIN, ITIN, or foreign-equivalent national ID);
  • any tax forms you complete or attach.

3.4 Payout Information

  • bank name, account holder, account number, routing/SWIFT/BIC, bank address;
  • stablecoin wallet addresses (USDT on Tron / TRC-20, USDC on Base);
  • any custom payout instructions you provide.

3.5 Contract & Signature Data

  • the generated employment contract PDF and your signed copy;
  • your drawn signature image, signing timestamp, IP address, and user-agent string at the moment of signing.

3.6 Authentication & Device Information

  • salted hash of your password (we never see your plaintext password);
  • one-time codes issued for two-factor authentication (delivered by email; stored only as a bcrypt hash with a 5-minute expiry);
  • signed trusted-device tokens you elect to set when checking “Remember this device”;
  • IP address, browser, and operating-system metadata associated with sessions.

3.7 Operational Logs

  • access timestamps, page paths, and API endpoints invoked;
  • send-event records for any outbound email campaigns you operate (sender, recipient, attempt, status, message-id).

We do not collect special categories of data (such as health, biometric, racial, religious, or sexual-orientation data) through the Service. If you voluntarily upload such data we recommend you redact it first.

4. How We Use Your Information

We process your personal information to:

  • Operate the Service — create your account, render contracts, generate pay periods, accept timesheets, and process claims;
  • Pay you — initiate ACH/wire transfers or stablecoin transactions to the Payout Information you provide;
  • Comply with law — withhold and report taxes, respond to lawful subpoenas, satisfy anti-money-laundering and know-your-counterparty obligations;
  • Communicate — send invitation emails, two-factor codes, contract receipts, payment reminders, and similar transactional notices;
  • Secure the Service — detect and prevent fraud, account abuse, brute-force attempts, and unauthorized access;
  • Improve the Service — analyze usage in aggregate, debug errors, and develop new features.

We do not sell or rent your personal information, and we do not use it for targeted advertising or cross-context behavioral advertising.

If you are located in the EU, UK, or another jurisdiction with similar law, our legal bases for processing are:

  • Contract (Art. 6(1)(b) GDPR) — to perform our engagement agreement with you and provide the Service you have requested;
  • Legal obligation (Art. 6(1)(c)) — for tax reporting, employment-law compliance, and lawful disclosure requests;
  • Legitimate interests (Art. 6(1)(f)) — to secure the Service, prevent fraud, and improve our operations, where those interests are not overridden by your rights;
  • Consent (Art. 6(1)(a)) — for optional contact methods (Telegram, WhatsApp) and for trusted-device cookies you affirmatively opt into.

6. How We Share Information

We disclose personal information only as follows:

  • Your administrator(s). A ECI Software Solutions client administrator can view all information you submit about yourself in order to manage your engagement.
  • Service providers (sub-processors). We rely on a small set of vendors who process information under written contracts that restrict use to providing services to us. These currently include:
    • MongoDB Atlas (database hosting, MongoDB, Inc.);
    • Namecheap Private Email (SMTP relay, Namecheap, Inc.);
    • Let’s Encrypt / Internet Security Research Group (TLS certificates — no personal data is shared with the issuer);
    • Slack Technologies (only if you elect to join an associated workspace);
    • the hosting provider that runs our virtual server.
  • Payment processors and banks. When we initiate payment to you, your Payout Information is provided to the relevant rail (your bank, an originating depository financial institution, or the public blockchain you nominated). On-chain transfers are recorded on a public ledger and cannot be retracted by ECI Software Solutions.
  • Tax authorities and regulators. Where required by law.
  • Legal & safety disclosures. To comply with a subpoena, court order, or other legal process, to enforce our Terms, or to protect the rights, property, or safety of ECI Software Solutions, you, or others.
  • Corporate transactions. In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our business, subject to confidentiality obligations.

7. International Transfers

ECI Software Solutions is based in the United States. Personal information collected through the Service may be transferred to, stored, and processed in the United States and in any country where our service providers maintain facilities. Where personal information is transferred from the EU, UK, or Switzerland to a jurisdiction that has not received an adequacy decision, we rely on Standard Contractual Clauses (the European Commission’s 2021 SCCs and the UK International Data Transfer Addendum) or other lawful transfer mechanisms.

8. Data Retention

We keep your personal information only as long as necessary for the purposes described above, subject to applicable legal retention periods. Indicative retention windows:

  • Identity, contract, and tax data — for the duration of your engagement and at least seven (7) years after termination, to meet payroll, tax, and audit requirements;
  • Timesheets and pay-period records — same as above;
  • Authentication logs and 2FA codes — codes auto-expire after 5 minutes and are deleted; session logs retained up to 12 months;
  • Outbound campaign send-event logs — retained up to 24 months;
  • Marketing or contact preferences — until you withdraw consent or close your account.

After retention periods elapse, we delete or irreversibly anonymize the information.

9. Your Rights

Depending on where you live, you may have the right to:

  • Access — request a copy of the personal information we hold about you;
  • Rectification — correct inaccurate or incomplete information;
  • Deletion — ask us to delete your information, subject to legal-retention obligations;
  • Restriction — request that we limit how we process your information;
  • Portability — receive your information in a structured, machine-readable format and ask us to transmit it to another controller where technically feasible;
  • Objection — object to processing based on legitimate interests;
  • Withdraw consent — where processing is based on consent, you can withdraw it at any time without affecting prior lawful processing;
  • Non-discrimination — if you are a California resident, you will not receive less favorable treatment for exercising any of these rights.

To exercise any right, email andrew@ecisolutions.org. We may need to verify your identity. We respond within thirty (30) days, or longer as permitted by law. You also have the right to lodge a complaint with a supervisory authority in your jurisdiction.

10. Security

We use technical and organizational safeguards designed to protect your information, including TLS encryption in transit, bcrypt-hashed passwords and OTP codes, salted JWT session tokens, two-factor authentication for administrator accounts, role- and permission-based access controls, server-side validation of all input, and IP/user-agent recording at the moment of contract signature. Signed contract PDFs are stored on the server filesystem; database records are held in MongoDB Atlas with at-rest encryption.

No security measure is perfect. You are responsible for safeguarding your password, the inbox that receives your 2FA codes, and any device you mark as “trusted.” Notify us immediately at the address above if you suspect unauthorized access.

11. Cookies & Local Storage

The Service uses a small number of strictly-necessary first-party cookies and similar technologies:

  • eci_session — an HTTP-only signed session token that keeps you logged in. Expires after 14 days of inactivity.
  • eci_td — an optional “remember this device” token that lets administrators skip 2FA on a known browser for up to 90 days. Set only with your explicit opt-in at the 2FA screen.

We do not use third-party analytics, advertising, or tracking cookies. Disabling these cookies in your browser will prevent you from signing in.

12. Children

The Service is intended for individuals at least 18 years old and is not directed to children. We do not knowingly collect personal information from anyone under 18.

13. Do-Not-Track

Because the Service does not engage in cross-context behavioral advertising or third-party tracking, we treat browser Do-Not-Track signals as informational and do not change behavior based on them.

14. Changes to This Policy

We may update this Policy from time to time. When we do, we will revise the “Effective date” at the top of this page and, for material changes, send notice by email or by an in-Service banner. Continued use of the Service after the effective date of an updated Policy constitutes your acceptance of the changes.

15. Contact & Complaints

Privacy questions, access requests, and complaints can be sent to andrew@ecisolutions.org. EU/EEA and UK residents may also lodge a complaint with their national or regional data protection authority.

© 2026 ECI Software Solutions. The ECI Software Solutions corporate Privacy Statement and Terms of Use applicable to its commercial software products are available at ecisolutions.com/legal. This document governs only your use of the Employee Portal at employee.ecisolutions.org.