PensionPro Logo

Privacy Policy

The privacy of your data – and it is your data, not ours! – is a big deal to us. We are committed to protecting your privacy and maintaining the confidentiality and security of your personal information. We’ll only ever access your account to help you with a problem or squash a software bug. We’ll never open any uploaded filed unless you ask us to. We log all access to all accounts by IP address, so we can always verify that no unauthorized access has happened for as long as the logs are kept.

Identity & Access

When you sign up for an account with PensionPro, a product offered by AmericanTCS Technology, LLC (“ATCS Tech”), we ask for your name, company name and email address. That’s just so you can personalize your new account, and we can send you invoices, updates, or other essential information. We’ll never sell your personal info to third parties, and we won’t use your name or company in marketing statements without your permission, either.

When you contact ATCS Tech through our Help Center with a question or to ask for assistance, we’ll keep that correspondence, and the email address, for future reference. When you browse our marketing pages, we’ll track that for statistical purposes (like conversion rates to test new designs). We also store any information you volunteer, like surveys, for as long as it makes sense.

Sharing Information

Generally

We’ll generally only ever share your info:

    • To provide products or services you’ve requested.
    • To investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service, or as otherwise required by law.
    • If ATCS Tech is acquired by or merged with another company, we’ll notify you as soon as possible. In any event, we will keep your information as confidential as possible throughout the process.
    • To mine the data in our system at a macro level. Macro means that we are looking for benchmarks or statistical data that might be interesting to all our users. Any macro data derived from the system will not be identifiable to any of our clients individually nor will it include the release or exposure of any individual customer data.

Corporate Affiliates

We also share summary level business information with ATCS Tech’s parent companies and affiliates (collectively, “Corporate Affiliates”) for legitimate and necessary corporate oversight. To ensure that your sensitive operational and personal data is protected while still permitting the sharing of this information, we have established the below clear limitations on the type and scope of customer data that may be shared with ATCS Tech’s Corporate Affiliates.

    • ATCS Tech may share what we refer to as “Business Summary Data” with its Corporate Affiliates solely for the purpose of evaluating the financial health and operational performance of ATCS Tech’s business. Such information is limited to the following:
      • Total plan count and plan-type distribution, without identifying individual plan sponsors or participants;
      • Customer count and customer-level revenue figures;
      • Primary business contact name, title, company name, and business email address for each customer;
      • Product and service subscription status; and
      • High-level usage metrics, such as active user counts and feature adoption rates.
    • The following categories of data shall not be considered Business Summary Data or shared with any Corporate Affiliate without your express written consent (unless otherwise permitted in this Privacy Policy):
      • Plan participant data, including personally identifiable information of plan sponsors, participants, or beneficiaries;
      • Documents, files, or records uploaded to the Platform by the customer;
      • Workflow data, task details, notes, or other operational content created within the Platform; and
      • Nonpublic Personal Information as defined under the Gramm-Leach-Bliley Act and its implementing regulations.
    • Any Corporate Affiliate receiving Business Summary Data shall be bound by confidentiality obligations no less protective than those set forth in the ATCS Tech Terms of Service and shall use such information solely for authorized purposes. Corporate Affiliates shall not use your contact information for direct marketing without ATCS Tech’s prior written approval.

Our Corporate Affiliate Privacy Statement is available upon request or can be downloaded here.

Third Party Integration Partners

For the purposes of this section, “Third-Party Integration Partner” means any independent vendor, service provider, or software platform that is not a Corporate Affiliate and with which ATCS Tech maintains a technical integration that enables the exchange of customer data at the customer’s direction. Examples include, but are not limited to, document management systems, recordkeeping platforms, payroll providers, and compliance tools that customers elect to connect through the Platform.

Nothing in this Privacy Policy restricts ATCS Tech from sharing your data with Third-Party Integration Partners where you have elected to activate or use such integration. When a customer enables a third-party integration through the Platform, ATCS Tech is authorized to transmit to the applicable Third-Party Integration Partner such customer data as is reasonably necessary to support the functionality of that integration.

For the avoidance of doubt, Third-Party Integration Partners are not Corporate Affiliates, and the restrictions in the Sharing with Affiliates section do not apply to data shared at the customer’s direction through an active integration. ATCS Tech will not share your data with a Third-Party Integration Partner unless you have affirmatively enabled the applicable integration. ATCS Tech maintains a current list of available Third-Party Integration Partners, which we will make accessible to you upon request. 

Law Enforcement and Legal Authority

We have the right to fully cooperate with any court order, law enforcement authorities, or regulators requesting or directing us to share or disclose your data. YOU AGREE TO WAIVE AND HOLD HARMLESS ATCS TECH FROM ANY CLAIMS OR LOSSES RESULTING FROM DISCLOSURE OF YOUR DATA AS REQUIRED BY COURT ORDER,, LAW ENFORCEMENT AUTHORITIES, OR REGULATORS.

GLBA

All sharing of Nonpublic Personal Information as defined under the Gramm-Leach-Bliley Act and its implementing regulations (“GLBA”) shall remain subject to the GLBA provisions of the ATCS Tech Terms of Service. In the event of a conflict between this Privacy Policy and the Terms of Service with respect to the GLBA, the Terms of Service GLBA provisions shall control.

Encryption

All data is encrypted via SSL/TLS when transmitted from our servers to your browser or client application. The off-site database backups are also encrypted as well as sensitive fields at rest (such as passwords). We go to great lengths to secure your data– you can read more about that on our security page.

Deleted Data

When you cancel your account, we’ll ensure that nothing is stored on our servers past 90 days. Anything you delete on your account while it’s active will also be purged within 90 days.

Changes & Questions

ATCS Tech may occasionally update this policy. If we do, we will notify you about significant changes by emailing the account owner or by placing a prominent notice on our site.