Does PayslipIQ store my Social Security Number?

No. The pay stub explainer detects and redacts SSNs before processing. We do not store SSNs.

How can I report a security vulnerability?

Email security@payslipiq.com. We acknowledge within 5 business days. Good-faith research is welcomed.

Is my pay stub encrypted at rest?

Yes. Pay stub files are encrypted at rest during processing. Free tier files are auto-purged within 24 hours. Premium saved reports are encrypted for the lifetime of the report.

Does PayslipIQ run third-party trackers?

No. Only Plausible Analytics, which is cookieless and does not collect PII. No Google Analytics, no Facebook Pixel, no advertising trackers.

PayslipIQ, Understand Your Paycheck With Confidence

Security

What we do to protect your pay stub, your data, and your trust. The technical baseline plus the operational practices that surround it.

PayslipIQ provides educational information and estimated calculations only. It does not provide tax, legal, financial, accounting, employment, benefits, or payroll advice. PayslipIQ is not a CPA firm, law firm, financial advisor, payroll provider, or tax authority. Always verify your paycheck, deductions, withholdings, and tax position with your employer's payroll department, a qualified CPA, the IRS, your state tax authority, or another appropriately qualified professional. Calculations are estimates; your actual paycheck may differ based on factors specific to your employer, location, benefits elections, and personal tax situation.

Transport, storage, and headers

Layer	Control
Transport	TLS 1.2+ enforced. HSTS preloaded (max-age=63072000; includeSubDomains; preload).
Headers	Content-Security-Policy locked to first-party plus Plausible and Vercel scripts. X-Frame-Options DENY. X-Content-Type-Options nosniff. Referrer-Policy strict-origin-when-cross-origin. Permissions-Policy revoking camera, microphone, geolocation, payment, USB, sensors, clipboard.
Hosting	Vercel, global edge with DDoS mitigation.
Storage	Encrypted at rest. Pay stub processing storage is short-lived.
Authentication	OAuth and email magic-link for premium accounts. No plaintext passwords stored.
Secrets	Environment-scoped secret managers. Rotated on a published schedule.

Data minimization

The pay stub explainer does not require an account. Saved reports require an email and magic-link. We collect only what is needed for the feature you are using.

Vulnerability disclosure

Email security@payslipiq.com with: a description of the issue, repro steps, the affected URL or endpoint, your name (optional, for credit). We acknowledge within 5 business days. We do not pursue legal action against good-faith research that follows our disclosure policy.

What we do not do

Store credit card data on our servers (premium subscriptions use a PCI-compliant processor).
Store Social Security Numbers (the explainer redacts SSNs detected on uploads, before storage).
Run third-party advertising scripts. Zero third-party trackers beyond Plausible (privacy-friendly, cookieless).

Sub-processors

Provider	Role	Region
Vercel	Hosting and edge	Global, US-primary
Plausible Analytics	Privacy-friendly analytics, no cookies, no PII	EU
Email magic-link provider	Transactional auth email	US
Payment processor	Premium tier billing	US
LLM provider	AI summarization (no training on user data)	US

List updates on this page when sub-processors change.

Incident response

We maintain an internal incident response runbook. In the event of a confirmed security incident affecting user data, we notify affected users per applicable state law (typically within 72 hours of confirmation, faster where required).

Frequently asked questions

Does PayslipIQ store my Social Security Number?: No. The pay stub explainer detects and redacts SSNs before processing. We do not store SSNs.
How can I report a security vulnerability?: Email security@payslipiq.com. We acknowledge within 5 business days. Good-faith research is welcomed.
Is my pay stub encrypted at rest?: Yes. Pay stub files are encrypted at rest during processing. Free tier files are auto-purged within 24 hours. Premium saved reports are encrypted for the lifetime of the report.
Does PayslipIQ run third-party trackers?: No. Only Plausible Analytics, which is cookieless and does not collect PII. No Google Analytics, no Facebook Pixel, no advertising trackers.