Privacy Policy
Last updated: March 5, 2026
1. Introduction
Palladium First Corp. ("Company," "we," "us," or "our") operates the portal at portal.palladiumfirst.com (the "Service"). This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our Service.
The Service is a secure data management portal — not a payroll system. It allows independent contractors to submit and maintain their personal and tax information, which the Company then syncs to its payroll provider (QuickBooks Online) for payment processing.
2. Information We Collect
We collect the following categories of information:
2.1 Personal Identification Information
- Full name, email address, phone number
- Mailing address
- Date of birth
2.2 Sensitive Personal Information
- Social Security Number (SSN)
- Bank account and routing numbers
- Driver's license information and images
- W-9 tax forms
2.3 Usage Data
- IP address and browser information
- Login timestamps and access logs
- Actions performed within the portal (audit logs)
3. How We Use Your Information
The portal serves as a centralized, secure database for contractor information. Your information is used for:
- Storing and managing your contractor profile so the Company can maintain accurate records
- Syncing your information to QuickBooks Online, the Company's payroll provider, so you can be paid as a 1099 contractor
- Tax reporting and compliance — your SSN is synced as a Tax Identifier for 1099 filing purposes
- Identity verification and document management
- Communicating with you about your account
- Maintaining audit trails for regulatory compliance
Important: The portal does not process payments, calculate payroll, or withhold taxes. All payment processing is handled by QuickBooks Online.
4. Data Security
We implement industry-standard security measures to protect your information:
- Encryption at rest: Sensitive data (SSN, bank account details, routing numbers) is encrypted using AES-256 encryption before storage.
- Encryption in transit: All data transmitted between your browser and our servers is protected using TLS/SSL encryption.
- Access controls: Role-based access ensures only authorized personnel can view sensitive information. Managers see masked data (e.g., ***-**-1234); only accountants and administrators can access full records.
- Audit logging: All access to sensitive data is logged for compliance and security monitoring.
- Row-Level Security: Database policies enforce data isolation, ensuring contractors can only access their own records.
5. Third-Party Services (Sub-processors)
We share limited information with the following third-party services that help us operate the portal:
| Provider | Purpose | Data Shared |
|---|---|---|
| Intuit QuickBooks Online | Payroll provider — the Company syncs contractor data here for payment processing | Name, email, phone, address, SSN (as Tax Identifier). Bank account details are NOT shared with QuickBooks. |
| Supabase | Cloud database and authentication | All portal data (encrypted at rest) |
| Vercel | Application hosting | Request logs, IP addresses |
| Cloudflare | DNS, CDN, and network security | Request metadata, IP addresses |
| Resend | Transactional email delivery | Email addresses, notification content |
| Upstash | Rate limiting | IP addresses (no personal data) |
We do not sell, rent, or trade your personal information to any third party. Information is shared with sub-processors solely to operate the Service and fulfill the purposes described in this policy.
6. Data Retention
We retain your personal information for as long as your contractor relationship with the Company is active. After your relationship ends:
- Tax-related records (SSN, W-9, 1099 data) are retained for a minimum of 4 years as required by IRS regulations.
- Audit logs are retained for a minimum of 3 years for compliance purposes.
- Other personal information is deleted or anonymized within a reasonable period after the end of your contractor relationship, unless a longer retention period is required by law.
7. Your Rights
Regardless of where you reside, you have the right to:
- Access the personal information we hold about you
- Request correction of inaccurate information
- Request deletion of your data, subject to legal retention requirements
- Receive a copy of your data in a portable format
To exercise any of these rights, contact us at [email protected]. We will respond to verified requests within 45 days.
8. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to know: You may request details about the categories and specific pieces of personal information we have collected about you, the sources of that information, and the business purposes for collecting it.
- Right to delete: You may request deletion of your personal information, subject to legal exceptions (e.g., tax record retention).
- Right to correct: You may request correction of inaccurate personal information.
- Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.
8.1 Do Not Sell or Share My Personal Information
Palladium First Corp. does not sell your personal information. We do not sell, rent, or share your personal information with third parties for their marketing purposes. Information is shared with service providers only as necessary to operate the portal and fulfill the Company's legitimate business needs as described in this policy.
8.2 Sensitive Personal Information
Under the CPRA, SSNs, financial account information, and government IDs are classified as sensitive personal information. We collect this information solely for the business purposes described in Section 3 and do not use it for any purpose beyond what is necessary to manage your contractor relationship and comply with tax obligations.
9. Data Breach Notification
In the event of a data breach affecting your personal information, we will:
- Notify affected individuals without unreasonable delay, and no later than required by applicable state and federal law
- Notify relevant regulatory authorities as required by law
- Provide details about the nature of the breach, the types of information involved, and steps you can take to protect yourself
10. Children's Privacy
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from minors. All users must be legal adults authorized to work as independent contractors.
11. Cookies
We use essential cookies only, required for authentication and session management. We do not use advertising, analytics, or tracking cookies. Because we only use strictly necessary cookies, no cookie consent banner is required.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or through the portal. The "Last updated" date at the top of this page indicates when this policy was last revised.
13. Contact Us
If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at:
- Email: [email protected]
- Company: Palladium First Corp.