Remlo
Back to home

Privacy Policy

Last Updated: May 9, 2026

1. Information We Collect

We collect information that you provide directly to us when you create an account, use our services, or communicate with us. This includes:

  • Account details (email address, name, organization)
  • Financial information necessary for payroll processing
  • Compliance data required by governing regulations (KYC/KYB)
  • Technical data (IP address, browser type, device information)

2. How We Use Your Information

Your data is used strictly to provide and improve the Remlo payroll infrastructure:

  • Facilitating on-chain payroll and salary streaming
  • Enforcing TIP-403 compliance policies
  • Preventing fraud and ensuring network security
  • Providing customer support and service updates

3. Data Security

Remlo employs industry-standard security measures to protect your information. Since we utilize non-custodial wallets via Privy, we never have access to employee private keys or seed phrases. All sensitive data is encrypted at rest and in transit.

4. How Remlo Personnel Access Your Data

Operating a payroll service requires our staff to occasionally access account data — for example, when you contact support, when our systems flag a transaction for review, or when we investigate a security or reliability incident. We have built the platform so this access is the exception, not the default, and so every instance is recorded.

Specifically:

  • Purpose limitation. We access your data only for operating, supporting, securing, and improving Remlo. We do not access account data out of curiosity, for marketing decisions, or to share with third parties unless legally compelled by a valid order from a competent authority.
  • Reason capture. When a Remlo staff member opens a sensitive view (for example, the detail of an employer’s payroll run, or an individual employee record), they must record a reason — a support ticket reference, an incident ID, or a free-text note. The reason is stored alongside the access event.
  • Audit trail. Every staff access to account data — every read of a sensitive view and every write — is captured in an append-only audit log with the staff member’s identity, timestamp, IP address, and the reason given. The log is internal today; we plan to expose a per-account access view inside the dashboard so you can see exactly who looked at what.
  • Access control. Staff access is gated by a vetted allow-list of Remlo personnel. Access cannot be self-granted. Adding a person to or removing them from the allow-list is itself a logged event.
  • No password access. Remlo never sees your sign-in credentials or your wallet keys. Authentication runs through Privy; signing happens locally on your device.

If you want to know about access events on your account, write to privacy@remlo.xyz and we will pull the relevant log entries for you.

5. Your Rights

Depending on your jurisdiction, you have the right to access the personal data we hold about you, ask us to correct it, ask us to delete it, ask for a portable copy, and object to specific processing. You can manage most account settings directly in the Remlo dashboard. For anything else — including a copy of the audit-log entries that touched your data — write to privacy@remlo.xyz. We respond within 30 days.

6. Contacting Us

For product questions, account help, or anything that isn’t a privacy request, the dashboard has a “Contact support” link in the footer that opens a ticket directly with the team. For privacy-specific requests, write to privacy@remlo.xyz.