Cronus AI

Cronus

by OrbittAI ©

Employee Data Processing Notice

Last updated: March 1, 2026

Employee Data Processing Notice — CronusAI

1. Purpose of Processing

This Notice informs you, as an employee, contractor, or service provider ("Worker"), about how SOFTBLITZ PESQUISA DESENVOLVIMENTO E CONSULTORIA DE SOFTWARE DO BRASIL LTDA - ME ("SoftBlitz") and your employer or contracting organization ("Organization") process your personal data on the CronusAI platform. CronusAI is an HR SaaS solution within the OrbittAI ecosystem offering time tracking, payroll, employment contracts, employee management, and AI-powered analytics.

The purposes of processing your data include: (a) performance of your employment or service contract; (b) compliance with legal obligations under employment, tax, and benefits law; (c) payroll and benefits administration; (d) contract and document management; (e) productivity analysis and time patterns, where authorized; and (f) platform security and integrity. Processing is conducted in compliance with the California Consumer Privacy Act (CCPA) as amended by the CPRA (Cal. Civ. Code § 1798.100 et seq.), the Fair Labor Standards Act (FLSA), EEOC guidelines, and applicable federal and state employment and privacy laws.

2. Categories of Employment Data

The categories of personal data processed include:

  • Registration data: full name, preferred name, Social Security Number or taxpayer ID, date of birth, identification document, full address, phone, email, photo (avatar).
  • Time records: date, clock-in/out times, absences, overtime, location (when applicable to recording).
  • Payroll data: salary, benefits, deductions, payment history.
  • Contracts: employment contract versions, clauses, digital signatures and associated data (device, geolocation at signing).
  • Documents: identity documents, proof of residence, resume, KYC documents for identity verification.
  • KYC data: data used in identity verification (as required by partners or regulation).
  • Productivity analytics data: time-worked metrics, overtime, usage patterns, and AI-generated insights on performance (per Organization policies).

Processing of your data is based on the following legal grounds:

Legal basis Application
Performance of contract Provision of HR services, payroll, contracts, documents
Legal obligation Employment, tax, benefits, and regulatory obligations
Legitimate interest Security, fraud prevention, service improvement
Consent Optional features, sensitive data, analytics beyond contractual necessity

Under the CCPA (Cal. Civ. Code § 1798.100), businesses must inform California residents about the categories of personal information collected and the purposes for which they are used. Employee and contractor data are subject to CCPA obligations effective January 1, 2023. The Organization acts as the Controller of employment data. SoftBlitz acts as a Processor on behalf of the Organization, processing data according to documented instructions and in compliance with applicable laws, including the FLSA and EEOC recordkeeping requirements.

4. Monitoring and Analytics (AI Productivity and Time Patterns)

CronusAI may use analytics and artificial intelligence for:

  • Productivity analysis: metrics on time worked, overtime, and work patterns.
  • Time patterns: identification of trends for scheduling and workforce planning.
  • AI insights: recommendations and reports based on aggregated data on performance and contracts.

Purpose and safeguards: Monitoring and analytics support workforce management, compliance with employment law, and improvement of working conditions. We take steps to mitigate bias in AI models and ensure transparency. Decisions that significantly affect your rights may be subject to human review. Use of analytics beyond what is strictly necessary for the contract or law may depend on consent or the Organization's internal policies, consistent with EEOC guidelines on employment testing and monitoring.

5. Payroll Processing

Payroll processing involves your financial data (bank, account, payment method), salary, deductions, benefits, and payment history. The purpose is performance of the employment contract and compliance with legal obligations (tax withholding, benefits, wage reporting). Data may be shared with payment processors and transmitted to government agencies as required by law. Processing is based on contract performance and legal obligation. Retention follows FLSA (3 years for payroll records) and IRS (7 years for tax records) requirements.

6. Benefits Management

When the Organization uses CronusAI for benefits management (transit, meal vouchers, health plans, etc.), the necessary data is processed for administration, eligibility, and compliance. Processing is based on contract performance and applicable legal or contractual obligations.

7. Data Sharing

Your data may be shared with:

  • Organization (employer/contractor): designated administrators and managers have access to data necessary for workforce and platform management.
  • Government agencies: for compliance with employment, tax, and benefits obligations.
  • Payment processors: for execution of payments (payroll, benefits).
  • Service providers: hosting (cloud), email, identity verification (KYC), AI processing, under confidentiality and data protection agreements.

Sharing is conducted in accordance with applicable privacy laws, including the CCPA requirements for disclosure of categories of third parties with whom personal information is shared.

8. Worker Rights (CCPA § 1798.100 and State Laws)

California employees and contractors have rights under the CCPA as amended effective 2023, including:

  • Right to know: what personal information is collected, used, shared, or sold.
  • Right to deletion: subject to certain exceptions (e.g., completion of transaction, legal obligation, exercise of rights).
  • Right to correction: correction of inaccurate personal information.
  • Right to opt-out of sale or sharing: applicable where personal information is sold or shared for cross-context behavioral advertising (CronusAI does not sell employee data).
  • Right to non-discrimination: for exercising CCPA rights.
  • Right to limit use of sensitive personal information: where applicable.

Workers in other states may have additional rights under state privacy laws (e.g., Virginia, Colorado, Connecticut). To exercise your rights, contact the Organization's privacy contact or SoftBlitz at dpo@orbittai.com. Responses will be provided within the timeframes required by applicable law (e.g., 45 days under the CCPA, extendable under certain conditions).

9. Retention Periods

Your data is retained for the period necessary to fulfill the purposes described and legal obligations. In summary:

  • Employment records: 3–7 years after termination (FLSA, IRS, state laws).
  • Payroll and tax documents: 7 years (IRS).
  • Contracts: contract term + 7 years.
  • KYC documents: duration of relationship + 5 years.
  • Audit logs: 5 years.
  • Analytics: up to 2 years (anonymization when feasible).

Full details are set forth in the Data Retention Policy.

Processor
SOFTBLITZ PESQUISA DESENVOLVIMENTO E CONSULTORIA DE SOFTWARE DO BRASIL LTDA - ME
CNPJ: 56.145.925/0001-85
Av Paulista 1471 Conj 1110, Bela Vista, São Paulo – SP, CEP 01311-927, Brazil

Privacy contact: dpo@orbittai.com

For questions about how your Organization (Controller) processes your data, consult your employer's or contractor's internal policies.