Privacy Policy

When you use the Leo's Coney Island Employee Portal, we collect the following categories of personal information:

Personal identifiers: full legal name, date of birth, Social Security Number (SSN), mailing address, phone number, and email address.

Employment information: job title, assigned location, employment start date, work eligibility status, and minor work permit details where applicable.

Financial information: bank account and routing numbers for direct deposit setup, collected through encrypted server-side workflows.

Documents and uploads: signed employment forms, tax documents (W-4, I-9), work permits, identification documents, and any files you upload during onboarding.

Authentication data: email address used for sign-in, one-time verification codes, session tokens, and sign-in timestamps.

Scheduling data: shift assignments, availability preferences, time-off requests, and schedule change history.

Device and usage data: browser type, IP address, pages visited within the portal, and timestamps of portal interactions. This data is collected automatically for security monitoring and is not used for advertising.

We use the information we collect exclusively for the following business purposes:

Onboarding: to verify your identity, establish your employment record, process required tax and compliance documents, and set up payroll.

Scheduling: to assign and manage work shifts, process availability and time-off requests, and communicate schedule changes.

Portal operations: to authenticate your identity when signing in, maintain session security, and provide role-appropriate access to portal features.

Compliance: to meet federal, state, and local employment law requirements including I-9 verification, minor labor law compliance, tax withholding, and record retention obligations.

Communication: to send you onboarding instructions, schedule notifications, and important employment-related updates via email.

Security: to detect unauthorized access attempts, investigate potential misuse, and maintain audit logs of portal activity.

All personal data is stored in encrypted databases hosted on secure cloud infrastructure within the United States.

Sensitive data such as Social Security Numbers and banking details is encrypted by the application with AES-256-GCM before storage and is then stored through restricted server-side Vault workflows. These fields are not stored as readable plain text in the application database.

Document uploads are stored in secure, access-controlled storage buckets with server-side encryption. Files are only accessible to the employee who uploaded them and authorized administrators.

Authentication is handled through a dedicated identity provider using role-restricted sessions and configured sign-in methods. Leo's Coney Island does not store your authentication secret in the employee portal database.

Administrative access is restricted by role (admin, location manager) and location scope. All administrative actions on employee records are logged in an immutable audit trail.

We conduct regular security reviews of our infrastructure, access controls, and data handling procedures.

We do not sell, rent, or trade your personal information to third parties.

Your information may be shared in the following limited circumstances:

With authorized Leo's Coney Island managers and administrators who need access to perform their job duties, limited to their assigned location scope.

With payroll and tax processing services as required to process your compensation and tax withholdings.

With government agencies when required by law, such as tax reporting obligations, employment verification requests, or valid legal process.

With infrastructure and service providers who process data on our behalf under data-processing agreements (DPAs). The current sub-processor list is published in section 4a below and updates are communicated through the portal at least 30 days before they take effect.

We use OpenReplay session replay to debug employee-portal issues. The tracker masks input fields, emails, and numeric values by default and is restricted to portal pages while you are signed in.

We rely on the following service providers to operate the employee portal. Each provider is bound by a data-processing agreement and only receives the data necessary to deliver its specific service.

Clerk (clerk.com) — authentication, session management, multi-factor identity. Receives email, name, phone, and authentication metadata.

Supabase (supabase.com) — Postgres database and file storage hosted in the United States. Receives all employment, scheduling, and document data covered by this policy.

Vercel (vercel.com) — application hosting and edge delivery. Receives request metadata (IP address, user agent) and processed responses; never raw PII at rest.

Resend (resend.com) — transactional email delivery. Receives recipient email address and the email body templated by the portal.

Twilio (twilio.com) — SMS delivery (currently disabled by default; only used when SMS_NOTIFICATIONS_ENABLED is configured). Receives recipient phone number and message body.

Inngest (inngest.com) — durable workflow orchestration. Receives event metadata and workflow run state, never raw banking or SSN values.

Mapbox (mapbox.com) — address autocomplete only. Receives address-string fragments typed during onboarding; not used for tracking.

OpenReplay (openreplay.com) — session replay for portal debugging. Configured to mask all input values, emails, and numeric strings by default.

Active employee records are maintained for the duration of your employment and are kept accessible for portal functions including scheduling, document access, and communication.

After separation from employment, your records are retained in accordance with applicable federal and state record retention requirements. For most employment records, this is a minimum of three years after separation. Tax records are retained for a minimum of four years.

Document uploads associated with your employment record follow the same retention schedule as your employment file.

Authentication logs and portal activity records are retained for security monitoring and legal compliance according to the retention schedules configured for the portal.

Right to access: request a copy of the personal information we hold about you. Submit the request via the Privacy Request portal at /dashboard/privacy or by emailing privacy@leosconeyisland.com. We will respond within 45 days.

Right to rectification: request correction of inaccurate personal information in your employee record.

Right to erasure / data portability: request deletion or a portable copy of non-required data. Certain information cannot be deleted while you are an active employee or while subject to legal retention requirements (I-9, W-4, payroll tax records).

Right to non-retaliation: Leo's Coney Island will not retaliate against any employee who exercises a privacy right.

Notice at Collection: the categories of personal information collected are listed in section 1 above. We do not sell or share your personal information for cross-context behavioral advertising. Retention periods are documented in section 5.

Right to know: you may request the specific pieces of personal information we have collected about you in the past 12 months.

Right to delete: you may request deletion of personal information that is not required by law or active-employment necessity.

Right to correct: you may request correction of inaccurate information.

Right to limit use of sensitive personal information: SSN and banking details are limited by default to onboarding, payroll, and direct-deposit setup. They are never used for marketing or profiling.

Right to non-discrimination and to a Shine the Light disclosure (Cal. Civ. Code §1798.83). To exercise any right, contact privacy@leosconeyisland.com or your location manager. We will verify your identity using employment information on file before fulfilling the request and will respond within 45 days.

Breach notification: in the event of a confirmed unauthorized acquisition of unencrypted personal information, Leo's Coney Island will notify affected individuals without unreasonable delay and in accordance with Michigan Identity Theft Protection Act (MCL 445.72). Notification will include the categories affected, steps you can take to protect yourself, and a contact for follow-up questions.

Sensitive data (SSN, banking) is encrypted at rest as described in section 3, which limits the scope of any potential incident.

Leo's Coney Island employs workers under the age of 18 in compliance with applicable federal and state minor labor laws.

The portal collects work permit information and enforces scheduling restrictions as required by law for minor employees.

If a minor employee's parent or legal guardian has concerns about the information collected, they may contact Leo's Coney Island administration directly.

We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal requirements.

Material changes will be communicated through the portal and, where appropriate, via email to your registered address.

Your continued use of the employee portal after changes are posted constitutes acceptance of the updated policy.

For questions about this privacy policy, sub-processor changes, or how your information is handled, email privacy@leosconeyisland.com or speak with your location manager directly.

Leo's Coney Island locations: Waterford, White Lake, and Highland, Michigan.

Material changes to this policy or to the sub-processor list above are announced through the portal banner and via email at least 30 days before they take effect.