Privacy Policy

National Pension Services (“NPS,” “we,” “us,” or “our”) collects information in connection with providing retirement plan administration services. The types of information we collect include:

Business and Contact Information

• Company name, address, and contact details
• Authorized representative names and email addresses
• EIN and other tax identification numbers

Plan Participant Information

• Employee names, Social Security Numbers, and dates of birth
• Compensation, contribution, and benefit data
• Beneficiary designations

Usage and Technical Information

• Log data including IP addresses and browser type
• Cookies and session identifiers (see our Cookie Policy)
• Pages visited and actions taken within our platform

We use the information we collect to:

• Provide, maintain, and improve our retirement plan administration services
• File required IRS and DOL reports on behalf of plan sponsors
• Perform compliance testing required under ERISA and the Internal Revenue Code
• Communicate with you about your account and our services
• Respond to inquiries and provide customer support
• Comply with applicable legal obligations
• Protect against fraud, unauthorized access, and other risks

We implement industry-standard technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption at rest and in transit, access controls, multi-factor authentication requirements, and regular security assessments.

Your data is stored on secure servers located in the United States. We use Supabase as our database and authentication infrastructure, which maintains SOC 2 Type II certification.

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following limited circumstances:

• Service Providers: Trusted vendors who assist in delivering our services, subject to confidentiality obligations
• Government Agencies: The IRS, DOL, and other regulators as required for plan administration and legal compliance
• Legal Requirements: When required by law, court order, or governmental authority
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate confidentiality protections

Depending on your location and applicable law, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information, subject to legal retention requirements
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to certain processing of your information
• Opt-out of Sale: California residents may opt out of the sale of personal information (we do not sell personal information)

To exercise any of these rights, please contact us using the information in Section 9 below.

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, and reporting requirements. Retirement plan records are subject to ERISA and IRS retention requirements, which generally require records to be kept for a minimum of six years.

Upon termination of services, we will retain your data for the legally required period and then securely delete or anonymize it.

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected information from a child under 18, we will take steps to delete that information promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by posting the revised policy with an updated effective date and, where appropriate, by sending a direct notification. We encourage you to review this policy periodically.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: