Privacy policy

Payloop (Pty) Ltd is a private company registered in South Africa, based in Cape Town. We are the responsible party for personal information about visitors to payloop.co.za and prospective customers.

For personal information we process on behalf of our customers (e.g. employee records inside a customer’s payroll account), the customer is the responsible party and we act as their operator under POPIA. Our handling of that data is governed by the agreement with the customer.

• Account information. Name, work email, organisation name, role and authentication identifiers when you create an account or request a demo.
• Payroll content. Employee records, salary, banking details, tax numbers and run history. This is provided by you as the employer; we hold it as your operator.
• Usage data. Pages viewed, features used, device and browser metadata, and approximate location derived from IP. We use this for product analytics and abuse prevention.
• Support content. Emails, attachments and messages you send us when you contact support.

• To provide, secure and improve the payroll platform.
• To calculate PAYE, UIF and SDL, produce payslips and dispatch bank-ready exports on your instruction.
• To communicate with you about your account, product updates and incidents.
• To comply with legal obligations, including tax, anti-money laundering and recordkeeping requirements.
• For limited, opt-in marketing about new features or research. You can opt out at any time.

We rely on contract, legal obligation, our legitimate interests in running and securing the platform, and — where required — your consent. Where we act as an operator for a customer, the customer is responsible for the lawful basis on which they instruct us to process employee data.

We share personal information only with:

• Sub-processorsthat host or operate parts of the platform — cloud infrastructure, transactional email, error monitoring and analytics — under written data-processing terms.
• Banks and payment providers to process disbursements you initiate.
• SARS and other authorities where required to support your statutory submissions or where we are legally compelled.

A current list of sub-processors is available on request at [email protected].

Production data is stored in data centres in the Republic of South Africa. Where a sub-processor operates outside South Africa, transfers are made under contractual safeguards permitted by section 72 of POPIA.

Sensitive financial fields — including salary amounts and bank-account details — are encrypted at rest using AES inside an application-level vault. All traffic to the platform is encrypted in transit. Access is least-privilege and audited; production access requires multi-factor authentication.

No system is impregnable. If we become aware of a compromise of your personal information we will notify you and the Information Regulator without undue delay, in line with our POPIA obligations.

Account information is retained for the life of your account and for a reasonable period afterwards to handle disputes, enforce agreements and comply with legal obligations. Payroll records you upload follow the retention periods set by South African tax and labour law (typically five years from the end of the tax year). You can request earlier deletion of data we hold as a responsible party.

Under POPIA you have the right to:

• Know what personal information we hold about you.
• Request correction or deletion of inaccurate data.
• Object to processing on grounds permitted by POPIA, including direct marketing.
• Lodge a complaint with the Information Regulator.

To exercise these rights, email [email protected]. If you are an employee of a payloop customer, please contact your employer first — they are the responsible party for your payroll record.

We may update this policy from time to time. Material changes will be notified by email to account owners and posted here with a new “last updated” date.

Payloop (Pty) Ltd
Cape Town, South Africa
[email protected]

Information Officer enquiries can be sent to the same address with the subject line “Information Officer”.