Bank-level security for the month-end you can’t afford to lose.

Sensitive fields — salary, bank-account number, branch code, ID number, tax reference — pass through an application-level vault and land in the database as AES-256 ciphertext. The vault keys are held in a managed key service and rotated on a schedule; no engineer ever sees the raw key material.

Every request to payloop.co.za is TLS 1.3 with HSTS enforced. We do not accept TLS 1.0 or 1.1 at the edge and we publish a CAA record restricting who can issue certificates for our domains.

Production databases, file storage and backups are hosted in South African data centres. Where a sub-processor operates outside South Africa — for example for transactional email or error monitoring — transfers are made under the contractual safeguards permitted by section 72 of POPIA, and payroll content is not included.

A current list of sub-processors is available on request at [email protected].

Access to production systems is least-privilege and granted by named role, not by shared account. Every engineer with production access uses hardware-backed multi-factor authentication. Console sessions are short-lived, require a justification, and are recorded for audit.

Inside the product, your team is governed by role-based permissions. Owners, payroll administrators, approvers and read-only roles see only what their role requires, and every sensitive action — running a payroll, exporting a bank file, changing banking details — is written to an immutable audit log you can export.

payloop never moves money. We generate the bank-ready payment file in your bank’s native format — FNB, Standard Bank, Capitec, Nedbank, Absa, Investec — and hand it to an authorised signatory inside your business to upload and release. Your bank’s own authorisation flow stays in front of every disbursement.

Encrypted snapshots of every production database are taken continuously and retained on a rolling schedule, with daily backups copied to a separate failure domain. We rehearse the full restore path regularly so that a recovery is a drill, not a discovery.

Every change to payloop ships through a reviewed pull request, an automated test suite and a staging environment seeded with synthetic data. Dependencies are scanned for known vulnerabilities on every build and patched on a published cadence; critical advisories are patched out of band.

Application logs, request traces and authentication events stream into a central observability stack. Alerts on anomalous sign-in patterns, privilege escalation and data-export volume page the on-call engineer in minutes.

We maintain a documented incident-response runbook with named roles and a published escalation chain. If we confirm a compromise of your personal information we will notify you and the Information Regulator without undue delay, in line with our POPIA obligations, and follow up with a written post-mortem.

Authorised security research is welcome. If you believe you have found a vulnerability in payloop, email [email protected] with the subject line “Security” before testing in depth. We will acknowledge within two business days, work the issue with you, and credit the reporter in the public advisory if they wish.

Out of scope: denial-of-service testing, social engineering of payloop staff or customers, and any test that exfiltrates real personal information.

payloop is built and operated in line with the Protection of Personal Information Act, 2013 (POPIA). A data-processing addendum suitable for your operator/ responsible-party relationship is available on request, along with our sub-processor list and a summary of our security controls for your vendor-risk review.

For the full picture of what we collect, why, and the rights you have, see our Privacy Policy.

Payloop (Pty) Ltd
Cape Town, South Africa
[email protected]