PRIVACY POLICY — VUMA PAY Last updated: 16 October 2025 1. Purpose This policy explains how Vuma Pay (Pty) Ltd (“Vuma Pay”) collects, uses, and protects personal information in accordance with the Protection of Personal Information Act (POPIA) of South Africa. 2. Information We Collect We collect the following personal information: - Identification Data: Full name, ID number, passport number, phone number, email address. - Employment Data: Employer and employee names, start dates, hours worked, wages paid, termination details. - Financial Data: Banking details for the purpose of processing payments. - Technical Data: App or WhatsApp interaction logs, device type, IP address, and browser information. - Location Data: Residential address details, including postal code, municipality, and magisterial district. 1. How We Use Your Information We use your data to: - Provide our core services: calculating wages, generating payslips, and populating compliance forms. - Submit UIF declarations to the Department of Labor on your behalf. - Send transactional communications like payment confirmations and compliance notifications. - Improve and secure our platform and technology. - Comply with our legal and regulatory obligations. - Enhance Service Automation: We use your submitted postal code, municipality, and magisterial district information to build an internal, anonymized database. This database helps us to automatically pre-fill these fields for you and other users in the future, making the onboarding process faster and more accurate for everyone. We will never sell or rent your personal information to third parties. 1. Storage and Security Your data is stored on secure cloud servers using encryption in transit (TLS) and at rest (AES-256). Access to personal information is strictly limited to authorised Vuma Pay personnel who are bound by confidentiality agreements. In the event of a data breach, we will notify affected users and the Information Regulator as required by POPIA. 2. Data Sharing We only share limited data with the following parties under strict data-processing agreements: - Government Agencies: The Department of Labor and/or SARS for the purpose of submitting compliance forms. - Payment Processors: Trusted partners like Paystack to securely process payments. - Cloud & Service Providers: Infrastructure partners (like Google Cloud) and communication services (like Twilio and Resend) that are essential to providing our service. 1. Your Rights Under POPIA, you have the right to: - Request access to the personal information we hold about you. - Request the correction of inaccurate or incomplete information. - Request the deletion of your data where it is no longer legally required for us to retain it. - Lodge a complaint with the Information Regulator of South Africa if you believe we have not complied with the law. To exercise these rights, please contact us at privacy@vumapay.app. 1. Retention We retain payroll and compliance records for a minimum of five years after the termination of an employment relationship, or as otherwise required by South African labor and tax law. 2. International Transfers If we store or process data outside of South Africa, we will ensure that the third party is subject to laws or agreements that provide an adequate level of data protection equivalent to POPIA. 3. Children Our services are not intended for or directed at persons under the age of 18. 4. Updates We may update this policy from time to time. The latest version will always be available on our website and in our app.
