PRIVACY POLICY — VUMA PAY (PTY) LTD

Last updated: 5 January 2026

1. COMMITMENT TO POPIA

Vuma Pay (Pty) Ltd ("Vuma Pay", "we", "our", "us") is committed to protecting your privacy in accordance with the Protection of Personal Information Act (POPIA) of South Africa. This policy explains how we collect, process, and store your personal data to ensure transparency and security in our operations.

2. INFORMATION WE COLLECT

We collect and process the following personal information to provide the Service:

  • Identity Data: Full names, ID/Passport numbers, and contact details for both Employers and Workers.
  • Financial Data: Bank account numbers and branch codes for the purpose of facilitating fund disbursements and verifying account ownership.
  • Employment Data: Salary amounts, hours worked, and employment start dates.
  • Verification Data: Mobile phone numbers used for secure One-Time Pin (OTP) verification and account security.

3. HOW WE USE AND SHARE DATA

We process and share your personal information with authorized third parties only when necessary to fulfill the Service and maintain regulatory compliance:

  • Financial Partners: We share identity and banking data with our licensed payment and payout partners. This is used to verify account ownership, perform real-time bank account validation, and execute secure disbursements to workers.
  • Stokvel & Regulatory Compliance: To maintain our status under the Stokvel Exemption (Banks Act Notice 404), we are required to maintain a member register. We process Employer and Worker data to verify the "common bond" (the employment relationship) required by the South African Reserve Bank (SARB) and the National Stokvel Association of South Africa (NASASA).
  • Communications: We utilize third-party communication platforms to deliver automated, transactional notifications, including payment receipts, payout confirmations, and secure OTP verification via WhatsApp and SMS.
  • Government & Legal Obligations: We may share data with government bodies, such as the Department of Labour or SARS, if you utilize our compliance automation features or if we are legally compelled to do so under South African law.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. DATA SECURITY

All data is encrypted in transit using TLS (Transport Layer Security) and at rest using AES-256 encryption standards. Access to sensitive financial and personal data is strictly restricted to essential personnel and automated systems required to facilitate transactions and maintain the platform.

5. YOUR RIGHTS

Under POPIA, you have the right to:

  • Access the personal information we hold about you.
  • Request the correction or updating of inaccurate or incomplete data.
  • Object to the processing of your data under specific circumstances.
  • Request the deletion of your data, subject to statutory retention periods (such as the 5-year requirement for labor and tax records).

6. RETENTION

We retain personal and employment records for as long as is necessary to provide the Service, or for a minimum of five years after the termination of an employment relationship, as required by South African labor law.

7. CONTACT

For any privacy-related inquiries or to exercise your rights under POPIA, please contact: admin@vumapay.app.