Privacy Policy

Payrovia ("we", "us", "our") provides a global payroll and HR platform. We take privacy and the protection of personal data seriously. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the rights you have over it.

This Policy applies to information processed through our websites, applications, and platform. It does not describe how our customers (your employer or the company that has placed you on Payrovia) process your personal data as a controller — for that, please refer to your employer's privacy notice.

1. Our role

For most personal data on the platform, Payrovia acts as a data processor on behalf of our customers, who are the data controllers. For website visitors, prospective customers, and our own employees and contractors, Payrovia acts as a controller.

2. Information we collect

2.1 Information you provide as a customer or website visitor

• Contact details: name, email, company, role, country
• Account credentials and authentication signals
• Billing details (processed by our payment provider)
• Sales and support communications

2.2 Information processed on behalf of our customers

Within the platform, our customers submit personal data about their employees, contractors, candidates, and dependants. This may include:

• Identification data: full name, government IDs (e.g. NRIC, PPS, NI, SSN, NIK, KRA), work permits
• Contact and employment data: address, phone, job title, department, hire and termination dates
• Financial data: bank details, salary, deductions, statutory contributions, tax codes
• Time, attendance, and leave records, including geolocation when geofencing is enabled by the customer
• Documents uploaded for onboarding, certificates, or statutory filings
• Sensitive data where required by local employment or tax law (e.g. nationality, dependants, gender for statutory reporting)

2.3 Information collected automatically

• Device, browser, IP address, and approximate location for security and analytics
• Product usage events to operate, secure, and improve the Service
• Cookies and similar technologies (see Section 9)

3. How we use information

• To provide, operate, and secure the Service
• To process payroll, leave, time, statutory filings, and other contracted workflows
• To authenticate users and prevent fraud or abuse
• To communicate with customers about their account, support, and service changes
• To improve the Service, train internal models with appropriate safeguards, and develop new features
• To comply with legal obligations, including responding to lawful requests

We do not sell personal data. We do not use customer payroll data for advertising.

4. Legal bases (EEA / UK)

Where the GDPR or UK GDPR applies, we rely on:

• Contract: to provide the Service to our customers and their authorised users
• Legitimate interests: to secure, improve, and market the Service responsibly
• Legal obligation: to comply with tax, employment, and audit requirements
• Consent: where required, e.g. for certain cookies or marketing communications

5. Sharing & sub-processors

We share personal information only with carefully selected service providers and partners, including:

• Cloud infrastructure and hosting providers
• Database, monitoring, and observability tooling
• Payment processors and bank file transmission partners
• Email, support, and CRM platforms
• Government tax authorities and statutory filing channels, where the customer instructs us to file
• Auditors, legal advisors, and professional advisors under confidentiality

A current list of sub-processors is available on request and is referenced in our Data Processing Addendum.

6. International transfers

Payrovia operates globally. Personal data may be processed in countries other than where it is collected. Where required, we put appropriate safeguards in place, including Standard Contractual Clauses, UK International Data Transfer Addendum, and applicable country-specific transfer mechanisms.

7. Security

We protect personal data with administrative, technical, and physical safeguards proportionate to the sensitivity of the data, including: encryption in transit and at rest, field-level encryption for sensitive identifiers, role-based access control, audit logging, least-privilege engineering access, and ongoing third-party security testing. No system is perfectly secure; we will notify affected parties of confirmed personal data breaches as required by law.

8. Data retention

We retain personal data only as long as needed to provide the Service, meet statutory retention obligations (which vary by country and can extend for several years for payroll records), and resolve disputes. Customer-controlled data is retained per the customer's instructions; on termination, customers can export data and we will delete or anonymise residual copies within the timelines set out in our Data Processing Addendum.

9. Cookies

We use a small number of cookies and similar technologies:

• Strictly necessary: authentication, security, load balancing
• Functional: remembering language and country preferences
• Analytics: understanding aggregate usage patterns to improve the Service

You can manage cookies through your browser. Disabling necessary cookies may prevent the Service from functioning.

10. Your rights

Depending on your jurisdiction, you may have rights to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete information
• Request deletion, subject to legal retention obligations
• Restrict or object to certain processing
• Receive a portable copy of your data
• Withdraw consent where processing relies on it
• Lodge a complaint with your local data protection authority

If your personal data is on the platform because of your employer's use of Payrovia, please address rights requests to your employer in the first instance; we will assist them as the data controller.

11. Children

The Service is not directed to children under 16 and we do not knowingly collect their personal data. Where local law treats employment-related data of dependants differently, we process it strictly under the customer's instructions.

12. Changes to this Policy

We may update this Policy from time to time. Material changes will be notified by email or in-product notice before they take effect. The "Effective" date at the top of this page shows the latest revision.

13. Contact

Data Protection Officer · [email protected]
Payrovia, Singapore (registered office). Local DPO representatives in the EU and UK are listed in our Data Processing Addendum.