P
PayKenyaBack
Legal

Privacy Policy

PayKenya Ltd ("we", "us") processes personal data in line with the Kenya Data Protection Act, 2019. This policy explains what we collect, why, how we store it, and your rights.

Data we collect

  • Account data: name, email, password hash, phone number.
  • Payroll data you upload: employee records, KRA PIN, NSSF, SHIF, bank accounts, and pay history.
  • Operational logs: device, IP, and activity for security and audit purposes.

How we use data

  • To operate, secure, and improve the PayKenya service.
  • To calculate statutory deductions (PAYE, NSSF, SHIF, AHL, NITA, HELB).
  • To send transactional messages (payslips, invoices, receipts).

Storage and security

Data is stored on managed PostgreSQL infrastructure with Row-Level Security, encrypted in transit (TLS 1.2+) and at rest. Backups are taken daily and retained for 30 days.

Your rights

  • Access, correction, deletion, and portability of your personal data.
  • Object to or restrict certain processing.
  • Lodge a complaint with the Office of the Data Protection Commissioner.

Data Controller

Registration with the Office of the Data Protection Commissioner is pending. Contact: privacy@paykenya.co.ke.

Changes

We will notify account owners by email at least 30 days before any material change.