PrivacyPolicy
Effective Date: January 16, 2026 | Version: 1.0
1. Introduction
Welcome to PayRush ("we," "us," or "our"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App") and services.
We comply strictly with the Protection of Personal Information Act (POPIA) of South Africa. By using PayRush, you consent to the data practices described in this policy.
2. Information We Collect
To provide Earned Wage Access services, we must collect specific personal and financial data.
A. Personal Information
- Identity Data: First name, last name, South African ID number, and date of birth.
- Contact Data: Mobile phone number (MSISDN) and email address.
- Employment Data: Employer name, employee number, employment status, and salary information.
B. Financial Information
- Bank Account Details: Bank name, branch code, and account number (for disbursement purposes).
- Transaction Data: Details of advances, voucher purchases, and repayments.
- Payroll Data: Net salary, pay cycle dates, and deductions (synced via your employer).
C. Device & Biometric Data
- Biometrics: We use local device authentication (FaceID, TouchID, or Android Biometrics) to secure your account. We do not store biometric data on our servers. Validation occurs locally on your device.
- Device Information: Device model, operating system version, and unique device identifiers (for security and fraud prevention).
- Location Data: General location data (IP address) to prevent fraud and ensure service availability within South Africa.
3. How We Use Your Information
We process your data for the following "Lawful Purposes" under POPIA:
- Service Delivery: To calculate your "Accrued Wages" and process advance requests.
- Transaction Processing: To facilitate payouts to your bank account or purchases of third-party vouchers (e.g., Airtime, Electricity).
- Risk Management: To assess affordability and set advance limits (Caps) to prevent over-indebtedness.
- Communication: To send transaction receipts, OTPs (One Time Pins), and security alerts.
- Compliance: To comply with FICA (KYC), tax laws, and labor regulations.
4. Sharing of Information
We do not sell your personal information. We only share data with:
- Your Employer: To verify employment status and process payroll deductions for advances taken.
- Service Providers:
- Flash/Aggregators: To fulfill voucher purchases (e.g., sending your meter number to Eskom).
- Payment Processors: To facilitate EFT payments to your bank account.
- Cloud Infrastructure: Supabase (PostgreSQL) for secure data storage.
- Legal Authorities: If required by law, court order, or governmental regulation.
5. Data Security
We implement banking-grade security measures:
- Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
- Access Control: Strict Role-Based Access Control (RBAC) limits who can view your data.
- Idempotency: Unique transaction keys ensure no duplicate processing of your funds.
6. Your Rights
Under POPIA, you have the right to:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate data.
- Deletion: Request deletion of your account (subject to legal retention periods for financial records).
7. Contact Us
If you have questions about this privacy policy, please contact our Information Officer:
- Email: privacy@payrush.co.za
- Address: Bryanston Sandton 2196, South Africa.