Privacy Policy

1. Who we are

PayBraid Technologies (“we”, “us”, “our”) operates Paybraid, a software-as-a-service platform for human resources and payroll management. We provide tools for organisations to manage payroll (including salary calculations, tax deductions, and final settlements), HR operations (digital onboarding, attendance, leave, exit and full-and-final settlement), and expense or reimbursement claims.

2. Who this policy applies to

This policy applies to: (1) Client users — individuals who register or log in on behalf of an organisation (employer) and use the client dashboard to manage employees, payroll, attendance, leave, reimbursements, and related data; and (2) Employees — individuals whose data is added to the platform by a Client or who use the employee portal (e.g. to view profile, mark attendance, submit leave or reimbursement claims). If you are an Employee, your Employer (the Client) is responsible for how your data is used in the service; we process it on their instructions to provide the platform.

3. Data we collect

From Client users (registration and account)

When you register an organisation, we collect: organisation name, your full name, email address, password (stored as a secure hash), subdomain choice, and country. For your account we store your email (in hashed form for lookup and in encrypted form), and optionally full name and phone; we use this to identify you, manage login, and communicate about the service (e.g. email verification, password reset).

From and about Employees

Data relating to employees is provided by the Client or by the employee through the platform. We process: full name, email, phone number, date of birth, department, designation, join date, employee code; and sensitive data such as PAN, Aadhaar number, bank account number, and IFSC code. We also process salary and compensation details (e.g. pay components, gross, CTC), payroll run and transaction data, attendance records (punches, daily status), leave types, balances and applications, reimbursement claims (amounts, descriptions, attachments), exit and full-and-final settlement data, and documents (e.g. identity or offer documents) uploaded to the platform. Sensitive personal data and financial data are stored in encrypted form in our systems.

Technical and usage data

We collect and log: IP address, session identifiers, browser/user-agent, and request metadata. We maintain audit logs of actions (e.g. who accessed or changed what) for security and compliance; these may include your email, resource and action type, and the above technical data. Audit logs are retained as required by our compliance and security policies (e.g. up to seven years where applicable).

4. How we use your data

We use the data described above to: provide, operate, and improve the Paybraid platform; authenticate users and enforce access control; process payroll, attendance, leave, reimbursements, and exit/F&F workflows; send transactional communications (e.g. email verification, password reset); process payments for subscription or usage-based billing; detect and prevent abuse or security incidents; comply with legal and regulatory obligations; and maintain audit trails for compliance. We do not sell your personal data.

5. Legal basis

Where applicable law requires a legal basis: we process data necessary to perform our contract with the Client (providing the service); where we have a legitimate interest (e.g. security, fraud prevention, improving the service); and where we are required by law. We comply with applicable data protection laws, including the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules and the Digital Personal Data Protection Act, 2023 (India), where they apply.

6. Retention

We retain account and employee data for as long as the Client’s account is active and as needed to provide the service and comply with legal obligations (e.g. tax, employment, or financial record-keeping). Audit logs may be retained for a period of up to seven years for compliance and security. After account closure or at the end of a retention period, we delete or anonymise data in line with our internal policies and legal requirements.

7. Third parties

We use the following third-party services in a way that may involve personal or payment data:

• Razorpay — for processing subscription and usage-based payments (e.g. cards, UPI, net banking). Payment details are handled by Razorpay; we receive and store payment status and references. Razorpay’s privacy policy applies to their processing: razorpay.com/privacy.
• Calendly — we embed Calendly on our marketing and information pages so you can book a consultation. If you use it, Calendly may collect your name, email, and scheduling data. Their privacy policy applies: calendly.com/privacy.
• Hosting and infrastructure — our frontend and backend (and related storage, e.g. databases and file storage) are hosted on infrastructure we or our providers operate. Data may be processed in India or in other regions where our providers operate; we require appropriate safeguards where required by law.

8. Cookies and local storage

We use HTTP-only cookies to store access and refresh tokens for authentication when you are logged in. We may also use browser local storage or session storage to store your role and a minimal user object (e.g. id, email, org) so the application can show the correct interface. These are strictly necessary for the operation of the service and are not used for advertising or tracking. You can clear cookies and local storage via your browser; doing so may log you out.

9. Security

We use industry-standard measures to protect your data: sensitive personal and financial data (e.g. name, email, phone, PAN, Aadhaar, bank details, salary components) are encrypted at rest; communications use HTTPS; access to data is controlled by authentication and role-based permissions; and we maintain audit logs of sensitive actions. You are responsible for keeping your password and account secure.

10. Your rights

Depending on applicable law, you may have the right to access, correct, delete, or export your personal data, or to object to or restrict certain processing. To exercise these rights, contact us at the details below. If you are an Employee, much of your data is controlled by your Employer (the Client); you may also contact your Employer for access or corrections. We will respond in line with applicable law. In India, you may also have rights under the Digital Personal Data Protection Act, 2023 once in force.

11. International transfer

Your data may be processed in India or in other countries where we or our service providers operate. Where we transfer data across borders, we take steps required by applicable law to protect it (e.g. standard contractual clauses or other approved mechanisms).

12. Children

The service is not intended for individuals under 18. We do not knowingly collect personal data from children. If you believe we have collected such data, please contact us so we can delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last updated” date. Material changes may be communicated by email or a notice on the platform. Continued use of the service after changes constitutes acceptance of the updated policy.

14. Contact

For privacy-related requests, questions, or complaints, contact us at: contact@paybraid.com. You can also reach us at the phone number published on our website. PayBraid Technologies, India.