Privacy Policy

1. Introduction

PayOnTime is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, store, and protect your data in compliance with the Protection of Personal Information Act (POPIA) and other applicable South African data protection laws.

By using PayOnTime, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

• Identity Information: Full name, ID number, contact details (email, phone number, physical address)
• Banking Information: Bank account details, account holder name, bank name, branch code
• Agreement Information: Payment amounts, payment dates, agreement terms, property addresses (for rental agreements)
• Authentication Data: Login credentials, password (encrypted), authentication tokens

2.2 Technical Information

We automatically collect:

• IP addresses and device information
• Browser type and version
• Usage data and interaction patterns
• Cookies and similar tracking technologies

2.3 Payment Transaction Data

We collect and store payment transaction records, including payment status, dates, amounts, and DebiCheck mandate details.

3. How We Use Your Information

We use your personal information for the following purposes:

• Payment Processing: To facilitate recurring payments and DebiCheck mandate creation
• Agreement Management: To create, store, and manage payment agreements
• Communication: To send payment notifications, reminders, and service updates
• Compliance: To comply with legal obligations, including POPIA, FICA, and banking regulations
• Fraud Prevention: To detect and prevent fraudulent activity
• Service Improvement: To analyze usage patterns and improve our platform
• Customer Support: To respond to queries and resolve disputes

4. Legal Basis for Processing

We process your personal information based on:

• Consent: You provide explicit consent when creating or accepting agreements
• Contractual Necessity: Processing is necessary to fulfill our service obligations
• Legal Obligations: We must comply with financial services regulations, FICA, and POPIA
• Legitimate Interests: Fraud prevention, service improvement, and business operations

5. Information Sharing and Disclosure

We share your information only in the following circumstances:

5.1 Payment Processing Partners

We share necessary information with:

• PayFast: Our payment gateway provider for processing transactions
• Banks: For DebiCheck mandate authentication and payment collection
• Payment Networks: As required for payment processing

5.2 Service Providers

We use trusted third-party service providers for:

• Cloud hosting and data storage (Supabase)
• Email and SMS notifications
• Analytics and monitoring

5.3 Legal Requirements

We may disclose information when required by law, including:

• Court orders or legal processes
• Regulatory investigations
• Law enforcement requests
• Protection of our legal rights

5.4 Agreement Parties

Information is shared between agreement creators and payment authorizers as necessary for agreement management and payment processing.

6. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data is encrypted in transit (TLS/SSL) and at rest
• Access Controls: Strict access controls and authentication requirements
• Secure Infrastructure: Data stored on secure, compliant cloud infrastructure
• Regular Audits: Security assessments and vulnerability testing
• Password Protection: Passwords are hashed and never stored in plain text
• Monitoring: Continuous monitoring for suspicious activity

7. Data Retention

We retain your personal information for as long as necessary to:

• Provide our services and maintain active agreements
• Comply with legal and regulatory requirements (minimum 5 years for financial records)
• Resolve disputes and enforce agreements
• Prevent fraud and maintain security

After the retention period, personal information is securely deleted or anonymized.

8. Your Rights Under POPIA

You have the following rights regarding your personal information:

• Right to Access: Request a copy of your personal information
• Right to Correction: Request correction of inaccurate information
• Right to Deletion: Request deletion of your information (subject to legal retention requirements)
• Right to Object: Object to processing of your information
• Right to Restriction: Request restriction of processing
• Right to Data Portability: Receive your data in a structured format
• Right to Withdraw Consent: Withdraw consent at any time (may affect service availability)

To exercise these rights, contact us at privacy@payontime.co.za. We will respond within 30 days.

9. Cookies and Tracking

We use cookies and similar technologies to:

• Maintain user sessions and authentication
• Remember user preferences
• Analyze usage patterns and improve our service
• Prevent fraud and enhance security

You can control cookies through your browser settings, but disabling cookies may affect functionality.

10. Third-Party Links

Our platform may contain links to third-party websites (e.g., banking apps, payment gateways). We are not responsible for the privacy practices of these external sites. Please review their privacy policies separately.

11. Children's Privacy

PayOnTime is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware of such collection, we will delete the information immediately.

12. International Data Transfers

Your data is primarily stored in South Africa. If data is transferred internationally, we ensure adequate protection through appropriate safeguards and compliance with POPIA requirements.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated via email or platform notifications. The "Last updated" date at the top indicates when changes were made. Continued use after changes constitutes acceptance.

14. Complaints and Concerns

If you have concerns about how we handle your personal information, you can:

• Contact our privacy officer at privacy@payontime.co.za
• Lodge a complaint with the Information Regulator of South Africa

15. Contact Information

For privacy-related questions or to exercise your rights, contact us:

16. Delivery Policy

PayOnTime is a digital payment platform. Our services are delivered electronically:

• Instant Access: Platform access is provided immediately upon registration
• Agreement Delivery: Payment agreements are delivered via email and accessible through the platform
• Payment Notifications: Sent via email and SMS in real-time
• Transaction Records: Available instantly in your dashboard
• No Physical Delivery: PayOnTime does not deliver physical goods or services

Note: If you are paying for physical goods or services through PayOnTime, delivery terms are determined by the service provider, not PayOnTime. We only facilitate the payment processing.