Privacy Policy

1. Introduction

Payaca Ltd ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

We are registered with the Information Commissioner's Office (ICO) under registration number ZA426301.

Payaca Ltd is ISO 27001 certified, demonstrating our commitment to information security best practices.

2. Data Controller

Payaca Ltd is the data controller responsible for your personal data. Our contact details are:

3. Information We Collect

3.1 Subscribers (Website Visitors)

When you visit our website, request a demo, or subscribe to our newsletter, we may collect:

• Name and contact details (email address, phone number)
• Company name and job title
• Communication preferences
• Information you provide in contact forms or demo requests

3.2 Clients (Service Users)

When you use our platform, we may also collect:

• Account credentials and profile information
• Business information (company details, trade certifications)
• Billing and payment information
• Customer and project data you input into the system
• Usage data and activity logs
• Support communications and feedback

3.3 Automatically Collected Information

We use Plausible Analytics, a privacy-focused analytics service that does not use cookies or collect personal data. We may collect aggregated, anonymous information about:

• Page views and referral sources
• General geographic location (country level)
• Device type and browser (aggregated)

This information cannot be used to identify you personally.

4. Legal Basis for Processing

We process your personal data on the following legal bases under GDPR:

4.1 Contract Performance

Processing necessary to perform our contract with you, including providing our services, processing payments, and managing your account.

4.2 Legitimate Interests

Processing necessary for our legitimate interests, including improving our services, preventing fraud, and ensuring network security. We balance these interests against your rights and freedoms.

4.3 Consent

Where you have given consent, such as for marketing communications. You may withdraw consent at any time by contacting us or using unsubscribe links.

4.4 Legal Obligation

Processing necessary to comply with legal obligations, such as tax and accounting requirements.

5. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Process transactions and send related information
• Create and manage your account
• Respond to your comments, questions, and requests
• Send promotional communications (with your consent)
• Monitor and analyse usage patterns to improve user experience
• Detect, investigate, and prevent fraudulent or unauthorised activity
• Comply with legal obligations

6. Information Sharing

We may share your information with:

6.1 Service Providers

Third-party vendors who provide services on our behalf, including cloud hosting (AWS), payment processing (Stripe), email services, and customer support tools. These providers are contractually bound to protect your data.

6.2 Professional Advisers

Lawyers, accountants, and auditors where necessary for professional advice or compliance.

6.3 Regulatory Authorities

Government agencies, law enforcement, or regulatory bodies when required by law or to protect our legal rights.

6.4 Business Transfers

In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business.

We do not sell your personal data to third parties for marketing purposes.

7. International Transfers

Your personal data may be transferred to and processed in countries outside the UK and European Economic Area (EEA). Where we transfer data internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• UK International Data Transfer Agreement or Addendum
• Adequacy decisions where applicable

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

• Account data: For the duration of your account plus 6 years for legal compliance
• Marketing data: Until you unsubscribe or withdraw consent
• Transaction records: 7 years for tax and accounting purposes
• Support communications: 3 years from last contact

9. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These include:

• ISO 27001 certified information security management system
• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication measures
• Staff training on data protection

10. Your Rights Under GDPR

Under UK GDPR and the Data Protection Act 2018, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Request restriction of processing in certain circumstances
• Portability: Receive your data in a structured, machine-readable format
• Object: Object to processing based on legitimate interests or direct marketing
• Withdraw consent: Where processing is based on consent
• Automated decisions: Not be subject to solely automated decision-making

To exercise these rights, please contact us at [email protected]. We will respond within one month as required by law.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated: ico.org.uk/make-a-complaint

11. Cookies

We use privacy-focused analytics that do not require cookies. For information about cookies used by third-party services on our website, please see our Cookie Policy.

12. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

14. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your data, please contact us: