Zim-PayConnect

Privacy Policy

Last Updated: February 12, 2026

1. Our Core Principle: Ephemeral Processing

Zim-PayConnect is built on a "Zero Data Liability" architecture. We believe that the best way to protect sensitive payroll data is to not have it.

We process your data in Random Access Memory (RAM) only. Once the processing session is complete and your output files are generated, all raw employee data is immediately and permanently destroyed from our active memory.

2. Information We Collect

We only collect and store the minimum information necessary to manage your account and subscription:

  • Account Information: Name, email address, and encrypted password.
  • Organization Details: Company name, Taxpayer ID (TIN), billing address, and Tax/Exchange Rate Configuration.
  • Transaction Logs: Metadata about processing events (e.g., "File processed at 10:00 AM", "Success/Fail status", "Record count"). We do NOT log employee names, salaries, or IDs.
  • Payment Info: We do not store credit card details. Payments are processed by Pesepay.

3. How We Process Payroll Data

When you upload a payroll file:

  1. The file is transmitted via an encrypted (SSL/TLS) connection.
  2. The data is loaded into volatile memory (RAM) for validation and calculation.
  3. Output files (Tax returns, Pay slips) are generated and sent back to your browser.
  4. The memory is cleared. No copy of the file is written to our disk storage.

4. Data Retention & Ephemeral Storage

Payroll Output: Most output files (Tax returns, CSVs) are sent directly to your browser and never touch our disk storage.

Ephemeral Payslip Sharing:

To allow your employees to download their individual payslips, the generated payroll package is stored encrypted and for a maximum of 24 hours. After 24 hours (or upon manual deletion), the file is permanently purged from our short-term storage.

Access is provided via signed, employee-specific URLs. We do not store employee names, salaries, or tax IDs in our database or Redis cache—only a cryptographic "token" that maps to the encrypted file.

Account Data: We retain account and subscription data as long as your account is active. You may request deletion of your account at any time.

5. Third-Party Services

We use trusted third-party services for specific functions:

  • Pesepay: For payment processing.
  • Vercel/AWS: For hosting infrastructure (encrypted and transient).

6. Contact Us

If you have questions about this Privacy Policy, please contact us at munya.mrewa@vextraldigital.com.