Back to Home

KhamiPay Privacy Policy

Effective Date: June 6, 2025 | Last Updated: February 19, 2026

POLYMATH SOLUTIONS PRIVATE BUSINESS CORPORATION (P.B.C) ("Polymath Solutions," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our payroll management service, KhamiPay (the "Service").

We comply with the Cyber and Data Protection Act [Chapter 12:07] of Zimbabwe.

1. Information We Collect

We collect information to provide and improve our Service. This includes:

  • Personal Data: Name, email address, phone number, national ID number, and employment details of you and your employees.
  • Financial Data: Bank account details, salary information, and tax identification numbers (TIN/BP Number) for payroll processing.
  • Usage Data: Information on how you access and use the Service, including IP addresses, browser types, and log data.

2. How We Use Your Information

We process your data for the following specific purposes:

  • To calculate and process payroll, taxes (PAYE), and statutory contributions (NSSA, NEC).
  • To generate payslips and compliance reports (ZIMRA P2, NSSA P4).
  • To verify your identity and prevent fraud.
  • To communicate with you regarding service updates, security alerts, and support.
  • To comply with legal obligations under Zimbabwean law.

3. Data Residency and Transfer

Your data is primarily processed and stored securely.

  • Primary Storage: We use enterprise-grade cloud servers (Supabase/AWS) which may host data outside of Zimbabwe.
  • Compliance: We ensure that any cross-border transfer of data complies with Section 28 of the Cyber and Data Protection Act, ensuring an adequate level of protection.

4. Data Sharing and Sub-processors

We do not sell your personal data. We may share data with:

  • Statutory Bodies: ZIMRA, NSSA, and NECs as required by law for tax and labor compliance.
  • Service Providers: Third-party vendors who assist in service delivery (e.g., Auth0 for authentication, Resend for emails). These sub-processors are bound by strict confidentiality agreements.

5. Data Security

We implement industry-standard security measures, including encryption in transit (SSL/TLS) and at rest, access controls, and regular security audits to protect your data from unauthorized access, alteration, or destruction.

6. Your Rights

Under the Cyber and Data Protection Act, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure ("Right to be Forgotten"): Request deletion of your data, subject to legal retention requirements (e.g., tax laws requiring 6-year retention).
  • Object: Object to the processing of your data for direct marketing purposes.

To exercise these rights, please contact us at privacy@polymathsolutions.co.zw.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date."

9. Contact Us

If you have any questions about this Privacy Policy, please contact us:

POLYMATH SOLUTIONS PRIVATE BUSINESS CORPORATION (P.B.C)
Reg: PBC 1007/2021 | TIN: 2001896700
Phone: +263 71 267 6093
info@polymathsolutions.co.zw