Privacy Policy
Last updated: 6 July 2026
1. Scope and roles under POPIA
This policy explains how Burse (Pty) Ltd ("Burse") processes personal information through the Service. For employee payroll data submitted by a Customer company, that company is the responsible party under the Protection of Personal Information Act, 2013 (POPIA), and Burse acts as an operator processing the data only on the Customer's instructions. For account holders (business owners and accountants) and website visitors, Burse is the responsible party.
2. What we collect
| Category | Examples |
|---|---|
| Account data | Name, email, password (hashed), role |
| Company data | Company name, registration number, PAYE/UIF/SDL reference numbers |
| Employee data | Name, ID number, salary, banking details, leave records, tax status |
| Usage data | Login timestamps, audit log entries (approvals, downloads, invites) |
3. Why we process it
- To calculate PAYE, UIF, SDL and ETI and generate payslips and payroll reports.
- To generate bank payment files for Customer-initiated salary payments.
- To operate accountant invitations and role-based access control.
- To maintain an audit trail of payroll approvals and data access.
- To respond to support requests sent to hello@burse.co.za.
4. Storage, security and sub-processors
Data is stored in a Postgres database hosted by Supabase, secured with row-level security policies so a company's payroll data is only readable by that company's owner and accepted accountants. Bank account numbers are masked to the last 4 digits everywhere in the interface except the owner's own edit form and the bank payment file the owner generates. We do not sell personal information to third parties.
5. Retention
Payroll records are retained for as long as the Customer account is active, and for a reasonable period after closure to meet South African statutory retention requirements for payroll and tax records (generally five years). Customers may request deletion sooner where not inconsistent with those obligations.
6. Data subject rights
Employees and account holders may request access to, correction of, or deletion of their personal information by contacting their employer (for payroll data) or Burse directly at hello@burse.co.za (for account data). You may also lodge a complaint with the Information Regulator of South Africa.
7. Cookies
Burse uses only the essential cookies/local storage needed to keep you signed in. We do not use third-party advertising or tracking cookies.
8. Changes to this policy
We may update this policy as the Service evolves. Material changes will be reflected by updating the date at the top of this page.
9. Contact
Questions or requests regarding this policy: hello@burse.co.za