Privacy Policy

Last updated: 6 July 2026

This is a general template describing how Burse's platform is built to handle data, not a substitute for legal advice. It should be reviewed by a South African attorney familiar with POPIA before publication.

1. Scope and roles under POPIA

This policy explains how Burse (Pty) Ltd ("Burse") processes personal information through the Service. For employee payroll data submitted by a Customer company, that company is the responsible party under the Protection of Personal Information Act, 2013 (POPIA), and Burse acts as an operator processing the data only on the Customer's instructions. For account holders (business owners and accountants) and website visitors, Burse is the responsible party.

2. What we collect

CategoryExamples
Account dataName, email, password (hashed), role
Company dataCompany name, registration number, PAYE/UIF/SDL reference numbers
Employee dataName, ID number, salary, banking details, leave records, tax status
Usage dataLogin timestamps, audit log entries (approvals, downloads, invites)

3. Why we process it

4. Storage, security and sub-processors

Data is stored in a Postgres database hosted by Supabase, secured with row-level security policies so a company's payroll data is only readable by that company's owner and accepted accountants. Bank account numbers are masked to the last 4 digits everywhere in the interface except the owner's own edit form and the bank payment file the owner generates. We do not sell personal information to third parties.

5. Retention

Payroll records are retained for as long as the Customer account is active, and for a reasonable period after closure to meet South African statutory retention requirements for payroll and tax records (generally five years). Customers may request deletion sooner where not inconsistent with those obligations.

6. Data subject rights

Employees and account holders may request access to, correction of, or deletion of their personal information by contacting their employer (for payroll data) or Burse directly at hello@burse.co.za (for account data). You may also lodge a complaint with the Information Regulator of South Africa.

7. Cookies

Burse uses only the essential cookies/local storage needed to keep you signed in. We do not use third-party advertising or tracking cookies.

8. Changes to this policy

We may update this policy as the Service evolves. Material changes will be reflected by updating the date at the top of this page.

9. Contact

Questions or requests regarding this policy: hello@burse.co.za