Security Overview
Trusted by South African Businesses
Enterprise-grade security protecting sensitive payroll data for companies across South Africa
Comprehensive Security Features
End-to-End Encryption
AES-256 encryption for data at rest and TLS 1.3 for data in transit
- Bank-grade encryption standards
- Zero-knowledge architecture
- Encrypted database storage
Multi-Factor Authentication
Required MFA for all user accounts with multiple authentication methods
- SMS and email verification
- Authenticator app support
- Hardware token compatibility
Access Controls
Role-based permissions with principle of least privilege
- Granular permission system
- Regular access reviews
- Automated de-provisioning
24/7 Monitoring
Continuous security monitoring and threat detection
- Real-time threat analysis
- Automated incident response
- Security event logging
Data Backup & Recovery
Automated backups with point-in-time recovery capabilities
- Daily automated backups
- Geographic redundancy
- Tested recovery procedures
Secure Infrastructure
Enterprise-grade cloud infrastructure with physical security
- Tier 3+ data centers
- Network segmentation
- DDoS protection
Data Protection & Privacy
Data Classification & Handling
Highly Sensitive Data
ID numbers, banking details, salary information - encrypted with AES-256, access logged and monitored
Sensitive Data
Employee personal information, contact details - encrypted with role-based access
Internal Data
System logs, usage analytics - encrypted with controlled access
Data Lifecycle Management
Data Collection
Minimal data collection with explicit consent and purpose limitation
Data Processing
Automated processing with human oversight and audit trails
Data Storage
Encrypted storage with geographic redundancy and access controls
Data Retention & Deletion
Automated retention policies with secure deletion procedures
Compliance & Certifications
POPIA
CompliantProtection of Personal Information Act (South Africa)
ISO 27001
In ProgressInformation Security Management
SOC 2 Type II
PlannedSecurity & Availability Controls
GDPR
CompliantGeneral Data Protection Regulation
POPIA Compliance Commitment
As a South African company handling personal information, we are fully compliant with the Protection of Personal Information Act (POPIA). We have implemented comprehensive data protection measures and appointed a Data Protection Officer to ensure ongoing compliance.
Network & Infrastructure Security
Secure Hosting
- • Tier 3+ data centers
- • 24/7 physical security
- • Environmental controls
- • Redundant power systems
Network Protection
- • Web Application Firewall
- • DDoS mitigation
- • Intrusion detection
- • Network segmentation
Monitoring & Alerts
- • Real-time monitoring
- • Automated threat detection
- • Security incident alerts
- • Performance monitoring
Security Incident Response
Response Procedures
Detection & Analysis
Automated monitoring systems detect and analyze potential security incidents
Containment
Immediate containment measures to prevent further damage or data exposure
Investigation & Recovery
Thorough investigation and system recovery with enhanced security measures
Communication & Lessons Learned
Transparent communication with affected parties and process improvements
Response Timeframes
Report a Security Issue
If you discover a potential security vulnerability, please report it immediately:
security@paymax.co.zaSecurity Questions & Support
Security Team
For security-related questions, vulnerability reports, or compliance inquiries:
Data Protection Officer
For privacy-related questions, data subject requests, or POPIA compliance:
Security is Our Priority
We continuously invest in security measures and welcome feedback from our users. If you have suggestions for improving our security practices, please don't hesitate to reach out.