Privacy Policy

payora is operated by 256 Grays HQ. We provide HR and payroll management software for Indian businesses. This policy explains how we collect, use, and protect your personal data in compliance with the Digital Personal Data Protection Act, 2023 (DPDPA) and other applicable Indian laws.

Account data: Name, email address, phone number, organization name, and role — provided during registration.

Employee data: Names, designations, salary details, bank account information, PAN, Aadhaar (optional), PF/ESI numbers, attendance records, leave records — entered by your organization.

Usage data: Login timestamps, feature usage patterns, device information, IP addresses — collected automatically for security and service improvement.

Location data: GPS coordinates during attendance check-in and Field Tracker usage — collected only when the employee initiates a check-in action.

We use your data exclusively to: (a) provide and operate the payora platform; (b) process payroll calculations including PF, ESI, TDS, and PT; (c) generate payslips, reports, and compliance documents; (d) send transactional emails (payslips, notifications, password resets); (e) provide AI-powered workforce insights; (f) improve the Service based on aggregated, anonymized usage patterns.

We do not sell your data. We do not share your data with advertisers. We do not use your data to train AI models outside of your organization.

Your data is stored on Supabase (PostgreSQL) infrastructure. All data is encrypted at rest and in transit. We implement row-level security (RLS) ensuring complete tenant isolation — no organization can access another organization's data. Regular backups are maintained. Access to production systems is restricted to authorized personnel only.

We share data only with the following categories of service providers, and only to the extent necessary to operate the Service:

Supabase — database hosting and authentication

Razorpay — payment processing

Resend — transactional email delivery

Google (Gemini) — AI Insights processing (data is not stored by Google)

Vercel — application hosting

We do not share your data with any other third parties unless required by law.

Under the Digital Personal Data Protection Act, 2023, you have the right to:

Access — request a copy of all personal data we hold about you

Correction — request correction of inaccurate or incomplete data

Erasure — request deletion of your personal data

Data portability — export your data in standard formats (Excel)

To exercise these rights, contact us at hello@payora.net or use the Data and Privacy section in your dashboard.

We retain your data for as long as your account is active. Upon account deletion, all data enters a 30-day grace period during which you can reactivate. After 30 days, all data is permanently and irreversibly deleted from our systems and backups.

We use Plausible Analytics, which is privacy-focused and does not use cookies. No personal data is collected by our analytics. The Service itself uses essential cookies for authentication and session management only — no tracking cookies, no advertising cookies.

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children.

We may update this policy from time to time. Material changes will be communicated via email at least 30 days before they take effect.

For privacy-related questions or to exercise your data rights, contact us at hello@payora.net.