Back to home

Privacy Policy

Last updated 24 June 2026

Draft template. This document is a starting point and has not yet been reviewed by legal counsel. Have a qualified lawyer review and adapt it (incl. Bangladesh data-protection requirements) before relying on it.

This policy explains how Paylio Technologies Ltd. handles personal data in the Paylio HR & payroll platform. For employee data, your employer (the organisation using Paylio) is the data controller and Paylio is the processor acting on its instructions.

1. Data we process

To provide HR and payroll services we process identity and contact details, employment and compensation data, attendance and leave records, and statutory identifiers (e.g. NID, TIN, bank account). Sensitive identifiers are encrypted at rest.

2. How we use it

We use the data only to provide the Service to your organisation — running payroll, tracking attendance and leave, generating payslips and statutory reports, and supporting administrators. We do not sell personal data.

3. Legal basis & instructions

As a processor, we act on your organisation’s documented instructions and applicable law. Your organisation is responsible for the lawful basis of the data it submits and for notices to its employees.

4. Sharing

We share data with sub-processors strictly to operate the Service (e.g. cloud hosting, authentication, email delivery), under contractual confidentiality and security obligations. We disclose data to authorities only where legally required.

5. Security

We apply technical and organisational safeguards: encryption of sensitive fields at rest, encrypted transport (TLS), role-based access control, access auditing for sensitive reads, and regular backups. No system is perfectly secure; we work to continuously improve.

6. Retention

We retain personal data for as long as needed to provide the Service and to meet your organisation’s legal and statutory retention obligations, then delete or anonymise it.

7. Your rights

Employees should direct requests to access, correct, or delete their data to their employer (the controller). Your organisation can use Paylio’s tools to action these requests; we assist as processor.

8. International transfers

Where data is processed outside Bangladesh by a sub-processor, we use appropriate safeguards consistent with applicable data-protection law.

9. Contact

Privacy questions or requests: privacy@paylioo.com. Paylio Technologies Ltd., Dhaka, Bangladesh.