Privacy Policy

Last updated: 26 June 2026

1. Introduction

Payo (“we”, “our”, “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Payo platform. By using Payo, you agree to the practices described in this policy.

2. Information We Collect

We collect the following categories of information:

Account Information

  • Your name, email address, and phone number
  • Your business name, TIN, and business details
  • Your account password (stored as a secure hash — never in plain text)

Business Data

  • Invoice and proforma data you create
  • Client names, contact details, and payment history
  • Payment records and transaction data
  • Business logo and branding assets you upload

Usage Data

  • How you use the Service (features accessed, actions taken)
  • Device and browser information
  • IP address and approximate location

Payment Information

  • Credit purchase history and transaction references. We do not store card numbers or Mobile Money credentials — all payment processing is handled by Paystack.

3. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the Payo Service
  • Process your payments and manage your credit balance
  • Generate invoices, PDFs, and receipts on your behalf
  • Send invoices and reminders to your clients as instructed by you
  • Send you account-related emails (verification, password reset, receipts)
  • Calculate Ghana tax figures based on your business configuration
  • Improve the Service based on usage patterns
  • Comply with legal and regulatory obligations in Ghana

We do not use your data for advertising purposes. We do not sell your personal data to any third party.

4. Data Sharing

We share your data only with the following third parties, and only as necessary to provide the Service:

  • Paystack — payment processing for credit top-ups and online invoice payments
  • Google (Gemini AI) — AI-powered invoice checking and reminder generation. Invoice data is sent to the AI model only when you explicitly trigger an AI feature.
  • Resend — transactional email delivery (invoice emails, receipts, account notifications)
  • SMS provider — delivery of SMS reminders to your clients when you request them
  • Railway / Vercel — cloud infrastructure for hosting the Service

All third-party providers are contractually required to handle your data securely and only for the purposes we specify.

5. Data Storage and Security

Your data is stored on secure servers hosted on Railway. We use industry-standard security measures including:

  • 256-bit SSL/TLS encryption for all data in transit
  • Encrypted storage for sensitive data at rest
  • Secure password hashing (passwords are never stored in plain text)
  • JWT-based authentication with token expiry
  • Regular security updates and monitoring

While we take every reasonable precaution, no system is completely secure. We encourage you to use a strong, unique password for your Payo account.

6. Your Client's Data

When you add your clients to Payo, you are responsible for ensuring you have the right to store and process their personal information. You should inform your clients that their contact details and invoice information are stored and processed using Payo. We act as a data processor on your behalf for your clients' data.

7. Your Rights

You have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Correction — request correction of inaccurate data
  • Deletion — request deletion of your account and associated data
  • Export — request an export of your business data before account closure
  • Objection — object to processing of your data in certain circumstances

To exercise any of these rights, contact us at admin@genplatform.io. We will respond within 30 days.

8. Cookies

Payo uses minimal cookies and local storage to maintain your session (authentication tokens) and remember your preferences. We do not use advertising cookies or third-party tracking cookies. You can clear your browser cookies at any time, which will log you out of your Payo account.

9. Data Retention

We retain your data for as long as your account is active. If you close your account, your data is retained for 30 days to allow for recovery before being permanently deleted. Invoice data may be retained for longer where required by Ghanaian tax law. Transaction records related to payments are retained for a minimum of 7 years in accordance with financial record-keeping requirements.

10. Children's Privacy

Payo is intended for use by adults aged 18 and over. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected information from a minor, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through a notice in the Service. The date at the top of this page shows when the policy was last updated.

12. Contact

If you have any questions or concerns about this Privacy Policy or how we handle your data, please contact us at admin@genplatform.io.