Skip to content
AstaBill

Legal

Privacy Policy

Last updated: 2026-03-20

Policy version: 2026.03.20-gh-v2

1. General

1.1. PayLedger ("Company", "we", "us", "our"), contact email: legal@payledger.co, processes your personal data as part of your use of our products ("Products") or platform ("Platform" and, together with the Products, "Services"). We deal with your personal data in a confidential and responsible way. The processing of your personal data takes place in compliance with the Ghana Data Protection Act, 2012 (Act 843) and other applicable data protection laws.

1.2. In this Privacy Policy we provide you with information about the nature, scope, and purposes of data collection and use, and offer insight into the processing of your personal data.

1.3. For some of our Products we will only process data pursuant to the purposes and means you determine. In these cases, we will provide you with separate data processing agreements.

1.4. The controller for the processing of your personal data is the Company. You can contact us via the address below or by email at legal@payledger.co.

Company address:

PayLedger

8 Sam Nujoma Road, North Ridge, Accra, Ghana

Email: legal@payledger.co

2. Data We Process

2.1. General: We process personal data that you as a user of the Services make available to us, for example upon registration or when using the Services (the "Data").

2.2. Website Use: If you visit our website, we process only personal data that your browser communicates to our server. We collect the following data, which is necessary to display the website correctly and guarantee stability and security:

  • IP address
  • Date and time stamp
  • Requested page, referrer URL, transmitted data volume
  • Access status / HTTP status code
  • Browser, operating system, interface, language, and browser version

2.3. Registration Data: Upon registration we collect and process the following information:

  • Registration details: date of registration, password (stored as a secure hash)
  • Personal information: first name, last name, email address, phone number
  • Business information (optional): business name, address, tax number, logo
  • Payment information: Paystack sub-account details (bank or mobile money provider, account number); payment dates, invoice IDs, currency, amounts

2.4. Product Use Data: Data processed when using the Services — such as invoices, customer records, and payment data you create — is processed by us only as a processor, not as a controller. Please see the separate data processing agreement for details.

3. Why We Process Your Data

3.1. Purpose: The processing of Data pursues the following purposes ("Purposes"):

  • Provide and improve the Services
  • Customer relations management, including service communications and product updates
  • Security and stability of the Services
  • Compliance with legal and financial obligations

3.2. Lawfulness of Processing: The lawfulness of processing stems from:

  • Your consent, where we have asked your explicit consent
  • The necessity for the performance of the contract between you and the Company, as your data is needed for satisfactory use of the Services
  • The necessity for the purposes of the legitimate interests pursued by the Company or by a third party
  • Compliance with a legal obligation to which the Company is subject

3.3. Legitimate Interests: The legitimate interests are to monitor, analyse, and improve the Services; to protect the security, integrity, performance, and functionality of the Services; and to provide you with relevant product communications.

4. How We Use and Transfer Your Personal Data

4.1. Use: We use Data that you, as a user of the Services, have provided to us only for the Purposes.

4.2. Transfer: We transmit Data to third parties only if this is (i) necessary for the Purposes, such as when we use service providers, (ii) required by a national authority or court order, or (iii) you have consented beforehand.

4.3. Service Providers: For some parts of our Services, we use third-party providers to process data on our behalf, including:

  • Paystack Holdings Inc. — payment processing and sub-account management
  • Resend Inc. — transactional email delivery
  • Neon Inc. — managed database hosting
  • Render Inc. — API server hosting and infrastructure
  • Vercel Inc. — web application hosting and edge delivery
  • PostHog Inc. — product analytics (page views, feature usage, user behaviour)
  • Functional Software, Inc. (Sentry) — error monitoring and performance diagnostics

When using some of these service providers, data may be transferred to servers located outside Ghana. We ensure that all service providers maintain adequate data protection standards and contractual obligations consistent with applicable law.

5. Storage and Data Safety

5.1. Storage Period: We store your Data for as long as you are a registered user of the Services. Beyond that, we only store Data if it is legally necessary (for example, due to accounting, tax, or retention obligations) or otherwise required.

5.2. Deletion: Data will be deleted if you (a) revoke your consent to storage, (b) the Data is no longer needed to fulfil the user contract, or (c) storage is or becomes legally impermissible. A deletion request does not affect Data where storage is legally required, for example for financial or audit records.

5.3. Safety Measures: To avoid unauthorised access and to secure your Data, we apply the following measures: encrypted transmission (TLS), encrypted storage at rest, role-based access controls, audit logging, data backup procedures, and physical security measures for servers. These measures are regularly reviewed and updated.

6. Your Rights

6.1. Exercise of Rights: To exercise the rights described below, please send a request by email to legal@payledger.co or by mail to the address in Section 1.4.

6.2. Revocation of Consent: You may revoke consent for future data processing at any time. This does not affect the lawfulness of processing carried out before revocation.

6.3. Right of Access: You have the right to obtain confirmation as to whether your Data is being processed by us and, if so, to receive specific information including processing purposes, categories of Data, potential recipients, and storage duration.

6.4. Right to Rectification: You have the right to obtain correction of inaccurate Data. Where Data we process is incorrect, we will rectify it without undue delay and inform you.

6.5. Right to Erasure: If you no longer want us to process your Data, please send a deletion request to legal@payledger.co. We will erase your Data and inform you. Where mandatory law prevents erasure, we will inform you without undue delay.

6.6. Right to Restriction of Processing: You have the right to request restriction of processing of your Data where:

  • You have disputed the accuracy of the Data, pending verification
  • You believe processing is unlawful but oppose erasure
  • You require the Data for the establishment, exercise, or defence of legal claims
  • You have objected to processing pending verification of legitimate grounds

6.7. Right to Data Portability: You have the right to receive your Data in a structured, commonly used, and machine-readable format, and to transmit that Data to another controller without hindrance from us.

6.8. Right to Object: You have the right to object at any time to the processing of your Data based on legitimate interests.

6.9. Right to Lodge a Complaint: You have the right to lodge a complaint with the Data Protection Commission of Ghana if you believe that the processing of your Data infringes applicable data protection law.

7. Cookies

7.1. What are Cookies? The website uses cookies — small text files placed on your device by your browser. When you return to our website, your browser sends the stored cookie back to our server. Cookies may be used to manage authentication sessions, remember preferences, or analyse usage.

7.2. Disabling Cookies: You may disable cookies through your browser settings (for example, in Chrome, Firefox, Safari, or Edge). However, disabling certain cookies may impair the full functionality of the Services.

7.3. Cookie Policy: Please see our Cookie Policy for more information on the categories of cookies we use and how to manage your preferences.

8. Analytics and Monitoring

8.1. We use PostHog (PostHog Inc.) to understand how the platform is used. PostHog collects page views, feature interactions, and user behaviour in aggregate form. Data is associated with your account identifier but is used only for product improvement purposes. You may opt out by adjusting your notification and privacy settings within the Service.

8.2. We use Sentry (Functional Software, Inc.) for error monitoring and performance diagnostics. Sentry may capture technical identifiers such as user ID, email address, device type, browser version, and request details when an error occurs in the application. This data is used solely to diagnose and resolve technical issues and is not shared with third parties for marketing purposes.

8.3. Both services operate under data processing agreements with PayLedger and are contractually prohibited from using your data for their own purposes.

9. Changes to This Privacy Policy

9.1. If the Company decides to change this Privacy Policy, it will post those changes directly in the Services. Where changes are material to your data protection rights, you will be asked to confirm acceptance before continuing to use the Services.

Back to home