Data residency
Employee data is stored in a dedicated, isolated tenant partition. Data at rest is encrypted; data in transit is protected with TLS. No employee record is shared across tenants without an explicit, logged action.
PDPL Statement
The Personal Data Protection Law (PDPL) is Saudi Arabia's privacy regulation. PayDay is built around it — not retrofitted to it. This statement explains how.
Last updated 2026-05-21
Consent
PDPL consent is captured through an in-platform consent flow at the point of employee onboarding. The employee sees a clear, plain-language statement of what data is held and why before they activate their account. Consent state is recorded against the employee record and visible from account settings.
Rights
Access, correction, and deletion requests are handled through the platform admin and employer admin tiers. Every change to consent state is attributed, timestamped, and retained in the audit trail. The audit trail is paginated, filterable, and exportable for regulatory submission.
Data minimisation
We hold the data needed to deliver the service: identity, salary, IBAN, and transaction history. We do not collect data we do not use. We do not run behavioural tracking on employee usage beyond what is required for service delivery and fraud prevention.
Contact for PDPL matters
For PDPL requests, complaints, or audits, email support@payday.sa with the request type noted. We route to our compliance team and respond within the timeframes set by law.