Last Updated: June 7, 2026

At StepUp HRM, we are committed to protecting the privacy and security of your personal and corporate data. This Privacy Policy describes how we collect, use, share, and protect information when you use our cloud-based Human Resource Management System (HRMS) Software-as-a-Service (SaaS) platform (the "Software") and website.

1. Information We Collect

We collect information necessary to provide and improve the Software. This includes:

• Account Details: Contact details (names, emails, phone numbers) of company administrators registering for a StepUp account.
• Employee Records: Data entered by you regarding your workforce (including employee names, salaries, bank details, tax PINs, department, job titles, and attendance logs) to enable payroll, leave, and clock-in services.
• Usage Logs: Information about how users interact with the Software (IP addresses, browser type, timestamps, page clicks, and system activity).

2. How We Use the Information

We use the collected data strictly for the following purposes:

• To set up, configure, and maintain your organization's HRMS tenant.
• To process payroll calculations, statutory tax deductions, and self-service payslips.
• To validate branch locator clock-in coordinates and track attendance log timings.
• To provide customer support, troubleshoot system errors, and respond to inquiries.
• To monitor system performance, secure our infrastructure, and prevent fraud or abuse.

3. Data Sharing and Disclosures

We do not sell, rent, or trade your employee or organizational data to third parties. We only share information under the following limited circumstances:

• Service Providers: Trusted third-party vendors who assist us in providing our infrastructure, email services, and database backups, subject to strict confidentiality agreements.
• Legal Compliance: If required by law, subpoena, or government authority to comply with legal processes or protect the rights and safety of our users.

4. Data Security & Hosting

StepUp implements industry-standard technical and organizational security measures to protect your information, including:

• Encryption of data in transit (using SSL/TLS protocols) and at rest.
• Role-based access controls ensuring employees only see data they are explicitly authorized to access.
• Regular security updates, vulnerability scanning, and daily automated database backups.

5. Your Rights & Access Controls

As a Client, you have full control over the employee data stored within your StepUp instance. You can add, edit, or delete employee records at any time. Under applicable data protection acts (such as the Kenya Data Protection Act), individuals whose data is processed by StepUp have rights to access, correct, or request deletion of their personal information. These requests should be directed to the organization's HR administrator.

6. Cookies and Tracking Technologies

We use essential cookies to maintain user sessions and authenticate logins. We also utilize basic analytics cookies (like Google Analytics) to gather aggregated, non-identifying traffic information to improve website performance and user experience.

7. Updates to this Policy

We may update this Privacy Policy from time to time to reflect changes in our software features or regulatory standards. Any material changes will be communicated to Client administrators via email or a notification within the platform dashboard.