Live sandbox open Try TaviPay right now · No signup, no booking — open the live demo and click around. Open the demo →
Sign In Try the Demo

Legal

Privacy Policy

How we collect, use, store, and protect your data — in plain language.

Effective 1 August 2026 · Last updated 8 June 2026

This Privacy Policy describes how Pro Accountants, a Fiji-registered partnership (“we”, “us”, or “TaviPay”), collects, uses, discloses, and protects information when you use the TaviPay payroll service available at app.tavipay.com (the “Service”). It applies to subscribers, their employees who use the Employee Self Service portal, and visitors to our marketing website.

1. Who we are

TaviPay is operated by Pro Accountants, a partnership constituted and operating under the laws of the Republic of Fiji. Our principal place of business is in Suva, Fiji. You can reach us at support@tavipay.com or via our main firm at www.accountants.com.fj.

2. Information we collect

We collect information in three categories:

Account information — the details you provide when you sign up: business name, contact name, email address, phone number, employer identification numbers (FRCS TIN, FNPF Employer Number, FNU Employer Number), and billing information.

Employee records you upload — data about your employees that you enter or import into TaviPay so we can process payroll. This typically includes names, dates of birth, FRCS TIN, FNPF membership number, bank account details, addresses, employment dates, pay rates, tax codes, and dependants’ information where you record it.

Usage information — technical data we collect automatically: IP address, browser type, pages viewed, actions taken in the Service (recorded in our audit log), and session identifiers. We use this to keep the Service secure, debug issues, and meet our audit obligations.

3. Why we collect it and how we use it

We use the information you provide to deliver and improve the Service. Specifically: to calculate wages, taxes, and statutory deductions; to generate payslips, bank files, and statutory return files for upload to FRCS, FNPF, and FNU; to send notifications you have configured; to provide customer support; to investigate suspected misuse or security incidents; and to comply with our own legal and audit obligations.

We do not use the personal information of your employees for marketing. We do not sell information to third parties.

4. Who we share information with

We share information only in the following circumstances:

Statutory authorities, at your direction. When you generate a PAYE return, FNPF CS file, FNU contribution file, or any other statutory file in TaviPay, you choose when to upload that file to the relevant regulator. TaviPay does not transmit data to regulators on your behalf without your action.

Sub-processors who help us run the Service. We use a small set of trusted third parties to operate TaviPay: Supabase (database hosting), Hostinger (server hosting), and email infrastructure providers for sending payslips and notifications. Each sub-processor is bound by confidentiality terms and processes data only on our instructions. A current sub-processor list is available on request.

Integrations you enable. If you connect an integration such as Xero, data flows between TaviPay and that integration only as described in our integration documentation, and only after you authorise the connection. You can disconnect at any time.

When required by law. If we receive a lawful order from a Fijian court, regulator, or law enforcement agency, we will comply to the extent legally required, and notify you unless we are prohibited from doing so.

5. Where data is stored

TaviPay data is stored on managed infrastructure in the Asia-Pacific region, hosted by Supabase. Database backups are encrypted at rest. All connections to TaviPay are encrypted in transit using TLS 1.2 or higher.

6. How we protect information

We maintain administrative, technical, and physical safeguards designed to protect information against unauthorised access, alteration, disclosure, or destruction. These include encryption in transit and at rest; role-based access controls within the Service; multi-factor authentication for sign-in; immutable audit logging of sensitive actions; least-privilege access for our own staff; and periodic security reviews of our code and infrastructure.

No system is perfectly secure. If we become aware of a security incident affecting your data, we will notify you without undue delay.

7. How long we keep information

We retain payroll, tax, and employee records for the periods required by Fijian law — principally the seven-year retention requirement under the Tax Administration Act 2009 and related regulations — and for as long as you maintain an active subscription. After you terminate your subscription, you may export all of your data using the export tools in the Service. We will retain a copy as required by law and then delete or anonymise it.

8. Your rights

You can access and correct most of the information about yourself and your business through the Service’s admin panel. Your employees can access their own payslips and personal records through the Employee Self Service portal. If you would like a copy of information not visible in the Service, or if you would like data corrected or deleted, write to support@tavipay.com and we will respond within ten business days.

Some information cannot be deleted on request because we are required by law to retain it. Where this is the case we will explain why.

9. Cookies and analytics

We use a small number of strictly necessary cookies to keep you signed in and to remember preferences such as which company tenant you are viewing. We do not use third-party advertising cookies, and we do not run cross-site behavioural tracking. We may use privacy-respecting analytics to measure aggregate usage of our marketing site.

10. Children

TaviPay is a workplace tool. It is not designed for use by anyone under the age of sixteen, and we do not knowingly collect information about anyone under sixteen except where their employer lawfully records them as an employee. If you believe we hold information about a child that should not be held, contact us and we will investigate.

11. International data transfers

Our infrastructure is located in the Asia-Pacific region. If you access TaviPay from outside Fiji, your data may transit through other regions in the normal course of internet routing. Our sub-processors operate from multiple jurisdictions and may process limited operational data outside Fiji. We require all sub-processors to maintain protections substantially equivalent to those described in this Policy.

12. Changes to this Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify subscribers by email and post a notice in the Service at least thirty days before the changes take effect. The “Last updated” date at the top of this Policy will always reflect the most recent version.

13. Contact us

Questions about this Policy, or about how we handle information, can be sent to:

Pro Accountants — TaviPay
Suva, Fiji
Email: support@tavipay.com
Firm site: www.accountants.com.fj