Skip to main content
Check PayslipTax CodeGuidesCalculatorsGlossaryAbout
Check My Payslip

Trust and security

A payslip is one of the most sensitive documents you own. Here is exactly how we treat yours, with no fine print and no surprises.

Our seven privacy promises

  1. EXIF metadata is stripped before processing. Camera location, timestamp, and device identifier are removed inside the upload pipeline before any analysis runs.
  2. Images are processed in memory and discarded. Photos and PDFs are not written to disk. Once the result is returned, the image is gone.
  3. We never train AI models on your data. Your payslip is not used as training data, fine-tuning data, or evaluation data, ever.
  4. We are supervised by the Irish Data Protection Commission. Our lead supervisory authority is the DPC, headquartered in Dublin.
  5. GDPR Article 22 compliance. No solely automated decision has legal or similarly significant effect on you. Every action you take based on our results is informed by you, the human.
  6. Sub-processors are disclosed. Our hosting (AWS Dublin), payments (Stripe Ireland), and email (Postmark EU) sub-processors are listed publicly and updated when we make changes.
  7. Right to delete in one click. Hit the delete button in your account and every record we hold about you is removed within 24 hours.

Data flow in plain English

When you upload a payslip:

  1. Your browser sends the image to our edge endpoint over TLS 1.3.
  2. EXIF and other metadata are stripped at the edge.
  3. Optical character recognition runs in a stateless Lambda function in eu-west-1 (Dublin).
  4. The extracted figures are validated against the 2026 Irish PAYE, USC, and PRSI rules.
  5. The result is returned to your browser and shown on the page.
  6. The original image and the temporary text are discarded.

If you choose to save the result, only the structured numbers and your account email are stored, encrypted at rest with AES-256.

What we will never do

  • Sell your data to advertisers, recruiters, or banks.
  • Share your figures with employers, unions, or government departments without a court order.
  • Use your data for marketing without explicit opt-in.
  • Store images longer than the duration of the request.

What we will do

  • Tell you within 72 hours if a personal data breach occurs.
  • Provide a portable copy of your data within 30 days of a request.
  • Allow full account deletion via the dashboard, no support ticket needed.
  • Publish an annual transparency report.

Sub-processors

  • Amazon Web Services Ireland (Dublin): hosting and compute, eu-west-1 region only.
  • Stripe Payments Europe Ltd (Dublin): card processing for paid tiers.
  • Postmark / ActiveCampaign (EU): transactional and opt-in email.
  • Cloudflare Inc.: DDoS and bot protection, EU data localisation enabled.

Reporting concerns

Our Data Protection Officer can be reached at dpo@payslipiq.co.uk. You can also lodge a complaint directly with the Data Protection Commission at dataprotection.ie.

Read our accessibility statement, our advertising policy, and our full privacy policy for the legal text behind these promises.

This page is informational. The full legal terms are set out in our Privacy Policy and Terms of Service.