Terms of Service

1. Introduction and Acceptance

These Terms of Service ("Terms") govern access to and use of the HumanCapital platform (the "Platform"), operated by Vistinct Consultancy (Pty) Limited under the trading name "HumanCapital" (the "Operator").

The Platform is a managed Human Resources, payroll, and compliance service designed for organisations operating in Zimbabwe. It is provided to corporate, institutional, and government clients ("Clients") under a written service agreement, and is accessed by authorised users of those Clients and by the employees, agents, and beneficiaries associated with those Clients.

These Terms apply to:

• Each Client that has entered into a service agreement with the Operator;
• Each Authorised User acting on behalf of a Client (administrators, payroll operators, payroll reviewers, approvers, and other roles defined in the Platform);
• Each Employee or other Data Subject of a Client who interacts with the Platform through the Web portal, the WhatsApp Business channel, or any other channel the Platform offers;
• Any Visitor to the Platform's public website.

By accessing or using the Platform, each of the parties listed above agrees to these Terms. Where these Terms are inconsistent with the written service agreement between the Operator and a Client, the service agreement prevails as between Operator and Client; these Terms govern the relationship with Authorised Users, Employees, and Visitors.

2. Definitions

In these Terms, capitalised terms have the meanings given below:

• "Agent" means an automated assistant operated by the Platform on behalf of an Authorised User or Employee, in accordance with the Platform's three-tier autonomy model (see clause 8).
• "Authorised User" means an individual user account, registered with the Operator, that has been granted permission by a Client to access the Platform on behalf of that Client.
• "Client" means an organisation that has entered into a service agreement with the Operator for use of the Platform.
• "Employee" means a natural person whose employment, contracting, or beneficiary relationship with a Client is administered through the Platform.
• "Operator" means Vistinct Consultancy (Pty) Limited, trading as HumanCapital.
• "Platform" means the HumanCapital software, services, infrastructure, and operational support, including the Web portal, the WhatsApp Business channel, the email channel, the application programming interfaces, and any agent capabilities offered as part of the service.
• "Service Agreement" means the written agreement between the Operator and a Client governing the commercial terms of the Client's use of the Platform.
• "Visitor" means any person who accesses the Platform's public website without being a Client, an Authorised User, or an Employee.

2A. Abbreviations

The following abbreviations are used in these Terms:

3. Eligibility and Account Creation

3.1 Business and Institutional Use

The Platform is offered to organisations only. Individuals may use the Platform only as Authorised Users acting on behalf of a Client, as Employees of a Client, or as Visitors to the public website.

3.2 Client Onboarding

A Client becomes eligible to use the Platform on signature of the Service Agreement and completion of onboarding procedures determined by the Operator. Onboarding includes data validation, configuration of statutory and benefit-scheme parameters, parallel-run validation where applicable, channel-binding for self-service, and a controlled transition to production use.

3.3 Authorised User Accounts

Authorised User accounts are created by the Client through the Platform's invitation workflow, subject to the Platform's role and authorisation rules. A user is responsible for the security of their credentials, including password and any second-factor authentication device. Sharing of credentials, transfer of accounts, and circumvention of authorisation rules are prohibited.

3.4 Employee Self-Service Access

Where the Client has enabled employee self-service, an Employee gains access by binding and verifying a channel (Web account, WhatsApp Business number, or verified email address). Each channel binding is subject to verification before use. A channel identifier may bind to at most one Employee at any time. Re-binding a channel identifier requires explicit deactivation and re-verification.

3.5 No Use by Children

The Platform is not directed to children under the age of 16. Where a child appears as a designated beneficiary of an adult's benefit scheme (for example, a medical aid dependant), the data is collected from and used in respect of the adult member only.

3.6 Compliance with Local Law

Use of the Platform must at all times comply with the laws of Zimbabwe and, in respect of the country from which the user is accessing the Platform, the laws of that country.

4. The Service

The Platform is a managed HR, payroll, and compliance service. The substantive scope of services is defined in the Service Agreement; the description in this clause 4 is a high-level summary.

4.1 Payroll Operations

Calculation of gross pay, statutory withholdings, benefit-scheme contributions, financial deductions, and net pay; production of payslips; coordination of bank disbursement; reconciliation against bank statements, statutory submissions, and benefit remittance schedules. The Platform supports multi-currency operations, including United States Dollars and Zimbabwe Gold.

4.2 Statutory Compliance

Calculation, recording, and support of remittance for: PAYE and the AIDS Levy (ZIMRA); contributions under POBS and APWCS (NSSA); NEC sector levies; ZIMDEF; the Standards Development Levy. The Platform applies versioned, gazette-referenced statutory parameters. Where statutory parameters change, the Platform's calculation engine is updated to use the new parameters from the effective date specified in the gazette.

4.3 Benefit-Scheme Administration

Configuration and operation of pension funds, medical aid schemes, group life cover, funeral cover, and similar benefit schemes; calculation of employee and employer contributions; production of remittance schedules formatted for submission to fund administrators, medical aid societies, and insurers.

4.4 Leave Administration

Maintenance of leave balances and accruals; processing of leave requests, approvals, takes, encashments, and termination payouts; production of leave-liability reports for financial provisioning. The leave ledger is append-only: corrections are recorded as new entries with explicit reason codes, never as edits to historical entries.

4.5 Employee Self-Service

Through the Web portal and (where enabled) the WhatsApp Business channel, Employees may view their own records (payslips, leave balances), submit leave requests, and update non-sensitive profile information. highly sensitive information, including bank-account details and identity-document numbers, may not be transmitted through messaging channels. Changes to bank details and similar information must be processed through the Web channel by an authorised HR Administrator.

4.6 Agent Capabilities

Where the Client has enabled agent capabilities, an Agent assists Authorised Users and Employees with routine tasks. Agent operation is governed by clause 8.

4.7 Audit and Reporting

The Platform produces statutory reports, reconciliation reports, payroll registers, leave-liability schedules, and a complete audit trail for every state-changing action. Audit logs are tamper-evident and retained as described in the Privacy Policy.

4.8 Service Levels

Service availability, response times, and other operational metrics are defined in the Service Agreement applicable to each Client. The Operator targets continuous availability for production payroll operations, subject to scheduled maintenance windows and unforeseen events.

5. Acceptable Use

The Platform is provided to support lawful, professional payroll and HR operations. Each user undertakes that they will not, and will not permit any other person to:

1. Use the Platform for any purpose other than the lawful administration of HR, payroll, leave, benefits, and related functions on behalf of a Client;
2. Access, attempt to access, or facilitate access to data of a Client other than the Client on whose behalf the user is authorised to act, including by exploiting any vulnerability or by manipulating identifiers;
3. Use the Platform to process Personal Information for which the user lacks a lawful basis, including direct marketing, profiling for purposes unrelated to employment, or processing on behalf of any party other than the Client;
4. Attempt to bypass, disable, or interfere with the Platform's authorisation, separation-of-duties, audit, rate-limiting, anti-forgery, or other security controls;
5. Submit, upload, or otherwise process data that is unlawful, defamatory, infringing of intellectual property rights, or in breach of confidentiality owed to any third party;
6. Introduce any malicious code, virus, worm, or similar harmful component into the Platform;
7. Reverse-engineer, decompile, or disassemble any part of the Platform, except to the extent permitted by mandatory law;
8. Use automated agents, scraping, or scripting against the Platform other than the Agent capabilities the Operator has provided as part of the service, save with prior written permission;
9. Resell, sublicense, or otherwise commercially exploit the Platform without prior written agreement with the Operator;
10. Use the Platform in any manner that would cause the Operator or any Client to be in breach of applicable law.

The Operator reserves the right to suspend or terminate access in response to a breach of this clause, in accordance with clause 13.

6. Client Responsibilities

In addition to obligations under the Service Agreement, each Client undertakes:

6.1 Data Accuracy

To provide accurate, complete, and up-to-date information about Employees, statutory parameters specific to the Client (such as NEC classification), benefit schemes, bank details, and other data necessary for the operation of the Platform. The Operator's outputs are only as reliable as the data on which they are based.

6.2 Authority and Lawful Basis

To ensure that the Client has all necessary authority and lawful basis under the Cyber and Data Protection Act and other applicable law to provide Personal Information to the Operator and to instruct the Operator to process it.

6.3 Authorised User Management

To maintain accurate records of who is an Authorised User on the Client's behalf, to assign appropriate roles, to revoke access promptly when personnel change roles or leave the Client, and to enforce its own internal controls in conjunction with the Platform's separation-of-duties enforcement.

6.4 Statutory Filings

While the Platform produces returns, schedules, and reports formatted for submission to ZIMRA, NSSA, NEC, ZIMDEF, the SDF authority, fund administrators, medical aid societies, and other recipients, the legal obligation to file rests with the Client. The Operator's output is a tool for the Client's compliance, not a substitute for the Client's own discharge of its obligations.

6.5 Cooperation on Data Subject Requests

To cooperate with the Operator and Data Subjects in responding to access, correction, deletion, and other rights requests under the Cyber and Data Protection Act, in accordance with the Privacy Policy and the Service Agreement.

6.6 Notification of Material Changes

To notify the Operator promptly of any material change in the Client's circumstances that affects the Operator's ability to deliver the service correctly, including changes of legal name, statutory registration numbers, NEC classification, and benefit-scheme arrangements.

7. Separation of Duties and Approval Discipline

The Platform structurally enforces separation of duties to protect the integrity of payroll outcomes. Authorised Users acknowledge and agree to the following enforced rules:

1. The Authorised User who creates a payroll run may not approve it.
2. The Authorised User who calculates a payroll run may not reconcile it.
3. No Authorised User may simultaneously hold the Payroll Operator and Payroll Reviewer roles for the same Client.
4. The Authorised User who creates an Employee record may not verify it.
5. Garnishee orders may be created, modified, or cancelled by an Administrator only.
6. Salary loan authorisation must be performed by an Authorised User other than the one who entered the loan.
7. Leave request submission and approval must be by different Authorised Users; an Employee cannot submit and approve their own leave even if they hold an approver role for their team.
8. Bank-account-detail changes and similar highly sensitive amendments are structurally restricted to authorised HR Administrator users via the Web channel; they are not available through self-service or messaging channels.

These rules are enforced by the Platform's authorisation layer; an attempt to circumvent them constitutes a breach of clause 5.

Once a payroll run has been approved, its outputs are immutable. Corrections take the form of a new Correction Run that is itself processed and approved through the standard workflow. The Platform does not permit retroactive editing of approved runs.

8. Agent Services

8.1 Three-Tier Autonomy

Where a Client has enabled Agent capabilities, the Agent operates under a three-tier autonomy model:

• Autonomous capabilities — read-only and low-risk reversible actions, performed without separate confirmation. Examples: answering policy questions; retrieving a leave balance the actor is entitled to view.
• Propose-and-Confirm capabilities — the Agent drafts a specific reviewable proposal; a human confirms before execution. Examples: submitting a leave request on behalf of an Employee; updating a non-sensitive profile field.
• Forbidden capabilities — actions that are structurally unavailable to any Agent, regardless of configuration, regardless of the actor's role. Examples: changing bank-account details; approving a leave request the actor submitted; initiating payroll-run approval.

8.2 Scope Inheritance

The Agent has no identity of its own for data access. It inherits the scope of the human acting-on-behalf-of, and every Agent action flows through the same authorisation, separation-of-duties, and audit checks as a direct human action. A compromised Agent session cannot see, or do, more than the human acting-on-behalf-of could see or do directly.

8.3 Audit

Every Agent action — proposal, confirmation, execution, or refusal — is recorded in the audit log alongside the Agent session, the human acting-on-behalf-of, and the capability invoked. Rejected and blocked capability attempts are logged as first-class events.

8.4 Limitations

The Operator does not warrant that any Agent capability will produce a correct, complete, or commercially-suitable output for every input. Agent output is suggestive in respect of Propose-and-Confirm capabilities; the human confirmer is responsible for reviewing and approving any output before it takes effect.

9. Channel Parity and Channel-Specific Limitations

The Platform applies the same business rules, authorisation checks, and audit treatment to actions submitted through any channel, including the Web portal, the WhatsApp Business channel, and the API. A leave request submitted from WhatsApp produces identical domain commands, identical state transitions, and identical audit records to one submitted from the Web.

Notwithstanding channel parity:

• Highly sensitive data (bank-account details, identity-document numbers, tax references) is not transmitted over messaging channels and is not available for self-service modification.
• Sensitive actions within an active session may require fresh authentication (for example, a one-time password) before execution.
• Sessions on messaging channels are time-bounded and expire after a defined period of inactivity.

The Operator may, on operational or security grounds, disable a particular channel for some or all users. Notice will be given where reasonably practicable.

10. Intellectual Property

10.1 Operator Intellectual Property

All intellectual property in the Platform, including software, configuration models, calculation engines, schemas, the leave-ledger architecture, the agent autonomy framework, and the Operator's documentation, is and remains the property of the Operator or its licensors. Nothing in these Terms transfers any intellectual property to a Client, an Authorised User, an Employee, or a Visitor.

10.2 Client Data

The Client retains all rights in the Client data it provides to or through the Platform. The Client grants the Operator the rights necessary to process Client data for the purposes of providing the service, including for the Operator's internal operational integrity, security, and legitimate-interests processing as set out in the Privacy Policy.

10.3 Aggregated and De-Identified Data

The Operator may produce aggregated and de-identified analyses of Platform-wide trends — for example, statutory-parameter distribution, reconciliation-error frequency, ESS adoption — provided that the analyses do not identify and cannot reasonably be used to identify any Client, Authorised User, Employee, or other Data Subject. The Operator may use such aggregated analyses for service improvement and for industry benchmarking.

10.4 Feedback

Where any user provides feedback, suggestions, or improvement ideas to the Operator, the Operator may use that feedback for any purpose, without obligation to the originator, save where the feedback is provided under separate confidentiality terms.

11. Confidentiality

The Operator and each user undertake to treat as confidential any non-public information disclosed by the other in connection with the Platform, including business processes, employee data, statutory configuration, security details, and commercial terms. Confidentiality survives termination of these Terms.

The Operator's specific obligations in respect of Personal Information are set out in the Privacy Policy and the Service Agreement.

12. Fees, Payment, and Tax

Fees for the Operator's service are set out in the Service Agreement applicable to each Client. Authorised Users, Employees, and Visitors are not personally liable for fees.

The Platform is not, in itself, a billing engine for the Client's relationship with its employees or with statutory bodies; the Client remains responsible for the discharge of its own financial obligations.

All fees are exclusive of value-added tax, withholding tax, and similar taxes, which are payable additionally by the Client where applicable.

13. Suspension and Termination

13.1 Suspension

The Operator may suspend access to the Platform, in whole or in part, where:

• The Operator reasonably believes a security incident is in progress and suspension is necessary to contain it;
• An Authorised User is in breach of clause 5 (Acceptable Use);
• A Client is in material breach of the Service Agreement, including non-payment of fees, where applicable notice has been given;
• Continued access would expose the Operator to legal or regulatory risk.

Where suspension is imposed, the Operator will provide notice in accordance with the Service Agreement and these Terms, save where notice would frustrate the purpose of the suspension.

13.2 Termination

These Terms may be terminated:

• By the Operator on the termination of the Service Agreement;
• By the Operator immediately on a breach incapable of remedy, or on a remediable breach not remedied within thirty (30) days of written notice;
• In respect of an Authorised User account, by the Client on revocation of the user's authorisation;
• In respect of an Employee's self-service access, on cessation of the underlying employment relationship or on revocation by the Client.

13.3 Effect of Termination

On termination:

• The user's right to access the Platform ceases, save for any structured wind-down period agreed in the Service Agreement;
• The Operator will, in accordance with the Service Agreement and applicable law, provide for export of Client data, retention of statutory and audit records, and secure deletion or de-identification of operational data after the wind-down period;
• Provisions which by their nature should survive termination — including confidentiality, limitation of liability, intellectual property, governing law, and dispute resolution — survive.

14. Limitation of Liability

14.1 Nature of the Service

The Platform is designed to operate at institutional standard. Notwithstanding, the Operator's liability is limited as follows.

14.2 No Implied Warranty Beyond Stated Service

The Platform is provided on the basis of the express service descriptions and service levels in the Service Agreement. Save as expressly set out, the Operator gives no warranty that the Platform will meet any particular requirement, that operation will be uninterrupted, that any defect will be corrected within a particular period, or that outputs will be free from any error.

The Operator does not warrant the accuracy of inputs provided by the Client. Outputs are calculations against stated rules and stated inputs; if inputs are incorrect, outputs will reflect the incorrect inputs.

14.3 Excluded Loss

To the maximum extent permitted by law, the Operator is not liable for:

• Indirect, consequential, or special loss;
• Loss of profit, loss of business opportunity, loss of goodwill, or loss of anticipated savings, save where these flow directly and reasonably foreseeably from a breach of an express obligation;
• Any loss attributable to the Client's failure to provide accurate and timely information, to the Client's misconfiguration of statutory or benefit-scheme parameters that the Operator is entitled to rely on, or to the Client's breach of its own obligations under applicable law.

14.4 Cap on Liability

To the maximum extent permitted by law, the Operator's aggregate liability for all claims arising in connection with the Platform in any twelve-month period is capped as set out in the Service Agreement, and in any event does not exceed the fees actually paid by the Client to the Operator in respect of that period.

14.5 Liability Not Excluded

Nothing in these Terms excludes or limits liability for: fraud or fraudulent misrepresentation; death or personal injury caused by the Operator's negligence; or any other liability that cannot be excluded or limited by law.

14.6 Authorised Users, Employees, and Visitors

The Operator's contractual relationship for fees and service levels is with the Client. Authorised Users, Employees, and Visitors have no claim under these Terms in respect of fees, service levels, or commercial terms, save as expressly provided. Nothing in this clause limits a Data Subject's statutory rights under the Cyber and Data Protection Act or other applicable law.

15. Indemnity

To the extent permitted by law, the Client indemnifies the Operator against any third-party claim arising from:

• The Client's provision of inaccurate, unlawful, or unauthorised data to the Platform;
• The Client's use of the Platform in breach of these Terms or applicable law;
• The Client's failure to discharge its own statutory or contractual obligations in respect of which the Platform supports compliance.

The Operator will notify the Client promptly of any such claim, give the Client the opportunity to control the defence (subject to the Operator's reasonable consent on settlement), and cooperate at the Client's reasonable expense.

16. Force Majeure

Neither party is liable for delay or failure to perform any obligation under these Terms (other than payment of fees due) to the extent the delay or failure is caused by an event beyond the party's reasonable control, including acts of God, war, civil disturbance, government action, currency disruption, large-scale telecommunications or power failure, or pandemic. The party affected will use reasonable efforts to resume performance and will keep the other party informed.

17. Governing Law and Jurisdiction

17.1 Governing Law

These Terms are governed by the laws of Zimbabwe.

17.2 Jurisdiction

The High Court of Zimbabwe has exclusive jurisdiction to determine any dispute arising in connection with these Terms, subject to clause 17.3.

17.3 Alternative Dispute Resolution

Before commencing litigation, the parties will use reasonable efforts to resolve any dispute through good-faith discussion at executive level, and may agree to refer the dispute to mediation conducted by a mediator agreed between them. Nothing in this clause prevents either party from seeking urgent interim relief in any competent court.

18. Notices

18.1 Notices to the Operator

Notices to the Operator shall be in writing and addressed to:

18.2 Notices to Clients, Authorised Users, and Employees

Notices to a Client are issued in accordance with the Service Agreement. Notices to an Authorised User or Employee are issued through the Platform's verified channels (Web portal account, verified email address, or, for non-sensitive operational notices, the bound WhatsApp Business number).

19. General

19.1 Entire Agreement

These Terms, together with the Service Agreement (where applicable), the Privacy Policy, the Data Protection Notice, and the Cookies Policy, constitute the entire agreement between the parties in respect of the Platform.

19.2 Severability

If any provision of these Terms is held to be invalid or unenforceable, that provision shall be struck out and the remaining provisions shall continue in full force.

19.3 No Waiver

A failure or delay by the Operator in enforcing any provision of these Terms is not a waiver of the right to enforce that provision later.

19.4 Assignment

No user may assign or transfer their rights or obligations under these Terms without the Operator's prior written consent. The Operator may assign its rights to a successor in connection with a corporate reorganisation, sale, or merger, on notice to affected Clients.

19.5 Updates to these Terms

The Operator may update these Terms from time to time. Material changes will be communicated to Clients in accordance with the Service Agreement; Authorised Users, Employees, and Visitors will be made aware through publication on the Platform's website. Continued use of the Platform after notice of an update constitutes acceptance.

19.6 Language

These Terms are published in English. In the event of inconsistency between any translation and the English version, the English version prevails.