Steer Workforce

← Blog · Industry Analysis

After Salarium: What PH Software Buyers Should Demand Now

By Arup Maity · Published May 12, 2026 · 11 min read

On December 31, 2023, Salarium suspended operations indefinitely.

If you used them, you already know the rest. If you didn’t, here’s what happened: customer bank accounts had been frozen since August. The CEO vanished. The offices closed. ₱15M+ of customer funds was reportedly held hostage. One mid-sized engineering company couldn’t pay its employees for the August 15 cutoff. Customer data was deleted during the suspension period.

I’m not writing this to dance on the grave. The Salarium team had built useful software. People I know worked there. Real harm was done, and the worst of it landed on small business owners who trusted the platform with their employees’ livelihoods.

I’m writing this because two and a half years later, the PH market hasn’t fully metabolized the lesson. We’re back to evaluating SaaS vendors the way we did before — on features, price, and gut feel. We should be evaluating them on something more.

What Actually Went Wrong

Salarium had two products: a payroll/HR SaaS, and SALPay, a disbursement service that included an e-wallet, a debit Mastercard, and a 2017-era ICO (“SALPay coins”). Customers used SALPay to actually pay employees — money flowed from the company’s bank, into SALPay, out to the employees’ SALPay accounts.

In August 2023, SALPay went out of service. Funds that should have flowed to employees got stuck. Customers couldn’t access them. By the time it was clear something was structurally wrong, weeks had passed. Then months. Then the CEO was unreachable, the offices were closed, and the announcement that operations were suspending came on December 31.

The most chilling sentence in that announcement: customer data would be deleted and inaccessible during the suspension period.

That’s the part to remember. Not the missing funds — those are recoverable through legal process, slowly. The deleted data is what should chill every PH SaaS buyer.

Why It Could Have Been Any of Them

Don’t read this as “Salarium was uniquely bad.” Read it as “Salarium had structural risks that exist in every PH SaaS vendor, and they materialized.” The risks are still there. Other vendors haven’t necessarily fixed them.

Single-founder dependency. Many PH SaaS companies are built around one founder. If that founder gets sick, leaves, or makes a bad call, the company has no fallback. This isn’t unique to SaaS or to PH — but it’s worth thinking about when you’re trusting a vendor with payroll.

No data escrow. Almost no PH SaaS vendor has a data-escrow arrangement. If they go down, your data goes down with them. Some vendors lose your data before they lose your trust.

Concentrated payment infrastructure. SALPay was the disbursement layer. When it failed, payroll failed. Vendors that build their own payment rails — instead of integrating with banks — concentrate risk in a way that customers don’t see until it’s too late.

Crypto exposure. SALPay had an ICO history. When the underlying token economy went sideways, it pulled the disbursement service down with it. Crypto-adjacent SaaS in payroll is uniquely risky and almost never disclosed to buyers.

Unilateral data deletion clauses. Read your SaaS contracts. Most PH vendors have language that lets them delete your data with minimal notice. Most customers don’t notice these clauses until activated.

What PH Software Buyers Should Demand Now

If you’re evaluating a SaaS vendor for payroll, HR, or any system handling employee data, demand the following. Not as a wish list. As table-stakes.

1. Standard-format data export, anytime, no charge.

You should be able to export your full data — employees, payroll history, contracts, audit trail — in CSV or JSON, without negotiation, without notice, without a “we’ll get back to you in 5 business days.” Test this in the trial. If it’s hard, walk away.

2. Documented data residency.

Where is your data physically stored? Which country, which provider? “The cloud” is not an answer. Demand specifics. If they can’t tell you, they don’t know.

3. Bank-direct payment rails, not vendor-operated wallets.

Payroll should disburse from your bank to employees’ banks. The vendor’s role is to generate the right files (bank disbursement files in BSP-prescribed format) and provide the audit trail. The moment a vendor holds your funds in their own wallet between your bank and the employee’s bank, you’re an unsecured creditor of that vendor.

4. Independent backup customer can verify.

Ask: “if your service goes down, what happens to my data?” The right answer involves backups in independent infrastructure, with documented restoration procedures, that you can verify. The wrong answer is “trust us.”

5. Liability limits and force majeure clauses you’ve actually read.

Most SaaS contracts cap vendor liability at 12 months’ fees. That’s roughly equal to ₱100K–₱500K for a mid-sized customer. If your vendor losing your data costs you ₱50M, the contract isn’t going to make you whole. This is normal industry practice — but you should know what you’re signing.

6. Operational transparency.

Vendors that disclose their team, their funding, their leadership, their roadmap, and their public security posture are easier to trust than vendors that don’t. This isn’t about size; small companies can be more transparent than large ones. It’s about willingness to be visible.

7. A working “what if you go down” plan.

Ask the vendor: what happens if you go out of business tomorrow? The good answer involves customer data being recoverable for at least 12 months post-shutdown, payment rails being usable independently of the vendor, and integration code being open or documented enough for customers to migrate. Most vendors won’t have a great answer. Note who does.

What I Did Differently

I built Steer Workforce knowing all of this. The decisions were specific:

  • PH customer data on PH-hosted infrastructure (Coolify on SSDNodes, with GCS backups in Singapore region)
  • No vendor-operated wallets — payroll generates BSP-format bank files; disbursement happens through your bank
  • Standard-format export available anytime via tRPC API
  • Singapore-incorporated entity provides legal continuity even if I personally step back
  • 10-year retention by default (BIR requirement) — not vendor-discretion
  • Documented sub-processor list (Anthropic for AI, Resend for email, Cloudflare R2 for files, Stripe for payments, PostHog for analytics — that’s it)
  • Force majeure and liability terms readable in 5 minutes, no legal jargon

I’m not claiming Steer Workforce is bulletproof. Bulletproof companies don’t exist. I’m claiming the choices were made with the Salarium lesson explicit, not implicit.

If you’re evaluating us — or any other vendor — these are the questions. Use them. The vendor who answers all seven cleanly is the one who deserves your payroll.

The Broader Point

The PH SaaS market is going to expand a lot in the next five years. The 2026 generation of buyers is going to make the same mistakes the 2018 generation made if we don’t institutionalize the lessons. Not at the vendor level — vendors will always sell what’s easy to sell. At the buyer level. Filipino business owners need to develop muscle around evaluating software the way they evaluate banks: with skepticism, with documentation, with assumption of failure.

Salarium taught that lesson at a high price. Don’t let it be free.

— Arup

If you want to read more about how we built Steer Workforce with these constraints in mind, see our Security page and Why I Built Steer Workforce.

— Arup Maity

Founder of Steer Workforce and Xamun, founder/chairman of BlastAsia, Adjunct Faculty at AIM, and Director of the Philippine Software Industry Association.

Join the waitlist Talk to Arup