Privacy Policy

Last updated: December 2024

1. Introduction

Welcome to xPOS ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our xPOS mobile application, web application, and desktop application (collectively, the "Service").

Important: xPOS does NOT collect sensitive personal data such as biometric data, health information, financial account numbers, or government-issued identification numbers. We only collect minimal information necessary to provide our point-of-sale services.

2. Information We Collect

2.1 Information You Provide

We collect only the following information that you voluntarily provide:

  • Account Information: Name, email address, phone number (for account creation and communication)
  • Business Information: Business name, business address, tax identification number (for invoicing and reporting)
  • Product and Order Data: Product names, prices, quantities, order details (stored locally and synced to your account)
  • Transaction Data: Sales transactions, payment amounts, payment methods (for order management and reporting)

We do NOT collect: Credit card numbers, bank account details, social security numbers, driver's license numbers, passport numbers, or any other sensitive financial or identification information. Payment processing is handled securely by third-party payment processors.

2.2 Automatically Collected Information

When you use our Service, we automatically collect limited technical information:

  • Device Information: Device type, operating system version, app version (for compatibility and support)
  • Usage Data: Features accessed, session duration, error logs (for improving app performance)
  • IP Address: Collected for security and fraud prevention purposes

We do NOT collect: Precise location data, browsing history, contacts, photos, or other personal files from your device.

2.3 Third-Party Payment Processors

When you process payments through xPOS, payment information is handled directly by third-party payment processors (such as Stripe, PayPal, or other payment gateways). We do not store, process, or have access to your payment card details. Please review the privacy policies of these third-party services for information about how they handle your payment data.

3. How We Use Your Information

We use the information we collect solely for the following purposes:

  • To provide, maintain, and improve our Service
  • To process and manage your orders and transactions
  • To generate reports and analytics for your business
  • To manage your account and provide customer support
  • To send you important service updates and notifications
  • To detect, prevent, and address technical issues and security threats
  • To comply with legal obligations and enforce our terms of service

We do NOT: Sell your information to third parties, use your information for advertising purposes, or share your information except as described in this policy.

4. Data Storage and Security

4.1 Data Storage

Your data is stored securely on our servers using industry-standard encryption. We also provide local data storage on your device for offline functionality. Data is synced securely between your devices when you are connected to the internet.

4.2 Security Measures

We implement appropriate technical and organizational security measures to protect your information:

  • Encryption of data in transit (SSL/TLS)
  • Encryption of data at rest
  • Regular security audits and updates
  • Access controls and authentication
  • Secure server infrastructure

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

5. Information Sharing and Disclosure

We do NOT sell your personal information. We may share your information only in the following limited circumstances:

  • Service Providers: With trusted third-party service providers who assist us in operating our Service (e.g., cloud hosting, analytics, customer support). These providers are contractually obligated to protect your information.
  • Legal Requirements: When required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to users.
  • With Your Consent: When you explicitly consent to sharing your information.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide you with our Service. If you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal, tax, or regulatory purposes.

Transaction and order data may be retained for longer periods as required by law or for business record-keeping purposes, but will be anonymized where possible.

7. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request access to your personal data
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal data (subject to legal requirements)
  • Portability: Request a copy of your data in a structured, machine-readable format
  • Objection: Object to processing of your data
  • Restriction: Request restriction of processing
  • Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us using the contact information provided at the end of this Privacy Policy. We will respond to your request within 30 days.

8. Children's Privacy

Our Service is not intended for individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. We take appropriate safeguards to ensure that your information receives an adequate level of protection in accordance with this Privacy Policy.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information is collected, used, shared, or sold
  • The right to delete personal information held by us
  • The right to opt-out of the sale of personal information (we do not sell personal information)
  • The right to non-discrimination for exercising your privacy rights

11. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including those listed in Section 7 above. Our legal basis for processing your information includes:

  • Performance of a contract (providing our Service to you)
  • Legitimate interests (improving our Service, security, fraud prevention)
  • Legal obligations (compliance with applicable laws)
  • Consent (where you have provided it)

12. Cookies and Tracking Technologies

Our web application may use cookies and similar tracking technologies to enhance your experience and analyze usage patterns. Cookies are small data files stored on your device. You can control cookie preferences through your browser settings. Our mobile and desktop applications do not use cookies but may use similar technologies for app functionality.

We do NOT use tracking technologies for advertising purposes or to track you across third-party websites.

13. Third-Party Links and Services

Our Service may contain links to third-party websites or integrate with third-party services (such as payment processors, cloud storage providers). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information to them.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by:

  • Posting the updated policy on this page
  • Updating the "Last updated" date
  • Sending you an email notification (if you have provided an email address)
  • Displaying a notice in the app

Your continued use of our Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Email: kimsoer.coder@gmail.com
  • Phone: +85598498845
  • Address: Svay Bak, Russy Keo, Phnom Penh

For data protection inquiries in the European Union, you may also contact your local data protection authority.