SaleDock Cloud POS

Privacy Policy

Last updated: May 2026

SaleDock Cloud POS ("SaleDock," "we," "us") provides a cloud-based point-of-sale platform for retail businesses. This Privacy Policy explains how we collect, use, and protect your information when you use our service. This is a GDPR-aligned policy and does not constitute legal advice.

1. Data Controller and Contact

SaleDock Cloud POS is the data controller for the personal data collected through the platform.

fardan.aatir@outlook.com

If you have a signed-in account, you can also submit privacy requests directly from Settings → Privacy Center.

2. Personal Data We Collect

Account Information

  • Full name
  • Email address
  • Phone number (if provided)
  • Profile picture URL (if provided via OAuth or upload)
  • Login provider identifiers (email/password hash or OAuth provider ID)

Shop Information

  • Shop name, business subtitle, and description
  • Shop address and phone number
  • Shop logo and branding assets
  • Social media links
  • Location / Google Maps link

Business Data

  • Products and inventory (names, SKUs, barcodes, prices, stock levels)
  • Customer information (names, phone numbers, emails, ledgers)
  • Invoices, receipts, and transaction records
  • Repair job records and status history
  • Expense records
  • Business reports and daily closing summaries
  • Backup and import files

OAuth Data

If you sign in via Google or Facebook (when enabled), we receive the email address, name, and profile picture associated with your OAuth provider. We do not receive your password or any other data from those accounts.

Technical and Usage Data

  • Audit and security logs (login attempts, access records, actions performed)
  • Session data and IP addresses
  • Technical usage data for platform operation and improvement

3. Purpose and Lawful Basis

We process your personal data for the following purposes and on the following lawful bases:

  • Account creation and authentication — to create your account, authenticate your identity, and authorize access to your shop (performance of a contract).
  • Providing POS services — to enable sales, inventory, repairs, invoices, expenses, reports, backups, and all core platform features (performance of a contract).
  • Security and audit logs — to detect and prevent abuse, fraud, or unauthorized access (legitimate interest).
  • Customer support — to communicate with you about your account, invoices, or support requests (performance of a contract / legitimate interest).
  • Legal, tax, and accounting obligations — to comply with applicable legal requirements (legal obligation).
  • Optional OAuth sign-in — to allow sign-in via Google or Facebook when you choose to use those providers (consent).

4. Data Minimization

We collect only the personal data that is necessary for account creation, shop setup, security, and POS operations. We do not collect data beyond what is required for these purposes.

5. Data Separation

Each organization or shop operates in an isolated data partition with row-level security. Your business data is accessible only to users within your organization and is never visible to users of other organizations. Platform administrators have access limited to aggregated, non-identifying usage data and the ability to suspend accounts — they do not access your business transactions or customer data.

6. Data Sharing

We do not sell your personal data or business data to advertisers or third parties. We may share data only:

  • With your explicit consent
  • To comply with a legal obligation or court order
  • To protect the rights, property, or safety of SaleDock, our users, or others
  • With service providers who help us operate the platform (see section on processors below), under data processing agreements

7. Data Retention

We retain your personal data for as long as your account or shop is active. After a verified deletion request, eligible data will be deleted or anonymized within a reasonable period, unless retention is required by law, security, audit, fraud prevention, dispute resolution, tax, or accounting obligations. Some limited records may be retained for the duration required by applicable statutory periods.

8. User Rights

Depending on your jurisdiction, including under the GDPR if applicable, you may have the following rights:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate or incomplete data
  • Erasure — request deletion of your data (see Data Deletion Instructions)
  • Restriction — request restriction of processing in certain circumstances
  • Portability — request your data in a machine-readable format
  • Objection — object to processing based on legitimate interest
  • Withdraw consent — withdraw consent where processing is based on consent (e.g., OAuth login)
  • Complaint — lodge a complaint with a supervisory authority where applicable

To exercise these rights, contact us at the email below. We will respond within the timelines required by applicable law.

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS)
  • Row-level security (RLS) in the database for tenant isolation
  • Role-based access controls
  • Audit logging of security-relevant actions
  • Input sanitization and SQL injection hardening
  • No service-role key exposure in client-side code

However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

10. Processors and Vendors

We use the following service providers to operate the platform. Their processing of your data is governed by their applicable data processing terms:

  • Supabase Inc. — authentication, database, and storage services
  • Vercel Inc. — hosting and deployment infrastructure
  • Google LLC — optional OAuth login (where enabled by the user)
  • Meta Platforms, Inc. — optional OAuth login (where enabled by the user)

11. International Transfers

Your data may be processed outside the country where you are located, depending on infrastructure and vendor locations. Where the GDPR applies, we rely on appropriate safeguards for international transfers, including Standard Contractual Clauses where offered by our vendors, or other recognized transfer mechanisms under applicable law.

12. Breach Response

Security incidents are assessed for risk to data subjects. Where the GDPR or other applicable law requires, the relevant supervisory authority and affected users will be notified according to applicable timelines.

13. Special Category Data

SaleDock is not designed to collect or process special category data (health, biometric, genetic, political opinions, religious beliefs, trade union membership, sexual orientation, or similar sensitive data). Users should not enter such data into the platform.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via email or a platform notice. Continued use of SaleDock after changes takes effect constitutes acceptance of the updated policy.

15. Contact

For privacy-related questions, requests, or concerns, contact:

fardan.aatir@outlook.com

Data Deletion·Terms of Service