Back to Home
Back to Home
SaleDock

Privacy Policy

Last updated: May 2026

SaleDock Cloud POS ("SaleDock," "we," "us") provides a cloud-based point-of-sale platform for retail businesses. This Privacy Policy explains how we collect, use, and protect your information when you use our service. This is a GDPR-aligned policy and does not constitute legal advice.

1. Data Controller and Contact

SaleDock Cloud POS is the data controller for the personal data collected through the platform.

fardan.aatir@outlook.com

If you have a signed-in account, you can also submit privacy requests directly from Settings → Privacy Center.

2. Personal Data We Collect

Account Information

  • Full name
  • Email address
  • Phone number (if provided)
  • Profile picture URL (if provided via OAuth or upload)
  • Login provider identifiers (email/password hash or OAuth provider ID)

Shop Information

  • Shop name, business subtitle, and description
  • Shop address and phone number
  • Shop logo and branding assets
  • Social media links
  • Location / Google Maps link

Business Data

  • Products and inventory (names, SKUs, barcodes, prices, stock levels)
  • Customer information (names, phone numbers, emails, ledgers)
  • Invoices, receipts, and transaction records
  • Repair job records and status history
  • Expense records
  • Business reports and daily closing summaries
  • Backup and import files

OAuth Data

If you sign in via Google or Facebook (when enabled), we receive the email address, name, and profile picture associated with your OAuth provider. We do not receive your password or any other data from those accounts.

Technical and Usage Data

  • Audit and security logs (login attempts, access records, actions performed)
  • Session data and IP addresses
  • Technical usage data for platform operation and improvement

3. Purpose and Lawful Basis

We process your personal data for the following purposes and on the following lawful bases:

  • Account creation and authentication — to create your account, authenticate your identity, and authorize access to your shop (performance of a contract).
  • Providing POS services — to enable sales, inventory, repairs, invoices, expenses, reports, backups, and all core platform features (performance of a contract).
  • Security and audit logs — to detect and prevent abuse, fraud, or unauthorized access (legitimate interest).
  • Customer support — to communicate with you about your account, invoices, or support requests (performance of a contract / legitimate interest).
  • Legal, tax, and accounting obligations — to comply with applicable legal requirements (legal obligation).
  • Optional OAuth sign-in — to allow sign-in via Google or Facebook when you choose to use those providers (consent).

4. Data Minimization

We collect only the personal data that is necessary for account creation, shop setup, security, and POS operations. We do not collect data beyond what is required for these purposes.

5. Data Separation

Each organization or shop operates in an isolated data partition with row-level security. Your business data is accessible only to users within your organization and is never visible to users of other organizations. Platform administrators have access limited to aggregated, non-identifying usage data and the ability to suspend accounts — they do not access your business transactions or customer data.

6. Data Sharing

We do not sell your personal data or business data to advertisers or third parties. We may share data only:

  • With your explicit consent
  • To comply with a legal obligation or court order
  • To protect the rights, property, or safety of SaleDock, our users, or others
  • With service providers who help us operate the platform (see section on processors below), under data processing agreements

7. Data Retention

We retain your personal data for as long as your account or shop is active. After a verified deletion request, eligible data will be deleted or anonymized within a reasonable period, unless retention is required by law, security, audit, fraud prevention, dispute resolution, tax, or accounting obligations. Some limited records may be retained for the duration required by applicable statutory periods.

8. User Rights

Depending on your jurisdiction, including under the GDPR if applicable, you may have the following rights:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate or incomplete data
  • Erasure — request deletion of your data (see Data Deletion Instructions)
  • Restriction — request restriction of processing in certain circumstances
  • Portability — request your data in a machine-readable format
  • Objection — object to processing based on legitimate interest
  • Withdraw consent — withdraw consent where processing is based on consent (e.g., OAuth login)
  • Complaint — lodge a complaint with a supervisory authority where applicable

To exercise these rights, contact us at the email below. We will respond within the timelines required by applicable law.

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS)
  • Row-level security (RLS) in the database for tenant isolation
  • Role-based access controls
  • Audit logging of security-relevant actions
  • Input sanitization and SQL injection hardening
  • No service-role key exposure in client-side code

However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

10. Processors and Vendors

We use the following service providers to operate the platform. Their processing of your data is governed by their applicable data processing terms:

  • Supabase Inc. — authentication, database, and storage services
  • Vercel Inc. — hosting and deployment infrastructure
  • Google LLC — optional OAuth login (where enabled by the user) and Google Analytics 4 (only if you accept analytics cookies)
  • Meta Platforms, Inc. — Meta Pixel / Meta Business Tools (only if configured and you accept marketing cookies)
  • Microsoft Corporation — Microsoft Clarity (only if you accept analytics cookies)

11. International Transfers

Your data may be processed outside the country where you are located, depending on infrastructure and vendor locations. Where the GDPR applies, we rely on appropriate safeguards for international transfers, including Standard Contractual Clauses where offered by our vendors, or other recognized transfer mechanisms under applicable law.

12. Breach Response

Security incidents are assessed for risk to data subjects. Where the GDPR or other applicable law requires, the relevant supervisory authority and affected users will be notified according to applicable timelines.

13. Special Category Data

SaleDock is not designed to collect or process special category data (health, biometric, genetic, political opinions, religious beliefs, trade union membership, sexual orientation, or similar sensitive data). Users should not enter such data into the platform.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via email or a platform notice. Continued use of SaleDock after changes takes effect constitutes acceptance of the updated policy.

15. Contact

For privacy-related questions, requests, or concerns, contact:

fardan.aatir@outlook.com

16. Cookies and Tracking

SaleDock groups cookies into three categories, which you can control from the cookie banner and Cookie settings:

  • Necessary cookies — required for sign-in, security, and core features. These are always active so the platform can work.
  • Analytics cookies — Google Analytics 4 and Microsoft Clarity, loaded only after you accept analytics cookies.
  • Marketing / Advertising cookies — advertising tools such as Meta Pixel, loaded only after you accept marketing cookies (see below).

Analytics

SaleDock can use Google Analytics 4 and Microsoft Clarity to understand how visitors use the platform, but these analytics tools load only after you accept analytics cookies. You can reject analytics cookies and still use the site.

These services may collect general usage data and session behavior to help us improve the product. No personally identifiable business data, such as customer names, phone numbers, transaction details, or inventory records, is intentionally sent to these analytics services.

You can change your choice later through Cookie settings. You can also limit analytics collection through your browser settings or by installing the Google Analytics opt-out add-on.

Marketing / Advertising (Meta Pixel)

If you accept marketing cookies, SaleDock may use Meta Pixel and related Meta Business Tools on its public marketing pages. Meta Pixel may collect page-visit information and general browser/device information for advertising measurement and remarketing.

SaleDock does not send POS checkout, invoice, payment, customer, stock, report, ledger, supplier, cash drawer, or other business-sensitive data to Meta. Meta Pixel is never loaded on signed-in app or point-of-sale pages.

You can reject marketing cookies, and you can withdraw your consent at any time from Cookie settings. Where data is processed by Meta, it is handled according to Meta's own privacy policy and business-tools terms.

Marketing/advertising tracking is only active if it has been configured by SaleDock and you have accepted marketing cookies; otherwise it does not run.

Data Deletion·Terms of Service