Privacy Policy

Last updated: April 1, 2026

1. Information We Collect

Account Information: Name, email address, and password when you create an account.

Business Information: Store name, address, tax ID, and business type during onboarding.

Transaction Data: Sales transactions, inventory records, customer information, and employee data that you enter into the Service.

Usage Data: App version, device type, feature usage patterns, and error logs for improving the Service.

2. How We Use Your Information

Service Operation: Process transactions, sync data, manage your account
AI Features: Generate sales predictions and reorder alerts using your store's historical data (processed on our servers, not shared)
Communication: Send transactional emails (password resets, receipts, alerts) from noreply@builtpos.com
Support: Respond to your support requests
Improvement: Aggregate, anonymized usage data to improve the Service

3. What We Do NOT Do

We do not sell your personal or business data to third parties
We do not share your transaction data with advertisers
We do not mine your sales data for marketing purposes
We do not access self-hosted databases — your data stays on your hardware

4. Data Storage & Security

Cloud Storage: Data is stored in PostgreSQL databases hosted on AWS (US-East region). All connections use TLS encryption. Passwords are hashed with bcrypt (10 rounds).

Local Storage: POS terminals store data locally in SQLite databases on your device. This data never leaves your device unless you enable cloud sync.

Self-Hosted: If you use the Self-Hosted PostgreSQL module, all data stays on your own server. BuiltPOS has no access to your self-hosted database.

Encryption: Sensitive settings (SMTP passwords, API keys) are encrypted with AES-256-GCM before storage.

5. Data Retention

We retain your account and business data for as long as your account is active. Upon account deletion, your data will be permanently removed within 30 days. You can request a full data export at any time.

6. Third-Party Services

We integrate with the following third-party services only when you enable them:

Payment Processors: PAX, Ingenico, Stripe, Global Payments — card transaction data is sent directly to the processor, not stored by BuiltPOS
Delivery Platforms: DoorDash, Uber Eats — order data shared only when Online Orders module is enabled
Stripe: Subscription billing — payment details handled entirely by Stripe; BuiltPOS never sees your card number

7. Cookies & Tracking

The web application uses localStorage and sessionStorage for session management. We do not use advertising cookies or third-party trackers. No Google Analytics or Facebook Pixel.

8. Your Rights

Access: Request a copy of all data we hold about you
Correction: Update or correct your account information at any time
Deletion: Request permanent deletion of your account and all associated data
Export: Export your data in standard formats (JSON, CSV)
Portability: Self-hosted database option ensures you always own your data

9. Children's Privacy

BuiltPOS is not intended for use by individuals under 18 years of age. We do not knowingly collect information from children.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or in-app notification.

11. Contact Us

For privacy-related questions or requests, contact us at contact@builtpos.com.