1. Introduction
At Baelasan ("we," "our," or "us"), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Smart POS system and related services (collectively, the "Service").
Please read this Privacy Policy carefully. By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.
2. Information We Collect
2.1 Information You Provide
When you register for an account or use our Service, we may collect:
- Account Information: Name, email address, phone number, store name, and password
- Business Information: Store details, business address, tax identification numbers, and payment preferences
- Transaction Data: Sales transactions, product information, pricing data, and payment records
- Inventory Data: Product catalogs, stock levels, supplier information, and inventory movements
- Customer Data: Customer contact information, purchase history, loyalty program data, and preferences (collected by you through the Service)
- User Data: Employee information, roles, permissions, and activity logs
2.2 Information Automatically Collected
When you use our Service, we automatically collect:
- Usage Data: How you use the Service, features accessed, time spent, and actions performed
- Device Information: IP address, browser type, operating system, device identifiers, and mobile network information
- Location Data: General location information based on IP address or device settings (if enabled)
- Log Data: Server logs, error reports, performance metrics, and system events
- Cookies and Tracking: Cookies, pixel tags, and similar technologies to enhance your experience and analyze usage
3. How We Use Your Information
We use the information we collect to:
- Provide and Maintain the Service: Process transactions, manage inventory, generate reports, and deliver core POS functionality
- Improve and Personalize: Enhance features, develop AI recommendations, customize your experience, and optimize performance
- Communicate: Send service updates, notifications, support responses, and important account information
- Security and Safety: Detect fraud, prevent abuse, ensure security, and protect user rights
- Analytics and Insights: Analyze usage patterns, generate business insights, and provide reporting features
- Legal Compliance: Comply with legal obligations, respond to legal requests, and enforce our Terms and Conditions
- Marketing: Send promotional materials (with your consent) and inform you about new features and services
4. AI and Data Processing
Our Service includes AI-powered features that analyze your data to provide:
- Smart pricing recommendations
- Inventory management suggestions
- Demand forecasting
- Product catalog enrichment
- Market intelligence and competitive insights
Anonymized Data: For AI features that provide market intelligence, we use anonymized and aggregated data. No individual store's pricing or identifying information is shared with other stores. Your store-specific data remains private.
Data used for AI processing is encrypted, processed securely, and used only for the purposes described in this policy.
5. How We Share Your Information
We do not sell your personal information. We may share your information only in the following circumstances:
- Service Providers: With trusted third-party vendors who help us operate the Service (e.g., cloud hosting, payment processing, analytics). These providers are bound by confidentiality obligations.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, where your information may be transferred to the new entity.
- Legal Requirements: When required by law, court order, or government regulation, or to protect our rights, property, or safety.
- With Your Consent: When you explicitly authorize us to share your information.
- Anonymized Data: Aggregated, anonymized data that cannot identify you individually may be used for analytics, research, or market intelligence purposes.
6. Data Security
We implement industry-standard security measures to protect your information, including:
- Encryption of data in transit (SSL/TLS) and at rest
- Secure authentication and access controls
- Regular security audits and assessments
- Firewall and intrusion detection systems
- Employee training on data security
- Secure data backup and disaster recovery procedures
However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
You are responsible for maintaining the confidentiality of your account credentials. Please notify us immediately if you suspect unauthorized access to your account.
7. Data Retention
We retain your information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements.
Specifically:
- Active Accounts: Data is retained while your account is active
- Closed Accounts: After account closure, we may retain data for up to 90 days or as required by law
- Transaction Records: Retained as required by tax, accounting, or legal requirements (typically 7 years)
- Backup Data: Deleted according to our data retention schedule
You may request deletion of your data by contacting us, subject to legal and contractual obligations.
8. Your Rights and Choices
Depending on your location, you may have certain rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate or incomplete information
- Deletion: Request deletion of your personal information (subject to legal requirements)
- Portability: Request transfer of your data to another service provider
- Opt-Out: Unsubscribe from marketing communications (account-related communications cannot be opted out)
- Restriction: Request limitation of how we process your information
- Objection: Object to certain types of processing
To exercise these rights, please contact us at hello@baelasan.com. We will respond to your request within a reasonable timeframe.
9. Children's Privacy
Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.
10. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.
We take appropriate safeguards to ensure that your information receives an adequate level of protection, including using standard contractual clauses approved by data protection authorities.
11. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to:
- Remember your preferences and settings
- Authenticate your session
- Analyze usage patterns and improve the Service
- Provide personalized content and features
You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of the Service.
12. Third-Party Links
Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any information.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy on our website
- Updating the "Last updated" date
- Sending you an email notification (for significant changes)
Your continued use of the Service after such changes constitutes your acceptance of the updated Privacy Policy.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
For EU residents, you also have the right to lodge a complaint with your local data protection authority if you believe we have not adequately addressed your concerns.