Select Page

Privacy Policy

Effective Date: January 01, 2025
Last Updated: November 12, 2025

1. Introduction

X POS LLC (“we,” “our,” or “us”) operates a suite of retail and point-of-sale (POS) products and services, including mobile and desktop applications, cloud-based management portals, and backend APIs (collectively, the “Services”).

This Privacy Policy explains how we collect, use, store, and protect information related to our customers, store users, and their employees (“you,” “your,” or “users”).

By using our Services, you agree to this Privacy Policy.

2. Information We Collect

We collect information in the following categories:

a. Account and Business Information

  • Business name, address, tax ID, and contact details.
  • User account information such as names, emails, and roles (cashier, admin, etc.).
  • Login credentials (securely hashed) and authentication tokens.

b. Transaction and POS Data

  • Sales, refunds, discounts, and order details.
  • Item catalog, pricing, and tax configurations.
  • Shift, cash drawer, and payment activity (credit, debit, cash, etc.).

c. Device and Offline Data

  • Device ID, operating system, app version, and network information.
  • Locally stored offline data for sync (items, customers, transactions, etc.).
  • Diagnostics and crash logs for performance monitoring.

d. Payment and Financial Information

  • Payment reference numbers, terminal IDs, and transaction tokens from integrated payment providers (e.g., PAX, Dejavoo, or other gateways).
  • We do not store full card numbers, CVV, or magnetic stripe data.

e. Location and Hardware Data

  • Optional GPS or device location for fraud prevention or store operations.
  • Printer, scanner, or payment terminal identifiers when used with the app.

3. How We Use Information

We use collected information to:

  • Provide, maintain, and improve POS and cloud services.
  • Process transactions, sync data between devices, and generate reports.
  • Manage user authentication and access permissions.
  • Provide technical support and troubleshooting.
  • Detect and prevent fraud or unauthorized access.
  • Comply with tax, accounting, and regulatory obligations.

4. Data Sync and Storage

  • Offline data is stored securely on the device using encrypted local databases (e.g., Drift/SQLite).
  • When online, data syncs securely with our cloud servers over HTTPS using token-based authentication.
  • Each business operates in an isolated tenant schema, ensuring that no store or franchise can access another’s data.

5. Sharing of Information

We do not sell your personal or business data.
We may share limited data only with:

  • Cloud Service Providers: For hosting and backup (e.g., AWS RDS, S3).
  • Payment Processors: To process card or terminal payments.
  • Regulatory Authorities: When legally required for audits or compliance.
  • Affiliated Partners: For integrations (e.g., accounting, ePOS, or CRM systems) — only with explicit authorization.

6. Data Security

We implement industry-standard security measures:

  • HTTPS/TLS encryption for all data in transit.
  • AES-256 encryption for sensitive offline data.
  • Access controls based on user roles and permissions.
  • Regular system audits, backups, and monitoring for anomalies.

7. Data Retention and Deletion

We retain data for as long as necessary for business or legal compliance.
If your business account is terminated, data will be securely deleted after a retention period unless otherwise required by law.
You may request data deletion by contacting info@xpossystems.com.

8. Your Rights

Depending on your jurisdiction (e.g., under GDPR, CCPA), you have the right to:

  • Request access or correction of your personal data.
  • Request deletion (“right to be forgotten”).
  • Object to or limit data processing.
  • Request a copy of your data in portable format.

To exercise these rights, contact us at info@xpossystems.com.

9. Cookies and Analytics

Our web dashboard may use cookies and analytics tools to understand usage and improve performance. You can manage cookie preferences in your browser settings.

10. Children’s Privacy

Our Services are intended for businesses and are not directed toward children under 13. We do not knowingly collect personal data from minors.

11. International Data Transfers

We may process data on servers located in the United States or other regions where our hosting partners operate. By using our Services, you consent to this transfer in compliance with applicable data protection laws.

12. Policy Updates

We may update this Privacy Policy periodically to reflect new features or legal requirements. Updates will be posted with a revised “Last Updated” date.

13. Contact Us

For questions, concerns, or data requests, please contact:

X POS LLC
Email: info@xpossystems.com