Privacy Policy

Last updated: 2026

Who We Are

OperoPOS is a multi-tenant point-of-sale platform serving restaurants, cafés, bakeries, and retail stores. This policy explains what data we collect, why we collect it, how we store and protect it, and what rights you have under GDPR and similar regulations.

Data We Collect

To run your store on OperoPOS we collect: account information (email, name, optional phone), store information (store name, address, branding, branches, menu, prices, taxes), operational data (orders, sessions, receipts, staff assignments), and customer-facing data (the contact details your customers enter when placing online orders, such as name, phone, delivery address, and order history).

We also collect minimal technical data — IP address, browser type, and basic usage analytics — to detect abuse, debug issues, and improve the product. We do not sell, rent, or share this data with advertisers.

How We Use Your Data

Your data powers your store: it shows up on your dashboard, your POS, your kitchen display, your online-ordering storefront, and your printed receipts. We use it to provide the service you signed up for, to send you transactional notifications (order confirmations, password resets, security alerts), and — only if you opt in — occasional product updates.

Where Your Data Lives

OperoPOS is hosted on enterprise cloud infrastructure with encryption at rest (AES-256) and in transit (TLS 1.2+). Database access is protected by row-level security so that one merchant's data is never visible to another, even at the database layer. Backups are automated and encrypted.

Customer Data You Collect

When customers place online orders through your storefront, you become the data controller for their personal information. OperoPOS acts as your data processor under our Data Processing Agreement. You are responsible for obtaining any consent required by your local laws and for honoring customer rights requests; we provide the technical tools to do so.

Your GDPR Rights

If you are in the EU, UK, or another GDPR-equivalent jurisdiction, you have the right to access, correct, export, restrict, and delete your personal data. You may also lodge a complaint with your local supervisory authority. To exercise any of these rights, email privacy@operopos.com and we will respond within 30 days.

Data Retention

We retain your store and operational data for as long as your account is active. If you delete your account, we permanently erase your store data within 30 days, except where we are legally required to retain certain records (for example, tax or accounting records).

Cookies

OperoPOS uses essential cookies to keep you logged in and remember language preferences. We do not use advertising cookies, third-party tracking pixels, or cross-site analytics on the merchant dashboard.

Changes to This Policy

We will post any material changes here and notify account owners by email. Continued use of OperoPOS after a change constitutes acceptance of the updated policy.

Contact

Questions, concerns, or formal requests: privacy@operopos.com.