Privacy Policy

1. Introduction

KapéOS ("we," "us," or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the KapéOS Point-of-Sale system, the KapéOS mobile application, the KapéOS web dashboard, and our website at kapeos.cloud (collectively, the "Service").

By accessing or using our Service, you agree to this Privacy Policy. If you do not agree with the terms of this policy, please do not access the Service.

2. Information We Collect

2.1 Personal Information

When you register for an account or subscribe to our Service, we may collect:

• Full name, email address, and phone number
• Business name, address, and Tax Identification Number (TIN)
• Payment and billing information (processed securely through our payment partners)
• Employee names and roles (for multi-user accounts)

2.2 Transaction Data

Through normal use of our POS system, we process and store:

• Sales transactions, order history, and payment method used
• Product catalog and pricing data
• Inventory levels and stock movement records
• Customer loyalty information (names, points balances, and visit history)

2.3 Device & Usage Data

We automatically collect:

• Device identifiers, operating system version, and app version
• IP address, browser type, and access timestamps
• Crash reports and performance diagnostics

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the KapéOS Service
• Process transactions and manage your subscription
• Generate business reports, analytics, and tax compliance documents (e.g., BIR-compliant receipts)
• Improve and personalize your experience
• Communicate with you, including sending service updates, security alerts, and support messages
• Detect and prevent fraud, unauthorized access, and other illegal activities
• Comply with legal and regulatory obligations under Philippine law, including the Data Privacy Act of 2012 (R.A. 10173)

4. Data Storage & Security

Your data is stored on secure cloud infrastructure provided by Supabase (PostgreSQL). All data in transit is encrypted using TLS 1.2+. Data at rest is encrypted using AES-256 encryption. We implement industry-standard security measures, including:

• Role-based access control (RBAC) for multi-user environments
• Branch-level data isolation for Enterprise accounts
• Regular security audits and vulnerability assessments
• Automatic session expiration and secure token management

5. Data Sharing & Third Parties

We do not sell, trade, or rent your personal information to third parties. We may share data with:

• Service Providers: Cloud hosting (Supabase/AWS), payment processing (PayMongo/GCash), and email delivery (Resend) — solely to operate the Service
• Legal Authorities: When required by law, subpoena, or government request under Philippine jurisdiction
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction

6. Your Rights (Data Privacy Act of 2012)

Under the Philippine Data Privacy Act (R.A. 10173), you have the right to:

• Access — Request a copy of the personal data we hold about you
• Correction — Request correction of inaccurate or incomplete data
• Erasure — Request deletion of your personal data, subject to legal retention requirements
• Object — Object to the processing of your data for direct marketing
• Portability — Request your data in a structured, machine-readable format

To exercise any of these rights, contact us at privacy@kapeos.cloud.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Transaction records are retained for a minimum of 10 years to comply with BIR tax record-keeping requirements. Upon account deletion, personal data is removed within 30 days, except where retention is required by law.

8. Children's Privacy

The KapéOS Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will take steps to delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.