Privacy Policy for POSUniversal

Last Updated: March 19, 2026

Introduction

POSUniversal ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile point-of-sale application.

Information We Collect

Information You Provide

- Business Information: Business name, owner name, and email address - Account Settings: Tax configuration preferences, receipt preferences - Transaction Data: Payment amounts, transaction descriptions, and timestamps

Automatically Collected Information

- Device Information: Device type, operating system version, and unique device identifiers - Usage Data: App features used, session duration, and interaction patterns - Location Data: General location based on IP address (not precise geolocation)

Payment Information

We do NOT collect, store, or have access to: - Credit card numbers - Card verification values (CVV) - Personal identification numbers (PIN) - Cardholder data

All payment card data is processed directly by Stripe, our Payment Service Provider, using Tap to Pay on iPhone technology. Card data never touches our servers or is stored on your device.

How We Use Your Information

We use collected information to: - Facilitate payment processing through Stripe - Display transaction history and analytics - Generate receipts for your customers - Provide customer support - Improve app functionality and user experience - Send important updates about service changes - Comply with legal obligations

Payment Processing

POSUniversal uses Stripe as our Payment Service Provider (PSP). When you process payments:

1. Stripe Connect: You create a Stripe Connect account linked to POSUniversal 2. Payment Processing: All payment transactions are processed by Stripe Terminal 3. PCI DSS Compliance: Stripe is PCI DSS Level 1 certified 4. Data Security: Card data is encrypted end-to-end and never stored locally

For details on how Stripe handles your data, please review: - Stripe Privacy Policy: https://stripe.com/privacy - Stripe Connect Terms: https://stripe.com/connect-account/legal

Data Sharing and Disclosure

We share information only with:

Service Providers

- Stripe: For payment processing and merchant account management - Apple: For app functionality (NFC, analytics)

Legal Requirements

We may disclose information if required by law, such as: - Compliance with legal process (subpoenas, court orders) - Protection of our rights and property - Prevention of fraud or illegal activity - Public safety concerns

We do NOT sell your personal information to third parties.

Data Storage and Security

Storage

- Transaction data is stored locally on your device using iOS secure storage - Business settings are stored using iOS AppStorage (encrypted at rest) - Backend API uses HTTPS encryption for all communications

Security Measures

- End-to-end encryption for payment data - Secure HTTPS/TLS connections - No local storage of sensitive payment card data - Regular security updates and patches

Data Retention

- Transaction history: Retained on device until you delete the app - Account information: Retained while your Stripe account is active - You can request data deletion by contacting support

Your Rights and Choices

Access and Control

- View Data: Access your transaction history and settings anytime in the app - Update Information: Modify your business information in Settings - Delete Account: Disconnect your Stripe account to stop payment processing - Export Data: Request a copy of your data by contacting support

Marketing Communications

- We do not send marketing emails unless you opt in - You can unsubscribe from communications at any time

Children's Privacy

POSUniversal is not intended for use by individuals under 18 years of age. We do not knowingly collect information from children. If you believe a child has provided information to us, please contact us immediately.

Third-Party Services

Stripe

Our payment processing is provided by Stripe. By using POSUniversal, you also agree to: - Stripe Services Agreement: https://stripe.com/legal/ssa - Stripe Privacy Policy: https://stripe.com/privacy

Apple Tap to Pay on iPhone

This app uses Apple's Tap to Pay on iPhone technology, subject to: - Apple Privacy Policy: https://www.apple.com/legal/privacy/

International Users

POSUniversal is designed for use in Canada and the United States. If you use the app from other regions, your information may be transferred to and processed in countries where we or our service providers operate.

California Privacy Rights (CCPA)

If you are a California resident, you have the right to: - Know what personal information we collect - Know whether we sell or disclose your personal information - Access your personal information - Request deletion of your personal information - Opt-out of the sale of personal information (we do not sell data)

To exercise these rights, contact us at support@woosystems.ca

Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes by: - Posting the updated policy in the app - Updating the "Last Updated" date - Sending an email notification for significant changes

Continued use of POSUniversal after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices:

WOO Systems Email: support@woosystems.ca Website: https://woosystems.com

For Stripe-related privacy questions: Stripe Support: https://support.stripe.com

Consent

By using POSUniversal, you consent to this Privacy Policy and our collection, use, and sharing of your information as described herein.

---

Document Version: 1.0 Effective Date: March 19, 2026 Compliance: PIPEDA (Canada), CCPA (California), GDPR (EU - where applicable)