Privacy Policy

1. Scope of this policy

This policy applies to:

• The website at dakaarpos.com (account portal, dashboard, marketing pages).
• The Dakaar POS Windows desktop application installed on a customer's premises.
• Any email or WhatsApp communication initiated by us in the course of providing the service.

2. Information we collect

2.1 On the website

• Account information you provide: full name, email address, phone number, restaurant name, hashed password.
• Subscription and payment metadata returned by Razorpay: order ID, payment ID, payment method, and amount. We never see your card, UPI handle, bank account or CVV.
• License keys issued to you and the machine ID (a random UUID) of any PC that activates them.
• Standard server logs: IP address, browser user-agent, page paths and timestamps, retained for up to 90 days for security and abuse prevention.

2.2 In the desktop application

The Dakaar POS application is offline-first. All restaurant operational data — menu, tables, orders, KOTs, bills, payments, customers, employees — is stored exclusively in a local SQLite database on the customer's PC. None of this data is transmitted to our servers.

If the customer enables Cloud Sync, only the following is sent to dakaarpos.com:

• Heartbeat pings to indicate the POS is online (machine ID, app version, timestamp).
• On-demand report responses requested by the same logged-in user from the website dashboard. The customer initiates each query; nothing is pushed automatically.

3. How we use the information

• To create and authenticate your account.
• To deliver license keys, renewal reminders, password resets, and important service notices.
• To process payments through Razorpay and reconcile receipts.
• To enforce single-PC license binding and the email-OTP based reinstall flow.
• To respond to your support requests.

4. We do not

• Sell or rent your data to any third party.
• Use your operational data (orders, customers, bills) for advertising or analytics.
• Share information with marketers, data brokers, or aggregators.
• Transfer data outside India except as strictly required by Razorpay or our email provider for the specific purpose of completing the related transaction.

5. Cookies and similar technologies

The website uses a single first-party session cookie to keep you logged in. It expires when you log out or after the session timeout. We do not use third-party advertising cookies or tracking pixels.

6. Sub-processors

We rely on the following service providers, each of which has been contractually committed to data protection:

• Razorpay Software Private Limited — payment processing.
• Hostinger International Ltd. — web hosting and outbound transactional email.

7. Data retention

• Account contact details: retained while the account is active. Deleted within 30 days of account closure on written request.
• Payment records: retained for 8 years as required under Indian tax and GST law.
• Server logs: retained for up to 90 days, then purged.
• License OTPs: hashed at rest and deleted within 24 hours of use or expiry.

8. Your rights

• Access: Ask for a copy of the personal data we hold about you.
• Correction: Update inaccurate information from your account page.
• Deletion: Request closure of your account and deletion of personal contact details, subject to mandatory record retention.
• Portability: Receive your operational data — it lives on your own PC, exportable from Dakaar POS at any time.
• Withdraw consent: Withdraw consent for non-essential processing at any time.

To exercise any of these rights, write to support@dakaarpos.com. We respond within 30 days.

9. Security

Passwords are hashed with bcrypt. Sessions use HTTP-only cookies. Database access is strictly server-side over a private network. License keys are HMAC-signed. We do not have your card details — Razorpay does, behind PCI-DSS Level 1 compliance.

10. Children

The service is intended for restaurant operators. We do not knowingly collect data from children under 18.

11. Changes

If we make material changes to this policy we will post an updated version here and notify active subscribers by email at least 14 days before the change takes effect.