Privacy Policy
CQZ POS respects your privacy and is committed to protecting personal and business data. This Privacy Policy explains what information we collect, how we use and safeguard it, who we share it with, and your rights when using our cloud platform for POS, inventory, sales, reporting, and e-invoicing.
Last updated: June 2026
1. Scope & Who This Applies To
This policy applies to visitors of our website, registered users, account administrators, and authorized sub-users of the CQZ POS platform, including web and mobile applications.
By creating an account or using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use the platform.
2. Data Controller
The entity operating CQZ POS is the data controller for personal data processed in connection with the platform, subscription, and support services.
For business transaction data entered by you (sales, customers, suppliers, inventory), you act as the controller of that data and we process it on your behalf as a service provider to deliver the platform.
3. Information We Collect
We collect information in the following categories:
- Account & identity: full name, email, phone number, password (stored hashed), job role, and language preferences.
- Business profile: business name, commercial registration, tax/VAT number, address, logo, branches, and billing details.
- Transactional data: sales, purchases, inventory movements, customer and supplier records, invoices, payments, and reports you create in the system.
- Technical data: IP address, browser type, device identifiers, session logs, error logs, and usage analytics.
- Support communications: messages, attachments, and tickets you send to our support team.
- Payment data: subscription payment references processed via third-party payment providers (we do not store full card numbers on our servers).
4. Information You Provide About Others
When you add employees, customers, or suppliers to CQZ POS, you may enter their personal data (names, phones, emails, tax IDs). You are responsible for having a lawful basis to collect and process that data and for informing those individuals as required by applicable law.
We process such data solely to provide the service features you enable (invoicing, CRM, payroll-related modules where applicable).
5. How We Use Your Information
We use collected information for the following purposes:
- Creating and managing your account and authentication.
- Delivering platform features: POS, inventory, sales, reports, and e-invoicing.
- Processing subscriptions, invoices, and payment confirmations.
- Providing customer support and responding to inquiries.
- Sending service-related notices (security alerts, maintenance, policy updates).
- Monitoring performance, preventing fraud, and improving security.
- Complying with legal obligations, including tax and regulatory requirements.
- Generating aggregated, anonymized analytics to improve the product.
6. Legal Basis for Processing
Depending on the type of data and context, we rely on: performance of our contract with you, your consent where required, legitimate interests (security, product improvement), and compliance with legal obligations under applicable laws including regulations in the Kingdom of Saudi Arabia.
7. Sharing & Third Parties
We do not sell your personal data. We may share information only as described below:
- Service providers: cloud hosting, email delivery, payment gateways, and analytics — bound by confidentiality and data processing agreements.
- ZATCA / e-invoicing: invoice data transmitted when you enable electronic invoicing integration, as required by your configuration.
- Legal requirements: when required by court order, government authority, or to protect rights and safety.
- Business transfers: in connection with merger, acquisition, or asset sale, with notice where legally permitted.
8. Data Retention
We retain account and business data while your subscription is active. After cancellation, data may be retained for a limited period to allow export, resolve disputes, and meet legal obligations, then deleted or anonymized per our retention schedule.
Backup copies may persist for a short additional period before automatic purging. You may request earlier deletion subject to legal retention requirements.
9. Security Measures
We implement technical and organizational measures to protect your data, including:
No method of transmission or storage is 100% secure. You are responsible for safeguarding your login credentials and configuring user permissions appropriately.
- Encrypted connections (HTTPS/TLS) for data in transit.
- Access controls and role-based permissions within the platform.
- Secure password hashing and session management.
- Regular monitoring, logging, and incident response procedures.
- Restricted employee access on a need-to-know basis.
10. Cookies & Similar Technologies
We use essential cookies and local storage for authentication, session management, language preferences, and security. We may use analytics cookies to understand how the website and platform are used.
- Essential cookies: required for login and core functionality — cannot be disabled without affecting the service.
- Preference cookies: remember your language and display settings.
- Analytics: help us improve performance and user experience (aggregated where possible).
11. Your Rights
Subject to applicable law (including Saudi Personal Data Protection Law where applicable), you may have the right to:
To exercise these rights, contact us using the details below. We may need to verify your identity before processing requests.
- Request access to personal data we hold about you.
- Request correction of inaccurate or incomplete data.
- Request deletion of data where no longer necessary or where consent is withdrawn.
- Object to or restrict certain processing activities.
- Request data portability in a structured, machine-readable format where feasible.
- Withdraw consent where processing is consent-based, without affecting prior lawful processing.
12. Children's Privacy
CQZ POS is a business-to-business service not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe a minor has provided data, contact us for deletion.
13. International Data Processing
Your data may be processed on servers located inside or outside the Kingdom of Saudi Arabia depending on hosting infrastructure. Where cross-border transfer occurs, we apply appropriate safeguards consistent with applicable data protection requirements.
14. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated via email or in-platform notification at least before they take effect where required by law. The "Last updated" date at the top reflects the latest revision.
Privacy inquiries
For privacy-related requests, data access, correction, or deletion inquiries, contact us via email or WhatsApp with your registered business name, account email, and a description of your request. We aim to respond within 30 days.
Kingdom of Saudi Arabia - Madinah - Al-Hijrah