Privacy Policy

BuildAble POS ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Point of Sale & Repair Management (POS) platform and related services.

By using BuildAble POS, you agree to the collection and use of information in accordance with this policy. We take your privacy seriously and have implemented comprehensive security measures to protect your data.

2.1 Information You Provide Directly

• •Account Information: Name, email address, phone number, and business details when you register for an account.
• •Shop Data: Business name, address, tax identification numbers, and other shop-specific information you configure.
• •Customer Data: Names, contact details, device information, and repair histories that you enter into the platform for your customers.
• •Transaction Data: Sales records, payment details, invoices, and inventory data you process through the platform.
• •Communication Data: Messages, support tickets, and feedback you send to us.

2.2 Information Collected Automatically

• •Usage Data: Pages visited, features used, actions taken, and time spent on the platform.
• •Device Information: IP address, browser type, operating system, and device identifiers.
• •Log Data: Error reports, performance data, and system logs for troubleshooting and security purposes.
• •Location Data: General geographic location derived from your IP address for security and compliance purposes.

We use the information we collect for the following purposes:

• •Service Provision: To operate, maintain, and improve the BuildAble POS platform and its features.
• •Account Management: To create and manage your account, authenticate users, and provide customer support.
• •Transaction Processing: To process payments, generate invoices, and manage sales records through our payment partners.
• •Communication: To send transactional emails, service updates, security alerts, and respond to your inquiries.
• •Security & Fraud Prevention: To detect and prevent unauthorized access, fraud, and other security incidents.
• •Legal Compliance: To comply with applicable laws, regulations, and legal processes.
• •Analytics: To analyse usage patterns and improve our product experience (using aggregated, anonymised data where possible).

We implement industry-leading security measures to protect your data:

• •Encryption at Rest: AES-256-GCM encryption for all sensitive data stored in our databases.
• •Encryption in Transit: TLS 1.2+ for all data transmitted between your device and our servers.
• •Role-Based Access Control (RBAC): Hierarchical roles — Owner, Admin, Manager, Sales, Technician — with granular permissions per feature area.
• •Row Level Security (RLS): Database-level policies ensuring users can only access data within their authorised shop.
• •Multi-Factor Authentication (MFA): Optional and enforced MFA for enhanced account security.
• •Audit Logging: Comprehensive logging of all authentication events, data changes, and user actions.
• •Infrastructure Security: SOC 2 and ISO 27001 compliant hosting infrastructure with DDoS protection.
• •Regular Security Assessments: Penetration testing, vulnerability scanning, and code reviews.

5.1 Your Data Rights (GDPR)

If you are in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

• •Right to Access: You can request a copy of all personal data we hold about you.
• •Right to Rectification: You can request that we correct inaccurate or incomplete data.
• •Right to Erasure ("Right to be Forgotten"): You can request deletion of your personal data, subject to legal retention requirements.
• •Right to Restrict Processing: You can request that we limit how we use your data.
• •Right to Data Portability: You can request your data in a structured, machine-readable format.
• •Right to Object: You can object to processing based on legitimate interests or direct marketing.
• •Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.

5.2 Your Data Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• •Right to Know: You can request disclosure of the categories and specific pieces of personal information we collect.
• •Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
• •Right to Opt-Out: We do not sell personal information. If this changes, you will have the right to opt-out.
• •Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

5.3 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@buildable.cloud or dpo@buildable.cloud. We will respond to verified requests within 30 days. You may also manage much of your data directly through your account settings and dashboard.

We do not sell your personal data. We only share data with trusted third-party service providers (sub-processors) who help us operate our platform:

All sub-processors are bound by Data Processing Agreements (DPAs) that ensure they handle your data in compliance with GDPR and other applicable data protection laws. We regularly review and audit our sub-processors to ensure they maintain adequate security and privacy standards.

We retain your data for as long as necessary to provide our services and comply with legal obligations:

• •Active Accounts: Data is retained for the duration of your subscription and for 90 days after cancellation to allow for account recovery.
• •Audit Logs: Security and access logs are retained for 12 months for compliance and security analysis.
• •Financial Records: Transaction and invoice data is retained for 7 years to comply with tax and accounting regulations.
• •Deleted Accounts: After the 90-day recovery period, personal data is permanently deleted or anonymised, except where legal retention requirements apply.

BuildAble POS is hosted primarily in the European Union (London, UK). Some of our sub-processors may process data in other jurisdictions, including the United States. When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, to ensure your data receives an equivalent level of protection.

Our primary data storage and processing occurs within the EU. Any international transfers are conducted in compliance with GDPR Article 46 and applicable data protection laws.

We use cookies and similar technologies to enhance your experience and analyse platform usage:

• •Essential Cookies: Required for the platform to function, including authentication and security.
• •Preference Cookies: Remember your settings and preferences across sessions.
• •Analytics Cookies: Help us understand how users interact with the platform to improve functionality.

You can manage cookie preferences through your browser settings. Note that disabling essential cookies may affect platform functionality.

BuildAble POS is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information as quickly as possible. If you believe we may have collected information from a child, please contact us at privacy@buildable.cloud.

In the unlikely event of a data breach that affects your personal information, we will notify affected users and relevant supervisory authorities within 72 hours of becoming aware of the breach, as required by GDPR and other applicable laws. Our incident response plan includes immediate containment, investigation, remediation, and transparent communication with affected parties.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or platform features. We will notify you of any material changes via email or through a prominent notice on the platform. The "Last updated" date at the top of this policy indicates when it was last revised. Your continued use of BuildAble POS after any changes constitutes acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We are committed to resolving any privacy concerns promptly and transparently. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.