Privacy Policy

Last updated: 21 June 2026

1. Who we are

SmartRestro POS ("we", "us") is restaurant point-of-sale software operated from Pakistan. Contact: [email protected].

2. What data we collect

• Account data: business name, owner name, email, hashed password — for login and license delivery.
• Sales data (PRO plan only): daily sales summaries and full SQLite database backups, encrypted in transit (HTTPS) and stored on our VPS for restore.
• Device data: a random device identifier so 1 license = 1 device.
• Payment proof: screenshot/PDF you upload when paying via bank/JazzCash/Easypaisa. Used to verify payment, deleted after order is fulfilled.

3. Offline-first by design

Your day-to-day operations run 100% on your local computer (Windows + SQLite). The app does NOT need internet to take orders, print bills, or run reports. Cloud sync is opt-in (PRO plan).

4. How we use your data

• Operate your account (license, backups, dashboard).
• Send transactional emails (daily report, license delivery, support replies) via Resend.
• Improve the product through anonymized usage analytics (PRO plan only, and only sales summaries — never customer-identifying details).

5. What we do NOT do

• We do not sell, rent, or share your data with third parties for marketing.
• We do not track your individual restaurant customers (the people who eat at your restaurant). Their data lives only in your local POS database.
• We do not use cookies for advertising. Only essential session/auth cookies on dashboard pages.

6. Data security

• All API traffic is HTTPS (TLS 1.3 via Cloudflare).
• Passwords stored as bcrypt hashes.
• License keys are device-bound — even if leaked, can't be used on another machine.
• VPS hardened: firewall, SSH-key-only access, automated security patches.

7. Your rights

Email us anytime to:

• Export all your data (sales DB, account info)
• Delete your account permanently (data wiped within 7 days, including backups)
• Correct any info we hold about you

8. Data retention

• Account data: kept while your account is active + 90 days after closure.
• Cloud backups (PRO): rolling 30 days of daily snapshots.
• Payment proofs: deleted within 30 days of order fulfillment.

9. Children

Service is for business owners aged 18+. We do not knowingly process data from children.

10. Changes

If we change this policy materially, we'll email all active accounts at least 14 days before changes take effect.

11. Contact

Questions? Email [email protected] or WhatsApp the number listed on the homepage.