← Back to home

Privacy Policy

Last updated: June 2026

This Privacy Policy explains how HR Discover Lab ("we", "us") handles information in connection with DiscoverPOS (the "Service"). We keep data collection to what the Service actually needs to work.

1. Information we collect

Account & business details

When you sign up we collect your business name, owner name, email address, and phone number. These identify your account and are used to prevent duplicate or abusive signups.

Business data you enter

Products, categories, prices, stock, orders, and receipt settings that you add to run your shop. This is your data; you can export it at any time.

Technical data

Standard server logs (IP address, browser type, timestamps) and a signup IP used for rate-limiting and fraud prevention. We use Cloudflare for security and a Turnstile challenge on signup to block bots.

2. How we use information

  • To provide and operate the Service and your account.
  • To process subscription payments and send billing-related notices.
  • To prevent fraud, abuse, and duplicate signups.
  • To respond to support requests you send us.

3. What we do not do

We do not sell your data. We do not use your business sales data for advertising. We do not share your data with third parties except the service providers needed to run DiscoverPOS (for example, our hosting and email providers), or where required by law.

4. Payment information

Subscription payments are made by bank transfer. We store a record of payments for billing and audit purposes. We do not store full card numbers on our servers.

5. Email

We send transactional email — signup verification, billing notices, and replies to your enquiries — from our own mail server. We do not add you to marketing lists without consent.

6. Data retention

We retain your business data while your account exists. We do not automatically delete accounts for non-payment. If you want your account and data permanently removed, contact us and we will arrange deletion, subject to any records we must keep for legal or accounting reasons.

7. Security

Data is isolated per business, transmitted over HTTPS, and backed up daily. Admin access is protected and sensitive secrets such as two-factor keys are encrypted at rest. No system is perfectly secure, but we take reasonable measures to protect your information.

8. Your rights

You can access and export your data from your settings page at any time, and you can request correction or deletion by contacting us.

9. Changes

We may update this policy as the Service changes. Material changes will be communicated to your account email.

10. Contact

Questions about privacy? Email [email protected] or use our contact form.

This document is provided for general informational purposes and is not legal advice.