Smart Retail POS Pro is designed with privacy as a foundational principle. Unlike cloud-based POS systems that store your business data on third-party servers, our offline-first architecture ensures that your data resides primarily on your own Windows device.
We do not collect, analyze, or monetize your business data. We do not sell your information to advertisers, data brokers, or any third party. Your transactions, inventory records, customer lists, and financial reports remain yours and yours alone.
This Privacy Policy explains what information we collect (minimal), how we use it, and the security measures we employ to protect your data.
Minimal Data Collection
We collect only what is necessary to provide the software and services. Your business data is never collected or transmitted without your explicit opt-in.
Account Registration Data:
- Email Address — Required for account creation, email verification, and authentication
- Full Name — Used to personalize your account experience
- Phone Number — Optional, used for account recovery and support communication
Usage Data (Anonymous):
- Application version and update checks (version string only)
- Anonymous error reports (no business data included)
- License validation status (true/false only)
Business Data (Never Collected):
- ✗ Sales transactions and invoices
- ✗ Customer information and purchase history
- ✗ Inventory records and stock levels
- ✗ Financial reports and analytics
- ✗ Staff and payroll information
Smart Retail POS Pro uses SQLite as the local database engine, storing all your business data in encrypted database files on your Windows device. No data leaves your device unless you explicitly enable cloud sync.
Local Storage Architecture:
- Master database stores user accounts and system settings
- Tenant database stores all business-specific data (transactions, inventory, etc.)
- Database files are stored in the application's secure data directory
- Access is restricted to the application and authorized system users
Cloud synchronization via Supabase is entirely optional. By default, Smart Retail POS Pro operates completely offline. If you choose to enable cloud sync, the following applies:
End-to-End Encryption
All data transmitted to Supabase is encrypted using TLS 1.3. Data at rest is encrypted with AES-256.
Row-Level Security (RLS)
Supabase RLS policies ensure that only you can access your synchronized data. No other user or system administrator can view your records.
Synchronization Control
You can disable cloud sync at any time. When disabled, all data remains on your local device.
Supabase is a secure, open-source Firebase alternative. For more information about Supabase's privacy practices, visit supabase.com/privacy.
When you create local backups using Smart Retail POS Pro, all backup files are encrypted using AES-256-GCM with a proprietary header format (.srpos). This ensures that even if backup files are copied or stolen, they cannot be read without the application's decryption key.
Cloud backups to Google Drive, Dropbox, or OneDrive use the same encryption standards before transmission. We do not have access to your cloud storage credentials or the content of your backups.
You are responsible for securing your backup files and ensuring they are stored in a safe location.
We Do Not Sell Your Data
Smart Retail POS Pro never sells, rents, or shares your business data with any third party for advertising, marketing, or any commercial purpose.
We do not share your data with third parties except in the following limited circumstances:
- Supabase — Only if you enable cloud sync, and only under strict RLS policies
- Cloud Storage Providers — Google Drive, Dropbox, or OneDrive, only if you explicitly connect them for backups
- Payment Processors — NowPayments or PayPal, only when processing your subscription payments (payment details only)
- Legal Requirements — When required by law, court order, or government regulation, to the extent legally required
Your business data is stored on your local device and will remain there until you choose to delete it. We do not have the ability to delete data from your device.
For cloud-synced data:
- Data is retained in Supabase as long as your account is active and cloud sync is enabled
- If you disable cloud sync, data remains on your device but is no longer synchronized
- Upon account termination, cloud-synced data is retained for 30 days, then permanently deleted
- You may request immediate deletion of cloud data by contacting our support team
Account registration data (email, name, phone) may be retained for legal and compliance purposes after account termination, but will never be used for marketing purposes.
The Smart Retail POS Pro desktop application does not use cookies or web tracking technologies. As an offline-first Electron application, all data storage is local and does not involve web browsing or tracking scripts.
Our website (smartretailpospro.com) may use essential cookies for functionality and optional analytics cookies to improve user experience. Website visitors can manage cookie preferences through their browser settings.
We employ industry-standard security measures to protect your data:
- AES-256-GCM encryption for all backup files
- TLS 1.3 encryption for all cloud data transmission
- Row-Level Security (RLS) policies on Supabase
- Secure local database storage using SQLite
- Regular security audits and updates
- No plaintext storage of sensitive credentials
Despite these measures, no system is completely secure. We recommend regularly creating backups and keeping your operating system and antivirus software updated.
You have the following rights regarding your data:
- Access — You can access all your data at any time through the application interface
- Export — Built-in export features allow you to export your data to common formats
- Delete — You can delete any data within the application at any time
- Opt-Out — You can disable cloud sync at any time to stop data transmission
- Account Deletion — You may request account termination by contacting our support team
To exercise these rights or for any privacy-related inquiries, please contact us through our contact page.
Smart Retail POS Pro is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will take steps to delete such information.
Smart Retail POS Pro is designed to operate primarily offline. If you enable cloud sync, your data may be stored on Supabase servers located in various jurisdictions worldwide.
Supabase maintains compliance with international data protection standards, including GDPR. By enabling cloud sync, you consent to the transfer of your data to Supabase's infrastructure.
Local data on your device never leaves your jurisdiction unless you choose to sync it.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify users of significant changes via email and by updating the "Last updated" date at the top of this policy.
Your continued use of Smart Retail POS Pro after any changes constitutes acceptance of the updated Privacy Policy.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through the contact page on our website.
We will respond to your inquiry within 5 business days. For urgent matters, please include your registered email address in your communication.
Our Privacy Commitment
Smart Retail POS Pro is built on the principle that your business data is yours and yours alone. We will never compromise this commitment. This Privacy Policy reflects our genuine dedication to data sovereignty, privacy, and security.
