halopos
Start free trial

Legal

Privacy Policy

Effective 2026-04-20. halopos Pty Ltd (“halopos”, “we”, “us”, “our”) is bound by the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

1. Scope

This policy explains how we collect, store, use, disclose, and dispose of personal information. It applies to merchants who subscribe to halopos, staff whose employers operate halopos, and end-customers whose transaction data flows through a halopos venue.

2. Information we collect

  • Account data for merchants: business name, ABN, contact email, billing details (via Stripe).
  • Operational data: menu catalog, orders, payments (last-4 only), audit log, staff profiles.
  • End-customer data where volunteered: email for e-receipts, loyalty identifier (v2).
  • Technical data: IP address, user-agent, request-response logs (30 day retention).

3. How we use it

We use information to deliver the halopos service, to bill merchants, to meet legal obligations (GST, BAS, tax records), to investigate abuse under the Acceptable Use Policy, and to improve product performance and reliability.

4. Disclosure

We do not sell personal information. We disclose:

  • To sub-processors (AWS in Sydney, Stripe, Ably, Clerk, Sentry) under binding contracts.
  • To law enforcement where required by Australian law.
  • To a merchant's nominated accountant when the merchant enables that export.

5. Overseas recipients

Primary data storage is in Australia (ap-southeast-2). Some sub-processors (e.g. Stripe) process data internationally; we use their AU-region endpoints where offered and rely on Standard Contractual Clauses otherwise.

6. Access, correction, and deletion (APP 12 & 13)

You can request access to your personal information or ask us to correct it at any time. Merchant-tenant admins can export their entire tenant dataset as a machine-readable archive via /admin/privacy. Merchants can also request a full deletion of their tenant via the same surface; the deletion runs within 30 days and is audit-logged.

7. Complaints

Complaints may be directed to privacy@halopos.app. If you are not satisfied with our response, you may escalate to the Office of the Australian Information Commissioner (OAIC).

8. Changes to this policy

We will notify merchants by email at least 30 days before any material change to this policy.