Privacy Overview

QuickPOS Privacy Policy

This Privacy Policy explains how QuickPOS โ€” operated at pos.allshop.ng by Desk Tools โ€” collects, processes, stores, and protects the personal and commercial data of Shop Owners, Staff Members, and the end-consumers whose data flows through the QuickPOS point of sale and inventory platform. This policy aligns with the Nigerian Data Protection Regulation (NDPR) and the Nigeria Data Protection Act 2023.

๐Ÿšซ
Never Sold
Your data is never sold, rented, or shared for advertising.
๐Ÿ”
Encrypted
AES-256 at rest, TLS in transit, SHA-256 for staff PINs.
๐Ÿ“ค
Exportable
Download all your business data in CSV format at any time.
๐Ÿ—‘๏ธ
Deletable
Request account deletion and data is removed within 30 days.
๐Ÿ‡ณ๐Ÿ‡ฌ
NDPR Compliant
Fully aligned with Nigeria's Data Protection Regulation.
๐Ÿ‘ค
You're in Control
The Shop Owner is the Data Controller. QuickPOS is the Processor.

By using QuickPOS, you acknowledge the practices described here. This Privacy Policy should be read together with our Terms of Service.

Section 1

Information We Collect

QuickPOS collects only the information needed to deliver the service. We do not collect sensitive personal information speculatively โ€” only what is required for POS functionality, account management, and security.

1.1 Information Provided by the Shop Owner

1.2 Commercial and Customer Data You Enter

As you operate QuickPOS, you input data about your business and customers. In this context, QuickPOS acts as a Data Processor while you (the Shop Owner) are the Data Controller and are responsible for how this data is collected from your end-customers.

1.3 Automatically Collected Data

Section 2

How We Use Your Information

QuickPOS uses collected data only to operate, improve, and secure the service. We do not use your data for advertising, profiling, or purposes you have not consented to.

๐Ÿ’ก What We Don't Do

QuickPOS does not use your business or customer data to train AI models, serve advertisements, or build targeting profiles. Your sales data is not shared with competitors, market research firms, or data brokers.

Section 3

Data Storage & Security

QuickPOS uses a layered security model: strong encryption for data in transit and at rest, hashing for sensitive credentials, and role-based access to limit who inside QuickPOS can even see your data.

LayerMethodWhat It Protects
Data In TransitTLS (Transport Layer Security)All data moving between your device and our servers
Data At RestAES-256 EncryptionAll stored business and customer data on our cloud servers
Staff PINsSHA-256 Hashing4-digit PINs โ€” never stored in plaintext, even internally
Payment DataPaystack / Stripe (PCI-DSS)Card numbers never touch QuickPOS servers
Access ControlRole-Based (Owner / Manager / Cashier)Each staff role can only access permitted features
Audit TrailImmutable LogEvery sensitive action is timestamped and attributed

3.1 Local Storage (IndexedDB & Offline Mode)

To enable Offline Mode, QuickPOS stores your commercial data locally in the browser's IndexedDB. This allows cashiers to keep selling when internet drops. You are responsible for securing the physical devices running QuickPOS โ€” using device lock screens, PIN codes, and controlling physical access.

โš ๏ธ Important for Offline Users

Clearing your browser cache or using Incognito / Private mode while offline may cause loss of unsynced data. For best reliability, use QuickPOS in a normal browser session, not private mode.

3.2 Server Infrastructure

QuickPOS hosts cloud data with infrastructure providers operating data centres that meet recognized international security standards (ISO 27001 or equivalent). Where data is processed outside Nigeria, we ensure adequate safeguards consistent with the NDPR.

Section 4

Third-Party Sharing

QuickPOS does not sell, rent, or lease your data to third parties. We share data only in these limited circumstances:

โœ… Our Commitment

Your business data โ€” sales figures, customer lists, product prices, staff performance โ€” will never be shared with other businesses, competitors, market research companies, or advertising networks.

Section 5

Your Rights Under the NDPR

The Nigerian Data Protection Regulation grants you enforceable rights over your data. QuickPOS has built most of these directly into the Dashboard so you can exercise them without needing to contact us.

๐Ÿ“ค Access & Export

View all your data inside QuickPOS. Export any report as CSV from the Reports module at any time, with no additional charge.

โœ๏ธ Rectification

Edit customer data, supplier records, product names, and staff details directly inside the platform.

๐Ÿ—‘๏ธ Erasure

Request account deletion. Upon verification, your shop data, transactions, and customer databases are permanently removed from active servers within 30 days.

โธ๏ธ Restrict Processing

Request that we pause processing of your data while a dispute is being resolved.

๐Ÿ“ฆ Portability

Receive your data in a structured, machine-readable format (CSV) to move to another platform.

๐Ÿ™… Object

Object to processing for analytics or product improvement that is not strictly necessary for operating the service.

You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) if you believe your rights have been violated.

Section 6

Customer Data Management (For Shop Owners)

As the merchant, you are the Data Controller for your customers' data. This is an important distinction under the NDPR.

When you add a customer's phone number, email, or name to QuickPOS for debt tracking, credit sales, or digital receipts โ€” you are responsible for having obtained appropriate consent from that customer. QuickPOS is not liable for a merchant's violation of local privacy or marketing laws in how they handle their own customers' data.

๐Ÿ’ก Practical Advice for Shop Owners

Display a brief consent notice at your counter or POS screen when you first record a customer's contact details โ€” something like "We record your name and phone for payment tracking." This simple step keeps you compliant with the NDPR.

Section 7

Cookies & Tracking

QuickPOS uses cookies, IndexedDB, and similar technologies for three purposes:

You can control cookies through your browser settings. Disabling essential cookies or clearing IndexedDB while offline will prevent login and may cause loss of unsynced data.

Section 8

Data Retention

QuickPOS retains your account data for as long as your subscription remains active. After account closure:

Section 9

Children's Privacy

QuickPOS is a business tool intended for users aged 18 and over. We do not knowingly collect personal information from children. If we discover that data from a person under 18 has been submitted, we will delete it promptly. If you believe a minor's data has been entered into the system, contact us at privacy@pos.allshop.ng.

Section 10

Policy Changes

As QuickPOS adds features โ€” such as new AI Insights, new analytics, or additional API integrations โ€” this Privacy Policy will be updated to reflect changes in our data practices. Material changes will be communicated through an in-app Dashboard alert or by email at least 14 days before they take effect. The "Last Updated" date at the top of this page always reflects the latest revision.

Common Questions

Frequently Asked Questions About Privacy

These are the questions we hear most from Nigerian business owners using QuickPOS. Each answer reflects how the platform actually works.

No. QuickPOS does not sell, rent, or lease your business or customer data to any third party for any reason, including advertising or market research. The only data sharing that occurs is with infrastructure providers (like cloud hosting) who are contractually bound to use it only to run the service.
You do. The Shop Owner is the Data Controller โ€” you own your inventory data, your customer records, your sales history, and your staff reports. QuickPOS is the Data Processor, meaning we handle it on your behalf. You can export all your data as CSV from the Reports module at any time, and you can request full deletion when you close your account.
Staff PINs are never stored in plaintext anywhere in the QuickPOS system โ€” not on the device, not on our servers. Every PIN is cryptographically hashed using SHA-256 before storage. This means even QuickPOS engineers cannot read or recover a staff member's PIN. If a PIN is forgotten, the Shop Owner resets it โ€” they cannot "look it up."
When your account is closed, QuickPOS removes your shop data, transaction history, staff records, and customer databases from active servers within 30 days of your deletion request. Before deleting, you can export everything you need as CSV files from the Reports module. Financial records required by Nigerian tax law may be retained in an archived, inaccessible state for the legally required period.
Data stored offline in IndexedDB sits on the device itself, not on our servers. The device is your responsibility โ€” use screen locks and limit physical access. When internet returns, data is encrypted in transit using TLS before syncing to our servers, where it is stored with AES-256 encryption at rest. Do not use Incognito/Private mode when working offline, as clearing the private session may erase unsynced records.
Pharmacy data โ€” including patient names, prescription details, NAFDAC numbers, and controlled substance logs โ€” is treated as highly sensitive. Access is restricted to authorized roles (Shop Owner, Manager, Pharmacist). QuickPOS staff do not access individual pharmacy records except when legally required (such as valid Nigerian law enforcement requests) or when you explicitly request technical support and grant temporary access.
Yes. Go to the Reports module in your QuickPOS Dashboard and export any report as a CSV file. For a full data export request or to exercise your formal NDPR portability right, contact privacy@pos.allshop.ng with "Data Export Request โ€” [Your Shop Name]" as the subject line. We will fulfill the request within 30 days.
Section 11

Contact Our Data Protection Officer

For any questions, concerns, or formal NDPR requests regarding your data or our security practices, contact our Data Protection Officer:

Data Protection Officer โ€” QuickPOS / Desk Tools

Email
privacy@pos.allshop.ng
Subject Line
"Data Privacy Request โ€” [Your Shop Name]"
Response Time
7 business days for general inquiries ยท 30 days for formal NDPR requests
Parent Company
Desk Tools โ€” the technology company that develops and operates QuickPOS
Regulator
Nigeria Data Protection Commission (NDPC) โ€” for complaints we cannot resolve

Looking for usage terms and subscription rules? Read the QuickPOS Terms of Service โ†’