🔒 NDPR Compliant · Updated May 2026

Your data belongs
to your business.

QuickPOS is built on a simple principle: the data your business generates — sales, stock, customers, staff activity — is yours. We protect it, never sell it, and hand it back to you whenever you ask.

🔐 AES-256 encryption at rest
🔑 SHA-256 hashed PINs
🇳🇬 NDPR compliant
🚫 Zero data selling
Privacy Overview

QuickPOS Privacy Policy

This Privacy Policy explains how QuickPOS — operated at pos.allshop.ng by Desk Tools — collects, processes, stores, and protects the personal and commercial data of Shop Owners, Staff Members, and the end-consumers whose data flows through the QuickPOS point of sale and inventory platform. This policy aligns with the Nigerian Data Protection Regulation (NDPR) and the Nigeria Data Protection Act 2023.

🚫
Never Sold
Your data is never sold, rented, or shared for advertising.
🔐
Encrypted
AES-256 at rest, TLS in transit, SHA-256 for staff PINs.
📤
Exportable
Download all your business data in CSV format at any time.
🗑️
Deletable
Request account deletion and data is removed within 30 days.
🇳🇬
NDPR Compliant
Fully aligned with Nigeria's Data Protection Regulation.
👤
You're in Control
The Shop Owner is the Data Controller. QuickPOS is the Processor.

By using QuickPOS, you acknowledge the practices described here. This Privacy Policy should be read together with our Terms of Service.

Section 1

Information We Collect

QuickPOS collects only the information needed to deliver the service. We do not collect sensitive personal information speculatively — only what is required for POS functionality, account management, and security.

1.1 Information Provided by the Shop Owner

  • Account Details: Full name, email address, phone number, shop name, and shop location.
  • Billing Information: Payment details are transmitted directly to our secure processors (Paystack / Stripe). QuickPOS servers never store raw card numbers or CVV codes.
  • Staff Information: Names, assigned roles (Cashier, Manager, Pharmacist, Bar Staff), and cryptographically hashed 4-digit Staff PINs. Plaintext PINs are never stored.

1.2 Commercial and Customer Data You Enter

As you operate QuickPOS, you input data about your business and customers. In this context, QuickPOS acts as a Data Processor while you (the Shop Owner) are the Data Controller and are responsible for how this data is collected from your end-customers.

  • Customer Data: Names, phone numbers, email addresses, debt balances, and purchase histories of walk-in or returning customers.
  • Inventory & Financial Data: Product pricing, cost prices, supplier details, expense logs, stock movements, and revenue metrics.
  • Pharmacy Data: In Pharmacy Mode — patient names, NAFDAC numbers, controlled substance logs, and expiry tracking. Treated as highly sensitive with strict access controls.
  • Bar / Restaurant Data: Table tabs, server assignments, and service charge records.
  • Wholesale Data: B2B client profiles, credit limits, and debtor aging records.

1.3 Automatically Collected Data

  • Device and Usage Information: IP addresses, browser types, device IDs (used by the Host Lease architecture), and operating systems.
  • Audit Logs: Timestamps of logins, sales, voids, stock corrections, and offline-sync conflict resolutions. These power the QuickPOS Audit Trail and are key for theft prevention.
  • Offline Storage Metrics: Size and sync status of your local IndexedDB cache, used to keep the PWA running during internet outages.
  • Analytics: Aggregated, anonymized usage statistics via Google Analytics to improve the service.
Section 2

How We Use Your Information

QuickPOS uses collected data only to operate, improve, and secure the service. We do not use your data for advertising, profiling, or purposes you have not consented to.

  • Core POS Functionality: Facilitating transactions, inventory syncing across multiple devices, and offline-to-cloud reconciliation.
  • Service Communications: Subscription renewal notices, low-stock alerts via Telegram, and critical system updates.
  • QR Menu Operations: Routing customer orders from the QuickPOS QR Menu to your designated WhatsApp number.
  • Analytics & Product Improvement: Aggregating anonymized data to improve search algorithms and system performance.
  • Security and Fraud Prevention: Monitoring audit logs to detect unauthorized access or brute-force PIN attempts.
  • Customer Support: Responding to your inquiries through WhatsApp, email, or in-app support channels.
💡 What We Don't Do

QuickPOS does not use your business or customer data to train AI models, serve advertisements, or build targeting profiles. Your sales data is not shared with competitors, market research firms, or data brokers.

Section 3

Data Storage & Security

QuickPOS uses a layered security model: strong encryption for data in transit and at rest, hashing for sensitive credentials, and role-based access to limit who inside QuickPOS can even see your data.

LayerMethodWhat It Protects
Data In TransitTLS (Transport Layer Security)All data moving between your device and our servers
Data At RestAES-256 EncryptionAll stored business and customer data on our cloud servers
Staff PINsSHA-256 Hashing4-digit PINs — never stored in plaintext, even internally
Payment DataPaystack / Stripe (PCI-DSS)Card numbers never touch QuickPOS servers
Access ControlRole-Based (Owner / Manager / Cashier)Each staff role can only access permitted features
Audit TrailImmutable LogEvery sensitive action is timestamped and attributed

3.1 Local Storage (IndexedDB & Offline Mode)

To enable Offline Mode, QuickPOS stores your commercial data locally in the browser's IndexedDB. This allows cashiers to keep selling when internet drops. You are responsible for securing the physical devices running QuickPOS — using device lock screens, PIN codes, and controlling physical access.

⚠️ Important for Offline Users

Clearing your browser cache or using Incognito / Private mode while offline may cause loss of unsynced data. For best reliability, use QuickPOS in a normal browser session, not private mode.

3.2 Server Infrastructure

QuickPOS hosts cloud data with infrastructure providers operating data centres that meet recognized international security standards (ISO 27001 or equivalent). Where data is processed outside Nigeria, we ensure adequate safeguards consistent with the NDPR.

Section 4

Third-Party Sharing

QuickPOS does not sell, rent, or lease your data to third parties. We share data only in these limited circumstances:

  • Service Providers: Trusted infrastructure partners — cloud hosting (AWS / Google Cloud), payment gateways (Paystack, Stripe), and transactional email or SMS delivery services — receive only the data necessary to perform their function.
  • Legal Compliance: If required by a Nigerian court or to comply with valid law-enforcement requests (particularly regarding the Controlled Substance Register in Pharmacy mode), we may disclose required records.
  • Business Transfers: In a merger or acquisition, your data may transfer to the acquiring entity under strict obligation to uphold this Privacy Policy.
  • With Your Consent: Any other sharing only happens with your explicit, informed consent.
✅ Our Commitment

Your business data — sales figures, customer lists, product prices, staff performance — will never be shared with other businesses, competitors, market research companies, or advertising networks.

Section 5

Your Rights Under the NDPR

The Nigerian Data Protection Regulation grants you enforceable rights over your data. QuickPOS has built most of these directly into the Dashboard so you can exercise them without needing to contact us.

📤 Access & Export

View all your data inside QuickPOS. Export any report as CSV from the Reports module at any time, with no additional charge.

✏️ Rectification

Edit customer data, supplier records, product names, and staff details directly inside the platform.

🗑️ Erasure

Request account deletion. Upon verification, your shop data, transactions, and customer databases are permanently removed from active servers within 30 days.

⏸️ Restrict Processing

Request that we pause processing of your data while a dispute is being resolved.

📦 Portability

Receive your data in a structured, machine-readable format (CSV) to move to another platform.

🙅 Object

Object to processing for analytics or product improvement that is not strictly necessary for operating the service.

You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) if you believe your rights have been violated.

Section 6

Customer Data Management (For Shop Owners)

As the merchant, you are the Data Controller for your customers' data. This is an important distinction under the NDPR.

When you add a customer's phone number, email, or name to QuickPOS for debt tracking, credit sales, or digital receipts — you are responsible for having obtained appropriate consent from that customer. QuickPOS is not liable for a merchant's violation of local privacy or marketing laws in how they handle their own customers' data.

💡 Practical Advice for Shop Owners

Display a brief consent notice at your counter or POS screen when you first record a customer's contact details — something like "We record your name and phone for payment tracking." This simple step keeps you compliant with the NDPR.

Section 7

Cookies & Tracking

QuickPOS uses cookies, IndexedDB, and similar technologies for three purposes:

  • Authentication: Keeping you signed in to your shop workspace across browser sessions.
  • Offline Storage: Queuing transactions, stock movements, and customer data until they can sync when internet is restored.
  • Analytics: Google Analytics collects anonymized, aggregated usage data so we can understand how to improve the platform. No personal identifiers are passed to Google Analytics.

You can control cookies through your browser settings. Disabling essential cookies or clearing IndexedDB while offline will prevent login and may cause loss of unsynced data.

Section 8

Data Retention

QuickPOS retains your account data for as long as your subscription remains active. After account closure:

  • Commercial data is removed from active servers within 30 days.
  • Financial records may be retained longer where Nigerian tax or pharmacy regulations require it.
  • Aggregated, anonymized analytics data may be kept indefinitely — it can no longer identify any individual or business.
Section 9

Children's Privacy

QuickPOS is a business tool intended for users aged 18 and over. We do not knowingly collect personal information from children. If we discover that data from a person under 18 has been submitted, we will delete it promptly. If you believe a minor's data has been entered into the system, contact us at privacy@pos.allshop.ng.

Section 10

Policy Changes

As QuickPOS adds features — such as new AI Insights, new analytics, or additional API integrations — this Privacy Policy will be updated to reflect changes in our data practices. Material changes will be communicated through an in-app Dashboard alert or by email at least 14 days before they take effect. The "Last Updated" date at the top of this page always reflects the latest revision.

Common Questions

Frequently Asked Questions About Privacy

These are the questions we hear most from Nigerian business owners using QuickPOS. Each answer reflects how the platform actually works.

No. QuickPOS does not sell, rent, or lease your business or customer data to any third party for any reason, including advertising or market research. The only data sharing that occurs is with infrastructure providers (like cloud hosting) who are contractually bound to use it only to run the service.
You do. The Shop Owner is the Data Controller — you own your inventory data, your customer records, your sales history, and your staff reports. QuickPOS is the Data Processor, meaning we handle it on your behalf. You can export all your data as CSV from the Reports module at any time, and you can request full deletion when you close your account.
Staff PINs are never stored in plaintext anywhere in the QuickPOS system — not on the device, not on our servers. Every PIN is cryptographically hashed using SHA-256 before storage. This means even QuickPOS engineers cannot read or recover a staff member's PIN. If a PIN is forgotten, the Shop Owner resets it — they cannot "look it up."
When your account is closed, QuickPOS removes your shop data, transaction history, staff records, and customer databases from active servers within 30 days of your deletion request. Before deleting, you can export everything you need as CSV files from the Reports module. Financial records required by Nigerian tax law may be retained in an archived, inaccessible state for the legally required period.
Data stored offline in IndexedDB sits on the device itself, not on our servers. The device is your responsibility — use screen locks and limit physical access. When internet returns, data is encrypted in transit using TLS before syncing to our servers, where it is stored with AES-256 encryption at rest. Do not use Incognito/Private mode when working offline, as clearing the private session may erase unsynced records.
Pharmacy data — including patient names, prescription details, NAFDAC numbers, and controlled substance logs — is treated as highly sensitive. Access is restricted to authorized roles (Shop Owner, Manager, Pharmacist). QuickPOS staff do not access individual pharmacy records except when legally required (such as valid Nigerian law enforcement requests) or when you explicitly request technical support and grant temporary access.
Yes. Go to the Reports module in your QuickPOS Dashboard and export any report as a CSV file. For a full data export request or to exercise your formal NDPR portability right, contact privacy@pos.allshop.ng with "Data Export Request — [Your Shop Name]" as the subject line. We will fulfill the request within 30 days.
Section 11

Contact Our Data Protection Officer

For any questions, concerns, or formal NDPR requests regarding your data or our security practices, contact our Data Protection Officer:

Data Protection Officer — QuickPOS / Desk Tools

Email
privacy@pos.allshop.ng
Subject Line
"Data Privacy Request — [Your Shop Name]"
Response Time
7 business days for general inquiries · 30 days for formal NDPR requests
Parent Company
Desk Tools — the technology company that develops and operates QuickPOS
Regulator
Nigeria Data Protection Commission (NDPC) — for complaints we cannot resolve

Looking for usage terms and subscription rules? Read the QuickPOS Terms of Service →