BPOSBack to Home

Privacy Policy

Last updated: December 27, 2025

1. Introduction

BPOS ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud-based Point of Sale (POS) system and related services.

By using BPOS, you consent to the data practices described in this Privacy Policy. If you do not agree with this policy, please do not use our Service.

2. Information We Collect

2.1 Account Information

When you register for BPOS, we collect:

  • Store name and business name
  • Email address
  • Phone number
  • Password (encrypted and hashed)
  • Administrator name and contact details

2.2 Business Data

As you use BPOS, we collect and store your business data, including:

  • Product Information: Product names, descriptions, prices, cost prices, images, barcodes, categories, and inventory levels
  • Sales Data: Invoice records, transaction details, payment methods, discounts, taxes, and sales timestamps
  • Customer Information: Customer names, contact details, purchase history, and transaction records
  • Supplier Information: Supplier names, contact details, and transaction history
  • Inventory Data: Stock levels, movement history, and inventory adjustments
  • Category Information: Product categories and organizational data
  • Store Settings: Business preferences, tax rates, and configuration data

2.3 Payment Information

When you make payments through PayHere, we collect:

  • Payment transaction IDs
  • Payment amounts and fees
  • Payment dates and status
  • Payment method information (processed by PayHere)

Note: We do not store credit card numbers or sensitive payment card data. All payment processing is handled securely by PayHere, and we only receive transaction confirmation data.

2.4 Technical Information

We automatically collect certain technical information, including:

  • IP addresses
  • Browser type and version
  • Device information
  • Operating system
  • Access times and dates
  • Usage patterns and feature interactions
  • Error logs and diagnostic data

2.5 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Maintain your login session
  • Remember your preferences
  • Analyze Service usage
  • Improve Service performance

You can control cookies through your browser settings, but disabling cookies may limit your ability to use certain features of the Service.

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Provision

  • Create and manage your Store account and database
  • Process and store your business transactions
  • Generate invoices and sales reports
  • Manage inventory and product catalogs
  • Provide customer and supplier management tools
  • Enable payment processing through PayHere

3.2 Communication

  • Send you service-related notifications
  • Respond to your inquiries and support requests
  • Notify you about payment due dates and billing information
  • Send important updates about the Service
  • Provide customer support

3.3 Service Improvement

  • Analyze usage patterns to improve Service functionality
  • Identify and fix technical issues
  • Develop new features and enhancements
  • Optimize Service performance

3.4 Legal Compliance

  • Comply with applicable laws and regulations
  • Respond to legal requests and court orders
  • Protect our rights and prevent fraud
  • Enforce our Terms and Conditions

3.5 Billing and Payment

  • Calculate monthly fees based on invoice counts
  • Process payments through PayHere
  • Maintain payment records and transaction history
  • Send billing notifications and receipts

4. Data Storage and Security

4.1 Data Storage

Your business data is stored in a dedicated database created specifically for your Store. Each Store has its own isolated database to ensure data separation and security.

Data is stored on secure servers, and we implement industry-standard security measures to protect your information.

4.2 Security Measures

We implement various security measures to protect your data, including:

  • Encryption of data in transit (SSL/TLS)
  • Encryption of sensitive data at rest
  • Secure password hashing (bcrypt)
  • Authentication tokens (JWT) for secure access
  • Regular security audits and updates
  • Access controls and user permissions
  • Database isolation between Stores
  • Regular backups of your data

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

4.3 Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. After account termination:

  • Your data will be retained for 30 days to allow for account recovery
  • After 30 days, your data may be permanently deleted
  • Some data may be retained longer if required by law or for legal purposes

You are responsible for exporting your data before account termination.

5. Data Sharing and Disclosure

5.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information or business data to third parties for marketing purposes.

5.2 Third-Party Service Providers

We may share your information with trusted third-party service providers who assist us in operating the Service, including:

  • PayHere: Payment processing gateway. PayHere processes your payment information in accordance with their privacy policy.
  • Cloud Hosting Providers: For data storage and server infrastructure
  • Image Hosting Services: For storing product images
  • Email Service Providers: For sending notifications and communications

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

5.3 Legal Requirements

We may disclose your information if required by law or in response to:

  • Court orders or legal processes
  • Government requests or regulatory requirements
  • Enforcement of our Terms and Conditions
  • Protection of our rights, property, or safety
  • Prevention of fraud or illegal activities

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change in ownership or control.

6. Your Rights and Choices

6.1 Access to Your Data

You have the right to access, view, and download your business data at any time through the Service dashboard. You can export your data in various formats for backup purposes.

6.2 Correction of Data

You can update and correct your account information and business data directly through the Service. You are responsible for maintaining the accuracy of your data.

6.3 Deletion of Data

You can request deletion of your account and data by contacting us. Upon account deletion:

  • Your account will be deactivated
  • Your data will be retained for 30 days
  • After 30 days, your data will be permanently deleted

6.4 Opt-Out of Communications

You can opt-out of non-essential communications by:

  • Following the unsubscribe instructions in emails
  • Contacting us directly
  • Updating your account preferences

Note: You cannot opt-out of essential service-related communications, such as payment notifications and security alerts.

6.5 Data Portability

You have the right to receive a copy of your data in a structured, commonly used format. You can export your data through the Service dashboard or request a data export by contacting us.

7. Children's Privacy

BPOS is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

By using BPOS, you consent to the transfer of your information to these countries. We take appropriate measures to ensure that your data receives adequate protection in accordance with this Privacy Policy.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of material changes by:

  • Posting the updated Privacy Policy on our website
  • Sending an email to your registered email address
  • Displaying a notice within the Service

Your continued use of the Service after the effective date of the updated Privacy Policy constitutes acceptance of the changes. We encourage you to review this Privacy Policy periodically.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Email: privacy@bpos.lk
  • WhatsApp: +94 70 767 6576
  • Support Email: support@bpos.lk

We will respond to your inquiry within a reasonable timeframe.

11. Compliance with Data Protection Laws

We are committed to complying with applicable data protection laws, including:

  • Personal Data Protection Act of Sri Lanka (when applicable)
  • General Data Protection Regulation (GDPR) for EU users
  • Other applicable regional data protection laws

If you are located in the European Economic Area (EEA), you have additional rights under GDPR, including the right to lodge a complaint with a supervisory authority.

By using BPOS, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.