Platform LogoBack to Main Site

Privacy Policy

Last Updated: November 21, 2025

Welcome to the Questdrium Tech Platform ("Platform", "we", "us", "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our multi-tenant Point of Sale (POS) and business management software. Please read this policy carefully.

1. Information We Collect

We act as both a "Data Controller" for our direct clients' information and a "Data Processor" for the information our clients collect about their customers. We collect information in several ways:

A. Information You Provide to Us

  • Account Information (Clients & Developers): When you register for a Corporate or Developer account, we collect your name, email address, company name, and password. For paid services, we collect billing information, which is processed by our third-party payment processors (e.g., Stripe, Clip).
  • Staff User Information: Corporate Admins and Managers provide information about their staff, including name, role, location, and contact details.
  • Developer Payout Information: We collect bank account or Stripe account details via secure third-party services (e.g., Plaid) to process developer earnings. We do not store raw bank account numbers on our servers.
  • Communications: When you contact our support (including interactions with KairosAI) or communicate with us in any way, we collect the content of those communications.

B. Information Collected Automatically

  • Transactional Data: When the POS is used, we process transaction data, including items purchased, order totals, payment method (tokenized), timestamps, and location.
  • Usage Data: We log activity on the Platform, including feature usage, API calls made by extensions, page visits, and interactions with UI elements. This helps us understand how the service is used and where to improve.
  • Device and Log Information: We collect standard log information, including IP address, browser type, and operating system when you access our Platform.
  • Cookies and Tracking Technologies: We use cookies and similar technologies to maintain user sessions, remember your preferences (like language and theme), and help us understand user activity. You can control the use of cookies at the individual browser level.

C. Information Processed on Behalf of Our Clients

  • End-Customer Data: When our Clients' customers place an order, we process information necessary to fulfill that order, including items, cost, and any contact details provided by the customer for receipts or loyalty accounts (e.g., name, email, phone number). In this relationship, our Client is the Data Controller, and we are the Data Processor. We only process this data according to our Client's instructions and our service agreement.

2. How We Use Your Information

We use the information we collect for various purposes, including to:

  • Provide, operate, secure, and maintain the Platform.
  • Process transactions, including SaaS subscriptions and developer payouts.
  • Improve, personalize, and expand our services, including our AI models (KairosAI, CLV-A, ProfitFlowAI). Anonymized and aggregated data may be used for training purposes.
  • Communicate with you for customer service, to provide updates, and for marketing and promotional purposes (where consent is given).
  • Screen developer extensions and ad campaigns for security vulnerabilities, performance issues, and policy compliance using automated tools and manual review.
  • Prevent fraud and enforce our terms and policies.
  • Generate aggregated, anonymized analytics and reports for internal use and for our Clients.

3. Data Sharing and Disclosure

We do not sell your personal information. We may share information under the following limited circumstances:

  • With Service Providers: We share information with third-party vendors that perform services for us, such as payment processing (Stripe, Clip, Plaid), cloud hosting, and email delivery. These vendors are contractually obligated to protect your data.
  • With Our Clients: Our Clients (e.g., restaurant owners) have access to the data generated within their own store environment, including their customer data, sales data, and staff performance data. We do not share data between different Clients.
  • Developer Extensions: If a Client installs a third-party extension from our marketplace, they explicitly grant that extension access to their data based on the permissions requested by the extension during installation. Our role is to facilitate this connection, and we are not responsible for the data practices of third-party developers. We encourage Clients to review the privacy policies of any extension they install.
  • For Legal Reasons: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or subpoena).
  • Business Transfers: In connection with any merger, sale of company assets, or acquisition of all or a portion of our business by another company, your information may be transferred.

4. Data Security & Retention

We implement industry-standard security measures to maintain the safety of your personal information. All payment information is tokenized and handled by PCI-compliant processors. We retain your personal data for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes, and enforce our agreements.

5. International Data Transfers

Your information may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ. By using the Platform, you consent to this transfer.

6. Your Data Rights

Depending on your location, you may have certain rights regarding your personal data, including the right to access, correct, or delete your information. If you are an End-Customer of one of our Clients, you must direct any requests regarding your personal data to that Client (the "data controller"). If you are a direct user of our platform (e.g., a Corporate Admin or Developer), you may exercise your rights by contacting us.

7. Contact Us

If you have any questions about this Privacy Policy, please contact us at legal@questdrium.tech.