This Privacy Policy explains how Unkink (Pty) Ltd (registration number [reg no]), trading as FloatPOS ("we", "us"), collects and processes personal information in connection with the FloatPOS point-of-sale service ("the Service"). We are committed to processing personal information in accordance with the Protection of Personal Information Act, 2013 (POPIA).
Responsible party: Unkink (Pty) Ltd, [registered address, Lephalale]. Information Officer: [name], [privacy@floatpos.co.za].
For information about your own account (your name, email, business details, billing), we are the responsible party. For the data you enter into FloatPOS about your customers and staff, you are the responsible party and we act as your operator — we process that data only to provide the Service to you, under your instruction. A separate Operator/Data-Processing Agreement governs that relationship.
To create and operate your account, provide and support the Service, process subscription payments, comply with legal obligations, and secure and improve the Service — on the bases of contract performance, our legitimate interests, legal obligation, and, where required, your consent.
The Service is hosted on Supabase infrastructure located in the European Union (Paris region). This means personal information is transferred to and stored outside South Africa. The EU provides a level of data protection that POPIA recognises as adequate, and our processing agreements with our providers include appropriate safeguards as contemplated by section 72 of POPIA. [Confirm transfer mechanism with counsel.]
We share personal information only with service providers who help us run the Service, under confidentiality and data-protection terms, including: Supabase (hosting/database), Netlify (web hosting/CDN), Paystack and Yoco (payments), and [messaging/email providers, e.g. WhatsApp/email]. We do not sell personal information.
We apply technical and organisational safeguards as required by section 19 of POPIA, including tenant-level data isolation (row-level security), encryption of data in transit, access controls, and audit logging. No system is perfectly secure, but we work to protect your information and will notify you and the Information Regulator of any compromise as required by section 22.
We keep personal information for as long as your account is active and as required to meet legal, accounting and tax obligations (financial records are generally retained for [5] years), after which it is deleted or de-identified.
Subject to POPIA, you may request access to, correction of, or deletion of your personal information; object to processing; and download an export of your business data at any time from within the app. You may also lodge a complaint with the Information Regulator (South Africa) at inforegulator.org.za.
We may update this Policy. Material changes will be notified in-app or by email, and the version date above will change.