Skip to content
MobileStockPOS
Start free
Back to home
Legal · v1.0-draft

Privacy Policy

What MobileStockPOS collects, how we use it, and the rights you have under UK GDPR.

Last updated:

Placeholder: This document is a first-draft template and must be reviewed by a UK-qualified solicitor before public launch.

Who is responsible

The data controller for personal data processed via the public marketing website and subscription billing is:

Hostnicker Web Solution LTD
London, GB

For personal data your customers submit to the Service (e.g. repair ticket phone numbers) we act as a processor acting on your behalf — see the Data Processing Agreement for details of that role.

What we collect

Account data: Your name, email, shop name, country, and UI language. Collected when you sign up or send a contact enquiry.

Usage data: Pages visited, features used, device / browser, IP address. Used to operate the Service, debug issues, and understand how the product is used. Captured via PostHog (EU region) behind a cookie consent banner on the marketing site.

Billing data: Processed by Stripe on our behalf. We never see your card numbers; we only see the last four digits and brand for receipts.

Customer-submitted data: Everything your shop enters into the Service (products, sales, customers, repair tickets, IMEIs). We hold this as a processor — see the DPA.

How we use it

  • To operate, maintain, and improve the Service.
  • To send account, billing, and trial-expiry emails (transactional, cannot be opted out of while your account is active).
  • To send product updates and marketing email (opt-in, unsubscribe in one click).
  • To comply with legal, tax, and regulatory obligations in the UK and any jurisdictions we operate in.

Where it's stored

Primary database and storage run on Supabase. Static assets are served by Vercel's global CDN. Both providers operate in data centres we choose for each tenant, with contractual safeguards (Standard Contractual Clauses) for cross-border transfers.

Sub-processors

We rely on a small set of sub-processors:

  • Supabase — database, authentication, storage.
  • Vercel — web hosting and edge network.
  • Stripe — subscription billing and tax calculation.
  • PostHog (EU) — product analytics behind consent.
  • Resend — transactional email.
  • Upstash Redis — rate limiting.
  • Cloudflare Turnstile — bot protection on sign-up / contact.

A current, versioned list is available on request from the email above.

How long we keep it

  • Account data: while your account is active + 90 days after termination.
  • Usage + analytics: up to 24 months, aggregated after 90 days.
  • Billing data: 7 years (tax law).
  • Backup snapshots: 30 days rolling.

Your rights

Under UK GDPR you have the right to access, correct, export, restrict, or delete your personal data, and to object to certain processing. Contact us at the DPO email listed above to exercise these rights.

Cross-border transfers

We are a UK company and transfer data to sub-processors in the UK, EU, and US under Standard Contractual Clauses or an applicable adequacy decision. Where we serve customers in Asia, additional regional safeguards may apply as detailed in the DPA.

Cookies

See our Cookie Policy.

Changes

Material changes to this policy will be notified by email at least 14 days before they take effect, and the updatedAt date above will be revised.

Contact

Data subject requests and general privacy questions go to the DPO email listed in the company block above.