Schedule a Demo
Product Overview
Schedule a Demo

Privacy Policy

Privacy Policy

1. Introduction

Cardwatch POS is committed to protecting the privacy of individuals and organizations using our point-of-sale (POS) technologies across healthcare, senior living, and higher education communities. This Privacy Policy outlines how we collect, use, store, share, and safeguard personal information.

2. Scope

This policy applies to all data collected through Cardwatch systems, including our POS terminals, mobile apps, web portals, kiosks, CRM modules, and integrations with third-party platforms.

3. Types of Information We Collect

  • Personal Identification Information (PII): Name, email, phone number, customer ID
  • Payment Information: Credit/debit card data, resident spending plans, prepaid balances
  • Health & Dietary Data (where applicable): Allergies, dietary restrictions, nutrition profiles
  • Usage & Technical Data: IP addresses, device identifiers, system logs

4. How We Use Your Information

  • To authenticate users and provide POS functionality
  • To personalize services (e.g., menu filtering for dietary needs)
  • To process transactions and update CRM profiles
  • To conduct internal audits, analytics, and fraud prevention
  • To fulfill legal, contractual, or regulatory obligations

5. Legal Basis for Processing (GDPR Compliance)

We process personal data under the following bases:

  • Consent (e.g., optional dietary profiles)
  • Contractual necessity (e.g., to provide services to clients)
  • Legal obligations (e.g., tax and healthcare regulations)
  • Legitimate interests (e.g., product improvement, security monitoring)

6. Data Sharing & Disclosure

We do not sell user data. We may share data:

  • With cloud and analytics providers under strict data processing agreements
  • With third-party apps integrated at the client’s request (e.g., PointClickCare Yardi)
  • With regulators or law enforcement if legally mandated

7. Data Retention

We retain personal data for only as long as necessary to fulfill the purpose of collection or to meet legal obligations. Data is securely deleted or anonymized once no longer needed.

8. International Data Transfers

Where data is transferred across borders (e.g., between U.S. and Canadian data centers), appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms are used.

9. Data Security

Cardwatch employs:

  • Encryption of data in transit and at rest
  • Role-based access control (RBAC)
  • Network monitoring and intrusion detection
  • Regular security audits and penetration tests

10. Individual Rights
Users have the right to:

  • Request access to their data
  • Correct or delete inaccurate data
  • Withdraw consent for optional processing
  • File complaints with their local data protection authority (e.g., HIPAA Office, OPC Canada, EU Supervisory Authority)

11. Cookies and Tracking (Web & Mobile Apps)

We use cookies and analytics tools for session tracking, performance optimization, and personalization. Users can manage cookie preferences via browser settings.

12. Children’s Privacy

Cardwatch does not knowingly collect data from children under the age of 13 without parental or institutional consent. Special safeguards apply in school and university deployments.

13. Changes to This Policy

This policy is reviewed annually and may be updated as Cardwatch expands its services or as privacy laws evolve. Major changes will be communicated to clients.

14. Contact

For privacy inquiries, data access requests, or policy clarifications, contact: privacy@cardwatchpos.com