Privacy Policy — Cardwatch POS
Last updated: 2025-12-23
Applies to: Cardwatch POS software and hardware, Cardwatch Cloud (the “Services”), our websites, and customer support channels.
1) Who We Are
Cardwatch POS (“Cardwatch”, “we”, “us”) provides point‑of‑sale software and services to businesses across healthcare, senior living, and higher‑education communities as well as other commercial sectors. Our legal entity is [full legal name] with its principal place of business at [address].
- Privacy contact: admin@cardwatchpos.com
2) Scope
This policy explains how we collect, use, disclose, and protect personal data when:
- Merchants, their employees, and administrators create and use Cardwatch accounts
- End customers purchase goods/services through a Cardwatch‑powered POS
- Visitors access our websites, dashboards, or Cardwatch Cloud
Systems covered: Cardwatch POS terminals, mobile apps, web portals/dashboards, self‑service kiosks, CRM modules, and integrations with third‑party platforms (e.g., PointClickCare, Yardi) configured by clients.
Not covered: Merchants’ own privacy notices to their customers, or data collected outside the Services by merchants or third parties they enable.
3) Roles and Definitions (Plain Language)
- Personal Data: Information that identifies or can reasonably identify a person.
- Controller / Business: Decides why/how personal data is processed. Cardwatch is a controller for our own business‑ops data (billing, support, marketing, product analytics tied to our improvement of the Services).
- Processor / Service Provider: Processes data on another party’s instructions. Cardwatch is a processor for merchants’ POS and customer data.
- Cardholder Data (CHD): Payment card data regulated by PCI DSS (e.g., PAN). We do not store/process/transmit CHD in our apps or cloud (see §9 and §18).
- Cardwatch Cloud: Our hosted, multi‑tenant environment.
4) What We Collect
4.1 Merchant & Staff Data (Controller for our ops; Processor for merchant ops)
Identity & Contact: name, business name, job role, email, phone, postal address.
Account & Device: usernames, roles/permissions (RBAC), device IDs, OS/app version, IP address, locale, time zone, authentication logs.
Business & Payment: store settings, locations, tax configuration, catalog, inventory, resident spending plans and prepaid balances (non‑PCI), settlement/billing details (tokenized), subscription status.
Usage & Telemetry: feature usage, performance metrics, crash logs, diagnostics.
Support: tickets, call/chat recordings, screenshots/attachments you submit.
4.2 End‑Customer Data (Processor)
Transaction: items, prices, discounts, tax, tip, subtotal/total, timestamp, store and terminal IDs, clerk ID.
Receipt Contact (optional): email/phone for e‑receipts; opt‑ins (loyalty/marketing).
Payments: processed via Datacap/processor—Cardwatch receives tokens, last 4 digits, card brand/expiry, approval/decline codes, and processor reference IDs. We do not store full PAN, track, PIN, or CVV2.
Optional Profiles (client‑configured): loyalty IDs, campus/enterprise IDs, and CRM attributes necessary for service delivery.
4.3 Website / Cloud Visitors (Controller)
Cookies and Similar Tech: strictly necessary cookies; optional analytics/ads cookies with consent where required.
Logs: IP address, user‑agent, referrer, pages viewed, timestamps, error logs.
4.4 Health & Dietary Data (where applicable)
In healthcare, senior living, and higher‑education deployments, merchants may capture allergies, dietary restrictions, and nutrition profiles to enable menu filtering and safety controls at the point of service. Cardwatch processes this data as a processor on the merchant’s instructions. Where consent is required, merchants are responsible for collecting and managing it; Cardwatch supports their choices.
HIPAA/PHI: Where the client is a covered entity or business associate and such data constitutes Protected Health Information (PHI), Cardwatch will execute a Business Associate Agreement (BAA) and process only the minimum necessary data to provide the Services. Cardwatch does not use PHI for marketing or unrelated analytics.
5) Why and How We Use Data (Purposes & Legal Bases)
- Provide and Operate the Services: account creation, authentication, POS operation, updates.
Legal bases: contract necessity; legitimate interests. - Personalize Services: menu filtering for allergies/dietary needs; display of relevant items; CRM profile‑based experiences as configured by clients.
Legal bases: consent where required; contract necessity; legitimate interests. - Process Transactions and Prevent Fraud: route payments through Datacap and processors; detect anomalies.
Legal bases: contract necessity; legitimate interests; legal obligation. - Security and Reliability: access control, audit logs, monitoring, backups, incident response.
Legal bases: legitimate interests; legal obligation. - Support, Training, and Service Improvement: respond to tickets; analyze usage (aggregated/de‑identified where feasible).
Legal bases: legitimate interests; consent where required. - Compliance: accounting/tax, sector‑specific regulations, responding to lawful requests.
Legal bases: legal obligation.
We do not sell personal data. We do not use cardholder data for any purpose other than payment processing via our payment partners. We do not use cardholder data for any purpose other than payment processing via our payment partners.
6) Data Minimization and De‑Identification
Where feasible, we minimize collection, restrict access, and use aggregation or de‑identification for analytics and product improvement. We maintain internal retention schedules (see §12) and role‑based access.
7) Where We Process Data & International Transfers
Cardwatch Cloud is hosted on [cloud provider(s); e.g., AWS/Azure/GCP] in [regions]. Data may be processed in these regions and by approved subprocessors (see §14). When transferring personal data internationally, we use appropriate safeguards such as Standard Contractual Clauses (EEA/UK/CH) and comparable mechanisms. Region locking/localization are available to enterprise customers under contract.
8) Your Choices
- Marketing Communications: opt out via unsubscribe links or in‑product settings.
- Cookie Preferences: manage in our cookie banner or your browser settings.
- Device Permissions: OS‑level permissions (e.g., camera for barcode scanning) can be disabled; core POS functions may require certain permissions.
9) Payments, PCI, and Datacap Middleware (Scope Reduction)
Cardwatch integrates with Datacap Systems (e.g., NETePay® and EMV client controls) in a semi‑integrated, out‑of‑scope model so that cardholder data is captured on EMV devices and sent directly to the payment processor through Datacap. Cardwatch applications and Cardwatch Cloud do not store, process, or transmit CHD. We retain tokens and limited metadata (brand, last 4, expiry) plus processor responses for refunds, reconciliation, and receipts.
This semi‑integrated model significantly reduces PCI DSS scope for Cardwatch and merchants but does not eliminate all obligations. Merchants are responsible for device custody, physical security, and completing the appropriate SAQ with their processor/QSA. Cardwatch treats tokens and transaction metadata as sensitive and protects them accordingly (see §10).
10) Security Controls
Access Control: SSO/MFA; least privilege; role‑based access control (RBAC); quarterly reviews; session management.
Encryption: TLS in transit; AES‑256 at rest; KMS‑managed keys; separate secrets management; key rotation.
Application Security & SDLC: code review; CI/CD gates; static/dynamic scanning; dependency monitoring; secrets scanning; change management with approvals.
Logging & Monitoring: centralized logs; tamper‑resistant audit trails; anomaly detection; network monitoring and intrusion detection; rate limiting/WAF.
Vulnerability & Patch Management: regular scanning; timely patch SLAs by severity; annual penetration testing and security audits.
Business Continuity & Disaster Recovery: multi‑AZ deployments; tested backups and restores; target RTO: [e.g., 4h]; RPO: [e.g., 15m].
Third‑Party Risk: due diligence, DPAs/security addenda, annual reassessments, audit/attestation review (e.g., SOC 2 of critical vendors).
Employee Safeguards: background checks where lawful; confidentiality agreements; mandatory security & privacy training; acceptable‑use policy.
Attestations: Cardwatch does not currently maintain SOC 1 or SOC 2 attestations. The controls above reflect our present security program and industry best practices (encryption, RBAC, secure SDLC, monitoring, BC/DR). Upon request and under NDA, we can share a high‑level security overview, recent penetration‑test summary, and vulnerability‑management evidence.
11) How We Share Information
We share personal data only with:
- Payment partners (Datacap middleware and processors) and integrations you enable
- Subprocessors that support our Services (see §14)
- Third‑party apps explicitly connected by clients (e.g., PointClickCare, Yardi) to synchronize profiles, balances, or entitlements under the client’s control
- Professional advisors and auditors under confidentiality
- Authorities when legally compelled or to protect rights, safety, and security
- Acquirers in a merger, acquisition, or reorganization, under equivalent protections
We do not allow third parties to use personal data for their own marketing without consent.
12) Retention
We keep personal data only as long as needed for the purposes in this policy or to comply with law, then delete or de‑identify it. Defaults (unless your contract requires otherwise):
| Data Category | Default Retention |
| Transaction (non‑PCI) records | 7 years (tax/audit) |
| Receipt email/phone | Until merchant deletion or customer opt‑out; auto‑purge after [X] years of inactivity |
| Device/app telemetry logs | 12 months |
| Support tickets/recordings | 2 years |
| Account & billing records | 7 years |
| Backups | Rolling [30–90] days |
Where deletion is requested and legally permitted, we will delete or de‑identify within a reasonable time. Deletions from backups occur on normal backup rotation.
13) Your Rights (GDPR/UK GDPR, CPRA/US State Laws, PIPEDA)
Depending on your location, you may have rights to access, correct, delete, port, restrict/opt out of certain processing, and appeal decisions. Submit a verifiable request via admin@cardwatchpos.com.
- EEA/UK/Switzerland: We rely on SCCs/appropriate safeguards for transfers; you may contact your data authority.
- California/US state laws: We do not “sell” personal information. We offer rights to know, delete, correct, and limit certain uses.
- Canada (PIPEDA/provincial): You may request access and rectification; complaints can be filed with the Office of the Privacy Commissioner of Canada (OPC) or provincial commissioners.
- Health contexts: Complaints related to HIPAA may be directed to the U.S. Department of Health & Human Services Office for Civil Rights (OCR).
End‑customers should contact the merchant first; Cardwatch will support the merchant as processor.
14) Subprocessors & Third Parties
We use third‑party service providers for hosting, messaging (email/SMS), analytics/diagnostics, support tooling, observability, and payments middleware (Datacap). We require appropriate contractual and technical safeguards (including DPAs, confidentiality, and security obligations). A current list is maintained at [link to live subprocessor page]. Where legally required, we will provide advance notice of material changes.
15) Children
Our Services are not directed to children under 13 (or 16 in the EEA/UK). We do not knowingly collect children’s data. In school and university deployments, collection occurs only with appropriate parental, institutional, or student consent as required by law and contract. If you believe a child has provided personal data, contact us and we will take appropriate action.
16) Incident Response & Breach Notification
We maintain a documented incident response plan (detect → contain → eradicate → recover → post‑mortem). For incidents that materially affect the confidentiality, integrity, or availability of personal data, we will notify affected customers without undue delay and within applicable legal deadlines. Notices will describe scope, impact, measures taken, and guidance.
17) Data Subject Requests and Complaints
- Submit requests: admin@cardwatchpos.com or in‑product request tools
- Response targets: within 30 days (or as the law requires)
- Appeals: If your request is denied, you may appeal by replying to our decision email; you may also contact your data protection authority.
18) Controller vs. Processor (Important)
- Cardwatch as Controller: website visitors; merchant account owners and billing contacts; product analytics used to improve our Services.
- Cardwatch as Processor/Service Provider: end‑customer transactions, receipt contact data, and most merchant operational data within POS and Cardwatch Cloud.
A Data Processing Addendum (DPA) forms part of our merchant agreement and governs processor activities, including instructions, confidentiality, subprocessing, security, assistance with data subject rights, deletion/return of data at termination, audit rights, and transfer mechanisms. [Link to DPA]
19) Cloud‑Specific Notes (Cardwatch Cloud)
- Multi‑Tenant Isolation: logical segmentation at the data and application layers; tenant scoping enforced at every access layer.
- Data Locality: region selection and localization options for enterprise customers by agreement.
20) Cookies & Tracking
- Required Cookies: authentication, load balancing, security.
- Optional Cookies: analytics/diagnostics and (where applicable) ads, only with consent in regulated regions.
We use cookies and analytics tools for session tracking, performance optimization, and personalization. Users can manage cookie preferences via browser settings and our cookie banner. See our Cookie Notice for detailed categories, purposes, and retention. [Link to Cookie Notice]
21) Do Not Track / Automated Decision‑Making
Our Services do not respond to browser “Do Not Track” signals. We do not perform automated decision‑making that produces legal or similarly significant effects without human involvement.
22) Changes to This Policy
We will post updates here and revise the “Last updated” date. This policy is reviewed at least annually and may be updated as Cardwatch expands its Services or as privacy laws evolve. Where required, we will provide in‑product or email notice at least [30] days before material changes take effect.
23) Contact Us
Cardwatch POS — Privacy Team
Email: admin@cardwatchpos.com
Mail: 16610-209 Bayview Avenue, Newmarket, Ontario L3X1X3
14. Contact
For privacy inquiries, data access requests, or policy clarifications, contact: privacy@cardwatchpos.com
