Privacy Policy for World POS

Effective date: Aug 20, 2025

This Privacy Policy explains how World POS (the “Product”) and its operating company (the “Company”, “we”, “us”, “our”) collect, use, disclose, and protect personal information of users of our software, websites, and related services (collectively, the “Services”). By using the Services you agree to the practices described here.

Who We Are

Legal Entity: Exesmart Dynamics
Registered Address: 412/D1/1, Nawala Road, Rajagiriya, SRI LANKA
Contact Email: [email protected]
Contact Phone: (+94) 11 36 47 007

Scope

This policy applies to merchants, staff users, and end customers whose data is processed through World POS, including the desktop and cloud versions, mobile apps, official websites, and connected integrations.

Information We Collect

  • Account and business information: business name, registration details, address, tax numbers, user names, roles, login credentials, and contact details.
  • Point of sale data: product catalogs, pricing, discounts, receipts, invoices, purchase orders, supplier and customer profiles, and transaction history.
  • Payment information: payment amounts, methods, and limited payment instrument details processed via payment gateways. We do not store full card numbers unless explicitly stated and required for your chosen provider.
  • Device and usage data: device identifiers, operating system, app version, IP address, timestamps, error logs, and feature usage analytics.
  • Location data: approximate location from IP and optional precise location if you enable location features.
  • Support communications: emails, chat messages, call notes, and attachments you share with Support.
  • Cookies and similar technologies: used on our websites and web apps to remember preferences, maintain sessions, and analyze usage. See the Cookies section.

How We Use Information

  • Provide and maintain the Services, including user authentication, role based access, sales processing, and receipt or invoice generation.
  • Improve performance and reliability through diagnostics, error reporting, and analytics.
  • Security and fraud prevention, including monitoring sign ins, suspicious activity alerts, and audit logs.
  • Customer support to respond to requests and resolve issues.
  • Legal and compliance, including tax reporting support and responding to lawful requests.
  • Communications about updates, changes to terms, new features, training, and service notices. Marketing messages are sent only where permitted and you can opt out at any time.

Legal Bases for Processing

Where applicable law requires a legal basis, we rely on one or more of the following: contract to provide the Services, legitimate interests such as improving and securing the Services, consent where you have granted it, and legal obligation.

Sharing and Disclosure

  • Service providers: hosting, analytics, error tracking, email delivery, backup, and customer support vendors under contract and bound to protect your data.
  • Payment gateways and financial partners: to process payments you request and to prevent fraud.
  • Integrations you enable: such as accounting systems, ecommerce platforms, and logistics partners. Data sharing follows your configuration.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, subject to this policy.
  • Legal requirements: to comply with laws, court orders, or to protect rights, safety, and property.

Data Retention

We retain personal information for as long as needed to provide the Services, meet legal and tax requirements, resolve disputes, and enforce agreements. Retention periods may vary by data type and jurisdiction. You can request deletion of certain data subject to our legal obligations and technical feasibility.

International Transfers

Your data may be processed in countries other than your own. Where required, we use appropriate safeguards such as standard contractual clauses or comparable protections to ensure an adequate level of data protection.

Security

We use administrative, technical, and physical safeguards to protect personal information. Measures include access controls, encryption in transit where supported, secure key management, network protections, and staff training. No method of transmission or storage is fully secure, and we cannot guarantee absolute security.

User Controls and Rights

  • Access and update: you can view and edit many data fields within World POS.
  • Portability: request exports of certain data in a common format.
  • Deletion: request deletion of personal information where permitted and not required to be retained by law.
  • Consent management: withdraw consent where processing is based on consent.
  • Objection and restriction: object to or request restriction of certain processing activities.

To exercise rights, contact us at [email protected]. We may need to verify your identity before completing your request.

Cookies

We use session and persistent cookies to authenticate users, remember preferences, and analyze traffic. You can manage cookies through your browser settings. Disabling cookies may limit functionality.

Children

Our Services are not directed to children under the age of 13 or the minimum age required by local law. We do not knowingly collect data from children. If you believe a child has provided personal information, please contact us and we will take appropriate steps to remove the information.

Your Responsibilities as a Merchant

If you collect personal information from your customers through World POS, you are responsible for providing your own customer facing privacy notices, obtaining required consents, and complying with applicable laws. We process customer data on your instructions as a processor or service provider where applicable.

Compliance Notes

We aim to align with applicable data protection laws including the European Union General Data Protection Regulation where relevant, the United Kingdom data protection law, and the Sri Lanka Personal Data Protection Act where applicable. The precise rights and obligations may vary by jurisdiction.

Changes to This Policy

We may update this policy from time to time. The updated version will be posted here with a new effective date. Material changes may also be communicated through the app or by email.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact Support at [email protected] or at the address listed above.