Legal

Privacy Policy

Last updated: May 25, 2026  ·  PIPEDA-compliant (Canada)

EN FR

1. Introduction

DMD Tech Inc. ("we", "us", or "our") operates Cloud Mobil POS — a SaaS point-of-sale and inventory management platform for Canadian retailers (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial legislation.

By accessing the Service you consent to the practices described here. If you do not agree, please discontinue use.

2. Information We Collect

2.1 Information You Provide

  • Account details — name, business email, and password when you register.
  • Business profile — store name, phone number, time zone, and business type provided during onboarding.
  • Payment details — billing information processed directly by Stripe; we never store full card numbers.
  • Communications — messages you send via our contact or demo-request form.

2.2 Information Collected Automatically

  • Usage data — pages visited, features used, session duration, and error logs.
  • Device & network data — IP address, browser type, operating system, and referring URL.
  • Cookies — see Section 4 for details.

3. How We Use Your Information

We use personal information only for the purposes below. We do not sell personal information to third parties.

⚙️
Service delivery

Provision and maintain your Cloud Mobil POS account and store instance.

💳
Billing & payments

Process subscription fees and trial-expiry notices via Stripe.

📧
Transactional email

Deliver password resets, onboarding credentials, and service notifications via SendGrid.

📊
Product improvement

Analyze anonymized usage patterns to improve features and resolve defects.

🔒
Security & fraud prevention

Detect and investigate abuse, enforce our Terms of Service.

⚖️
Legal compliance

Meet applicable Canadian legal obligations and respond to lawful government requests.

4. Cookies & Tracking

We use session cookies to maintain your authenticated session (via ASP.NET Core Data Protection). We do not deploy third-party advertising trackers. The following cookies may be set:

CookiePurposeDuration
.AspNetCore.SessionMaintains your login stateSession
__stripe_midStripe fraud prevention1 year
__stripe_sidStripe session identification30 minutes

You may disable cookies in your browser settings; however, disabling session cookies will prevent you from signing in.

5. Data Sharing

We share personal information only in the following limited circumstances:

  • Stripe — payment processing. See stripe.com/privacy.
  • SendGrid (Twilio) — transactional email delivery.
  • Railway.app — cloud hosting. Data may reside in Canada or the United States.
  • Legal requirements — we may disclose information when compelled by a court order, subpoena, or applicable law.
  • Business transfers — in a merger or acquisition, personal information may be transferred subject to equivalent privacy protections.

All sub-processors are contractually bound to protect personal information in accordance with applicable privacy law.

6. Data Retention

  • Active accounts — retained for the duration of your subscription plus 90 days.
  • Cancelled accounts — personal data purged within 90 days of cancellation; aggregated, anonymized data may be retained indefinitely.
  • Financial records — retained for 7 years as required by the Income Tax Act (Canada).
  • Server logs — retained for 30 days for security and debugging purposes.

You may request earlier deletion by contacting our Privacy Officer (Section 9).

7. Your Rights

Under PIPEDA you have the right to:

  • Access — request a copy of the personal information we hold about you.
  • Correction — request correction of inaccurate or incomplete records.
  • Withdrawal of consent — withdraw consent for non-essential processing; note this may limit use of certain features.
  • Deletion — request deletion of your account and associated data, subject to legal retention obligations.
  • Complaint — file a complaint with the Office of the Privacy Commissioner of Canada.

Requests will be acknowledged within 5 business days and fully addressed within 30 days.

8. Security

We implement industry-standard technical and organizational safeguards, including:

  • TLS 1.2+ encryption for all data in transit.
  • Passwords hashed with ASP.NET Core Identity (PBKDF2 + HMAC-SHA512).
  • Role-based access controls limiting data access to authorized personnel only.
  • Regular dependency updates and security patching.

No transmission method is 100% secure. In the event of a breach materially affecting your rights, we will notify you and the Privacy Commissioner as required under PIPEDA's mandatory breach notification rules.

9. Contact Our Privacy Officer

Questions, requests, or complaints regarding this Privacy Policy should be directed to our Privacy Officer:

DMD Tech Inc. — Privacy Officer
[email protected]

We will respond to all privacy requests within 30 days of receipt, as required by PIPEDA.