Back

Zolt POS (Admin & Owner Application)

Strategic Objective: Protecting Merchant Data and Financial Compliance.

Comprehensive Data Inventory

Business Profile Data

We collect your legal entity name, Canadian or Indian Business Numbers, GST/HST details, and verified physical addresses to ensure tax-compliant invoicing.

Financial Transaction Metadata

While payments are routed through Nuvei or Global Pay, Zolt stores transaction IDs, timestamps, payment methods (e.g., 'Visa'), and settlement statuses. We do not store sensitive cardholder data like CVV or full PANs on our local servers.

Customer Records

For digital receipts and loyalty tracking, we store customer phone numbers and emails as provided by the merchant. The merchant warrants they have obtained necessary consent for this collection under local laws (e.g., CASL in Canada).

Infrastructure & Security Framework

Cloud Architecture

Your entire business database is hosted on AWS (Amazon Web Services). Data is encrypted at rest using AES-256 and in transit via TLS 1.3.

Authentication (Firebase)

Secure access is maintained via Firebase Authentication. Your mobile number is used strictly for identity verification through OTP.

Staff Data Restriction Policy

To mitigate the risk of internal data breaches, the POS system is designed with a Non-Exportable Staff Detail architecture. Merchants can view performance but cannot download bulk employee personal files, protecting both the employee's privacy and the merchant's liability.

Universal Legal Clauses

Cross-Border Data Transfer

You acknowledge that Techmen Infotech (Parent Company) is based in India. Your data may be transferred to and processed on AWS servers in various regions.

Third-Party Sub-Processors

We utilize Firebase (Google) for OTP/Messaging and Nuvei/Global Pay for payment tokenization. These entities have their own privacy protocols which are incorporated herein by reference.

Data Breach Protocol

In the event of a data breach, Techmen Infotech will notify the Data Protection Board (India) or the Privacy Commissioner (Canada) and the affected users within 72 hours of verification.