Privacy & Cookies Policy
Last updated: June 18, 2026
1. Who we are
Daily POS ("Daily POS", "we", "us", or "our") is a Shopify application that helps retail merchants manage in-store performance, motivate their teams, and track sales goals across one or more store locations.
Daily POS is operated by:
This Privacy & Cookies Policy explains what personal data we collect when you install or use the Daily POS app and when you visit our website at daily-pos.com (together, the "Service"), how we use that data, who we share it with, how long we keep it, and the rights you have over it. It also explains how we use cookies and similar technologies.
This policy is written to support compliance with the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and other applicable privacy laws. It does not constitute legal advice.
2. What Daily POS does and does not access
We have intentionally designed Daily POS to use the minimum personal data needed to provide the app's functionality.
Daily POS does NOTaccess your customers' personal data. We do not collect, store, or process the names, email addresses, phone numbers, or contact details of the merchant's end customers through the Shopify API.
What we do process is described below.
3. The data we collect
3.1 Data you provide directly (merchant account)
When you install the app or contact us, we collect:
- Your name and email address
- Your store name, store domain, and store location(s)
- Your app settings and preferences (for example, the goals and targets you configure)
- Any information you choose to send us when you contact support
3.2 Data collected through the Shopify API
To provide performance and goal-tracking features, Daily POS receives from Shopify:
- Staff / POS user data: the names and identifiers of the staff members and POS operators associated with your store, and the sales activity attributed to each of them (for example, number of orders, sales amounts, and goal progress per staff member).
- Aggregated sales and order data: order totals, transaction counts, dates, and related metrics used to calculate store and team performance.
We use this data to display dashboards, leaderboards, goal tracking, and reporting inside the app.
3.3 Data collected automatically
When you use the Service, we automatically collect technical and usage data, which may include:
- IP address, browser type, device type, and operating system
- Pages and features used within the app and on our website
- Automated log data relating to your use of the app (for example, errors and performance logs)
4. Our roles under data protection law
For your merchant account data and your use of the website, SAS JOOM is the data controller.
For the staff / POS user data that we process on your behalf to deliver the app's features, you (the merchant) are the data controller and SAS JOOM acts as a data processor. As the controller, you are responsible for having a valid legal basis to monitor your staff's performance and for informing your staff accordingly, as set out in our Terms of Service.
5. Why we use your data, and our legal bases
| Purpose | Legal basis (GDPR) |
|---|---|
| Providing the app and its features to you | Performance of a contract |
| Processing staff and aggregated data on your behalf | The merchant's instructions (we act as processor) |
| Billing and account management | Performance of a contract |
| Securing the Service, preventing fraud and abuse | Legitimate interests |
| Improving and developing the Service | Legitimate interests |
| Responding to support requests | Performance of a contract / legitimate interests |
| Sending you service communications about the app | Performance of a contract / legitimate interests |
Where we rely on legitimate interests, we have balanced those interests against your rights and freedoms.
6. Who we share your data with
We do not sell your personal data, and we do not share it with any third party for that third party's own purposes, including their own marketing.
Daily POS is part of a group of companies owned by JM Holding. Your data stays within this group and the infrastructure providers strictly necessary to operate the Service. It does not circulate beyond that, and it is never transferred to anyone for resale or for their own independent use.
Infrastructure providers (sub-processors). These providers process data only on our instructions and under contract, solely to host and run the Service:
| Provider | Purpose | Primary region |
|---|---|---|
| Heroku | Application hosting | US (EU regions available) |
| Amazon Web Services (AWS) | Cloud hosting and infrastructure | EU / US |
| Google Cloud | Cloud hosting and infrastructure | EU / US |
| Redis (Redis Labs) | Database and caching | EU / US |
| GoDaddy | Domain and DNS services | US |
| Sentry | Error monitoring and diagnostics | US |
You can request our up-to-date list of providers at any time at contact@daily-pos.com.
Shopify, which provides the platform and APIs the app relies on. Shopify's own handling of data is governed by its Privacy Policy and Data Processing Addendum.
Authorities or third parties, where we are legally required to do so, or to protect our rights, our users, or the public, or in connection with a merger, acquisition, or sale of assets (in which case the successor will remain bound by this policy or give you the opportunity to opt out of any new policy).
Billing for the app is handled by Shopify through the Shopify Billing API. We do not collect or store your payment card details.
7. International data transfers
We are based in France and host data in the European Union where possible. Where a sub-processor processes data outside the EU/UK, we put in place appropriate safeguards, such as the European Commission's Standard Contractual Clauses, to ensure your data receives an equivalent level of protection.
8. How long we keep your data
We keep your personal data only for as long as necessary to provide the Service and to fulfill the purposes described in this policy.
You can ask us to delete the personal data we hold about you and your staff at any time by emailing contact@daily-pos.com, and we will do so unless we are required to keep certain records to meet a legal obligation or to resolve a dispute.
When you uninstall the app or close your account, we delete or anonymize the personal data we hold, including your staff's identifiers. We keep aggregated, anonymized store performance data, which no longer identifies any individual, so that you can recover your store's history if you return to the Service later. Because this retained data is anonymized, it is no longer personal data, and we may keep it without a fixed time limit.
9. How we protect your data
We use reasonable technical and organizational measures to protect your data, including encryption in transit and at rest, access controls, and separation of test and production environments. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately at contact@daily-pos.com.
10. Your rights
10.1 EU, UK, Switzerland, and similar jurisdictions
You may have the right to:
- Access a copy of your personal data
- Correct or update inaccurate data
- Request erasure of your data
- Restrict or object to certain processing
- Data portability
- Withdraw consent at any time, without affecting prior processing
To exercise these rights, email contact@daily-pos.com. We will respond within the time required by law. If you are not satisfied, you may lodge a complaint with your local supervisory authority. In France, this is the CNIL (cnil.fr).
If the request concerns staff data that we process on a merchant's behalf, we will refer the request to the merchant (the controller) or act on the merchant's instructions.
10.2 California and other US states
We do not sell or share your personal information as those terms are defined under the CCPA/CPRA. Depending on your state, you may have the right to know what personal information we collect, to request its deletion or correction, and to opt out of any sale or sharing. To exercise these rights, contact contact@daily-pos.com. We will not discriminate against you for exercising them.
11. Cookies and similar technologies
We use only strictly necessary cookies, both on our website (daily-pos.com) and within the app embedded in your Shopify admin. These cookies keep you securely signed in, operate core functionality (for example, session and authentication tokens), and support basic site operation. They are required for the Service to work and cannot be switched off. We do not use cookies for analytics, advertising, or marketing.
You can control cookies through your browser settings. Most browsers let you refuse or delete cookies, but blocking strictly necessary cookies may stop parts of the Service from working.
There is no common industry standard for Do Not Track signals, so the Service does not currently respond to them.
12. Children
The Service is a business tool intended for merchants and their staff. It is not directed at children, and we do not knowingly collect personal data from anyone under the age of 16. If you believe a child has provided us with personal data, please contact us so we can delete it.
13. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top reflects the latest version. When we make material changes, we notify you through the in-app chat. If you consider that you were not notified, it is your responsibility to prove that the notice was not provided.
14. Contact
For any question about this policy or your personal data, contact us at: