Privacy Policy

This Privacy Policy describes how Nuru POS ("Nuru", "we", "us", or "our") handles personal and business information when venues and their authorised users use our point-of-sale and venue operations software, websites, and related services (together, the "Services").

Nuru POS is a product of Nuru Technologies Pty Ltd, an Australian company operating internationally. We comply with the data protection laws applicable in each country where we operate. Where local data protection legislation applies in the countries we serve, we honour those requirements.

If you do not agree with this policy, you should not use the Services.

The data controller is Nuru Technologies Pty Ltd, an Australian company operating internationally. For data protection enquiries, contact us using the details at the end of this policy.

We operate through authorised local partners in the regions we serve, who provide sales, onboarding, training, and first-line customer support on our behalf. These partners are contractually bound to comply with our privacy and data protection standards.

We collect information necessary to provide, secure, and improve the Services. This may include:

Venue and account data: business name, address, billing details, subscription plan, configuration settings, and similar operational data you provide when registering or managing your account.

Orders and operational data: items ordered, tables or rooms, kitchen routing, timestamps, modifications, and other transaction data generated when you use the POS.

Payments data: payment-related information processed through or in connection with the Services (for example amounts, payment method types, and transaction references). Payment card processing may be handled by third-party payment providers; we do not store full card numbers where they are processed solely by those providers in accordance with their terms.

Customer or guest information: names, contact details, room or booking references, folio details, or other information your staff enter about guests or customers as part of normal hospitality operations.

Staff and user information: names, roles, contact details, login identifiers, access permissions, and activity logs needed for authentication, authorisation, audit, and support.

Technical and device data: IP address, device type, browser type, app version, diagnostic logs, and security signals used to protect accounts and troubleshoot issues.

Communications: messages you send us (for example via our lead or contact forms), including name, email, phone number, and the content of your enquiry.

We use the information above to provide and operate the Services (including offline-capable features and synchronisation), authenticate users, process subscriptions and billing, provide customer support, improve reliability and performance, detect and prevent fraud or misuse, meet legal obligations, and communicate with you about the Services.

We do not sell your personal data or your customers' personal data to third parties.

We use secure cloud infrastructure and industry-standard measures designed to protect data in transit and at rest, including encryption for data in transit (such as TLS) and encryption at rest where supported for stored data.

Access to data is limited to authorised personnel and subprocessors who need it to operate the Services, subject to confidentiality and security obligations.

No method of transmission or storage is completely secure; we work to apply reasonable and appropriate safeguards for the nature of the data and the Services.

We retain information for as long as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements.

Retention periods may depend on your subscription status, the type of data (for example financial records), and legal requirements in applicable jurisdictions. When data is no longer required, we delete or anonymise it in line with our retention practices, subject to legal holds or backup cycles.

You may request deletion of certain personal data where applicable law allows; we will respond in line with our verification process and any legal exceptions.

We may share data with trusted service providers who assist us (for example hosting, analytics, email delivery, or payment processing) under contracts that require them to protect the data and use it only for the purposes we specify.

We may disclose information if required by law, court order, or governmental request, or to protect the rights, safety, or integrity of Nuru, our users, or the public.

We do not sell personal information to data brokers or advertisers.

Our websites and apps may use a minimal set of cookies and similar technologies needed for security, session management, and basic functionality.

Where we use analytics cookies or similar tools, we aim to keep them limited to understanding product usage and improving the Services. You can control cookies through your browser settings where applicable.

Depending on where you are located, you may have rights under applicable data protection laws, including in many cases rights of access, correction, deletion, restriction of processing, objection to certain processing, and data portability in a structured, commonly used format where technically feasible.

To exercise these rights, contact us using the details below. We may need to verify your identity before responding. You may also have the right to lodge a complaint with a supervisory authority in your country where such a right exists.

Data may be processed in Australia and in other countries where we or our service providers operate. Where personal data is transferred across borders, we take steps designed to ensure appropriate safeguards consistent with applicable law.

Nuru Technologies Pty Ltd is incorporated in Australia. This policy is intended to reflect principles aligned with internationally recognised data protection standards, including practices comparable to GDPR-style rights, as well as the Australian Privacy Principles (APPs) under the Privacy Act 1988, where they apply to our processing activities.

Specific legal requirements in the countries where you operate may apply to your venue; we encourage you to understand your own obligations as a business handling personal data about your staff and guests.

We may update this Privacy Policy from time to time. We will post the updated version on our website and adjust the "Last updated" date. Material changes may be communicated through the Services or by email where appropriate.