Back to Home
Legal

Privacy Policy

Last updated: April 19, 2026

1. Who We Are

POPIPOS is a cloud-based point-of-sale platform operated by TRUEGRAIN FOODS PRIVATE LIMITED, located in Jaipur, Rajasthan, India. When this policy mentions "POPIPOS", "we", "us", or "our", it refers to TRUEGRAIN FOODS PRIVATE LIMITED.

2. Information We Collect

We collect information necessary to provide our services. The types of data vary depending on whether you are a business user (restaurant owner/staff using POPIPOS) or an end customer (a diner whose data is processed through POPIPOS).

2.1 Business User Data

  • Account information (name, email address, password hash)
  • Organization details (business name, GST number, locations)
  • Payment and billing information for the subscription
  • Usage data and analytics (pages visited, features used)

2.2 End Customer Data (processed on behalf of businesses)

  • Phone numbers (for order receipts, OTP authentication, and loyalty programs)
  • Name and email (if voluntarily provided)
  • Order history and transaction records
  • Loyalty points balance and redemption history

2.3 WhatsApp Messaging Data

When a business connects their WhatsApp Business account through our platform, we process:

  • Phone numbers of message recipients
  • Message delivery status (sent, delivered, read, failed)
  • Message template content (order receipts, OTP codes, loyalty updates)
  • WhatsApp Business Account identifiers for API routing

We do not read, store, or process the content of personal WhatsApp conversations. We only handle transactional messages sent by the business to their customers through our platform.

3. How We Use Your Information

  • To provide, maintain, and improve our POS platform
  • To send transactional WhatsApp messages on behalf of businesses (order receipts, OTP authentication codes, loyalty point updates)
  • To track message delivery status and troubleshoot failures
  • To manage loyalty programs and customer engagement features
  • To generate sales reports and business analytics for our users
  • To communicate service updates, security alerts, and support responses
  • To comply with legal obligations, including tax and accounting requirements under Indian law

4. Data Sharing and Third Parties

We share data with the following categories of third parties, solely to provide our services:

Meta Platforms (WhatsApp Cloud API)

When businesses send WhatsApp messages through POPIPOS, recipient phone numbers and message content are transmitted to Meta's WhatsApp Cloud API. This is governed by Meta's own terms and data processing agreements.

Supabase (Infrastructure Provider)

Our database and authentication infrastructure is hosted on Supabase, which uses AWS data centers. Data is encrypted at rest and in transit.

Payment Processors

If businesses use integrated payment features, transaction data may be shared with Razorpay or similar processors under their respective policies.

We do not sell, rent, or trade personal information to third parties for marketing purposes.

5. Data Retention

  • Business account data: Retained for the duration of the account and up to 90 days after deletion request
  • Order and transaction records: Retained for a minimum of 8 years as required by Indian tax and accounting regulations
  • WhatsApp message logs: Message metadata (delivery status, timestamps) retained for 90 days. Message content is not stored beyond the delivery attempt
  • OTP codes: Automatically deleted after use or expiry (5 minutes)

6. Data Security

We implement industry-standard security measures to protect your data:

  • All data is encrypted in transit (TLS 1.2+) and at rest
  • WhatsApp API access tokens are encrypted before storage
  • Row-level security policies ensure data isolation between organizations
  • Authentication uses secure password hashing (bcrypt)
  • Webhook payloads are verified using HMAC-SHA256 signatures
  • Access to production systems is restricted and audited

7. Your Rights

Under applicable Indian data protection laws, you have the right to:

  • Access -- Request a copy of your personal data
  • Correction -- Request correction of inaccurate data
  • Deletion -- Request deletion of your data, subject to legal retention requirements
  • Opt-out of messaging -- End customers can ask the business to stop sending WhatsApp messages at any time
  • Data portability -- Request your data in a machine-readable format

To exercise these rights, contact us at privacy@popipos.com. We will respond within 30 days.

8. Cookies and Tracking

POPIPOS uses essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising pixels. The platform does not serve advertisements.

9. Children's Privacy

POPIPOS is a business-to-business service not intended for use by individuals under 18 years of age. We do not knowingly collect data from minors.

10. Changes to This Policy

We may update this policy from time to time. If we make material changes, we will notify business users via email and update the "Last updated" date above. Continued use of the platform after changes constitutes acceptance of the revised policy.

11. Contact Us

TRUEGRAIN FOODS PRIVATE LIMITED

Jaipur, Rajasthan, India

Email: privacy@popipos.com

Website: popipos.com