Privacy Policy

POS PH (https://posph.blackpeak.digital) Operated by Blackpeak Digital

Last updated: July 10, 2026

POS PH is a point-of-sale system built for cafes, restaurants, and retail shops in the Philippines. We respect your privacy and are committed to protecting the personal data you entrust to us. This Privacy Policy explains what data we collect, why we collect it, how we protect it, and the rights you have under Republic Act No. 10173 (the Data Privacy Act of 2012), its Implementing Rules and Regulations, and the issuances of the National Privacy Commission (NPC).

By creating an account or using POS PH, you agree to the practices described in this policy.

1. Who This Policy Covers

  • Business owners and their staff who sign up for and use POS PH.
  • Customers of those businesses whose information (such as loyalty program details or online orders) is recorded in POS PH by the business they transact with.

Our role under the Data Privacy Act. For the account information of business owners and staff, Blackpeak Digital acts as the personal information controller. For the customer and employee data that a business records inside POS PH (loyalty members, staff time records, orders), that business is the personal information controller, and Blackpeak Digital acts as a personal information processor — we process that data only to provide the service and only on the business's behalf.

2. Information We Collect

We collect only the information needed to run the service:

Account information

  • Business name, email address, and login credentials (passwords are handled by our authentication provider and are never visible to us in plain text)
  • Subscription plan and payment reference details (e.g., a payment reference number). We do not collect or store your card or e-wallet credentials.

Staff information (entered by the business owner)

  • Staff names, roles, and PINs
  • Time records (clock-in/clock-out) and cashier shift records

Customer information (entered by the business or its customers)

  • Loyalty program details: customer name, email address, loyalty points, and QR code
  • Online orders placed through a store's ordering page

Business records

  • Sales transactions, products, inventory, expenses, and reports

Technical information

  • Basic device and browser information, and application logs used to keep the service running and to diagnose problems

We do not collect sensitive personal information as defined by the Data Privacy Act (such as health, government ID numbers, or biometric data), and we ask that you do not enter such information into POS PH.

3. Why We Collect It

We process personal data only for the following purposes, based on the performance of our contract with you, your consent, and our legitimate interest in operating a secure and reliable service:

  • To create and manage your account and verify your identity when you sign in
  • To provide the core features of POS PH: point of sale, kitchen display, inventory, staff time records, loyalty program, online ordering, and reports
  • To process and confirm subscription payments
  • To respond to support requests
  • To maintain security, prevent fraud and abuse, and keep audit records of important account actions
  • To comply with legal obligations

We will never sell your personal data, and we do not use it for third-party advertising.

4. How We Store and Protect Your Data

Your data is stored on Google Firebase / Google Cloud Platform, a leading cloud provider with industry-standard security certifications. Because Google's servers may be located outside the Philippines, your data may be transferred and stored abroad; when this happens, it remains protected in accordance with the Data Privacy Act, and we ensure our providers offer a comparable level of protection.

Security measures include:

  • Encryption in transit — all connections to POS PH use HTTPS/TLS
  • Encryption at rest on our cloud provider's infrastructure
  • Access controls — each business's data is isolated, and role-based permissions limit what owners, managers, and staff can see
  • Audit logging of significant account actions

No system is completely secure, but we work to protect your data using reasonable and appropriate organizational, physical, and technical measures as required by the Data Privacy Act.

5. Sharing of Data

We share personal data only with:

  • Service providers that are necessary to run POS PH (such as Google Firebase for hosting, database, and authentication), and only to the extent needed to provide the service
  • Government authorities, when required by law, court order, or a lawful request

We do not share, rent, or sell your data to anyone else.

6. Data Retention

We keep your data for as long as your account is active. If you cancel your subscription or ask us to delete your account, we will delete your personal data within a reasonable period, except where we are required to retain certain records to comply with legal, tax, or accounting obligations. Business owners can delete individual records (such as loyalty customers or staff) at any time from within the app.

7. Your Rights Under the Data Privacy Act

As a data subject under Philippine law, you have the right to:

  • Be informed about how your data is collected and processed
  • Access the personal data we hold about you
  • Correct inaccurate or outdated data
  • Erase or block data that is unlawfully processed or no longer necessary
  • Object to processing, including processing for direct marketing
  • Data portability — obtain a copy of your data in a commonly used electronic format
  • Damages — be compensated for damages caused by unlawful processing
  • File a complaint with the National Privacy Commission (https://privacy.gov.ph)

To exercise any of these rights, contact us using the details in Section 11. We will respond within a reasonable time and in accordance with the periods required by the NPC.

If you are a customer of a business that uses POS PH (for example, a loyalty member of a cafe), please direct your request to that business first, since it controls your data. We will assist the business in fulfilling your request.

8. Cookies and Local Storage

POS PH uses browser local storage and service workers to keep you signed in and to make the app work offline. We do not use third-party advertising or tracking cookies.

9. Children's Privacy

POS PH is a business tool and is not directed at children. We do not knowingly collect personal data from minors. If you believe a minor's data has been entered into the service without proper consent, contact us and we will remove it.

10. Data Breach Notification

In the event of a personal data breach that is likely to give rise to a real risk of serious harm, we will notify the National Privacy Commission and the affected data subjects within seventy-two (72) hours of knowledge of the breach, as required by the Data Privacy Act and NPC rules.

11. Contact Us

For privacy questions, requests, or concerns, contact:

12. Changes to This Policy

We may update this policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you inside the app or by email. Continued use of POS PH after changes take effect means you accept the updated policy.