Introduction
Welcome to UmaPOS. UmaPOS is a restaurant operating platform that includes our website (umapos.com), web admin and restaurant panels (admin.umapos.com), guest QR ordering, and companion mobile apps for reception, waiters, and kitchen staff.
This Privacy Policy explains how UmaPOS (“we”, “us”, “our”) collects, uses, and protects information when you use our platform, websites, and related services (collectively, the “Services”).
By using the Services, you agree to this Privacy Policy. If you use UmaPOS on behalf of a restaurant, your employer or the restaurant account owner is responsible for how staff and customer data is managed within that account.
1. Scope of This Policy
- UmaPOS marketing website and contact forms at umapos.com
- Platform admin panel for UmaPOS operators
- Restaurant owner and staff web panel at admin.umapos.com
- Guest QR menu and ordering experiences in the browser
- Mobile apps: UmaPOS Reception, UmaPOS Waiter, and UmaPOS Kitchen
Each mobile app may collect additional device-specific information as described in its dedicated privacy policy above.
2. Information We Collect
Depending on how you use UmaPOS, we may collect:
- Account information: name, email address, phone number, restaurant name, and business details provided during signup or profile setup
- Authentication data: login credentials, session tokens, and staff PINs used in mobile or panel access
- Operational data: orders, tables, menu items, inventory, billing, bookings, queue/seating data, and staff activity needed to run the POS
- Guest QR ordering data: table context, cart items, and service requests submitted by customers scanning QR codes (as configured by the restaurant)
- Device and usage data: browser type, IP address, app version, device model, push notification tokens, and diagnostic logs for security and reliability
- Communications: messages you send to us for support, demos, or sales inquiries
3. How We Use Information
- Provide, operate, and maintain the UmaPOS platform
- Authenticate users and enforce role-based access for owners, managers, and staff
- Process restaurant orders, kitchen workflows, billing, inventory, and reporting
- Send service-related notifications (including push alerts where enabled)
- Respond to support requests and improve our products
- Protect against fraud, abuse, and security incidents
- Comply with legal obligations
We do not sell your personal information.
4. Restaurant Accounts & Staff Data
Restaurants that subscribe to UmaPOS are the primary controllers of their business data, including staff records, orders, and customer-facing information collected through QR ordering.
UmaPOS processes this data on behalf of restaurants to deliver the Services. Restaurant owners and administrators can add, update, or remove staff access at any time.
5. Guest & Customer Information
When guests use QR ordering at a restaurant, they may submit order items, table identifiers, and optional service requests. This information is used to fulfill the guest’s request at that restaurant and is controlled by the restaurant’s UmaPOS account.
Guests are not required to create a UmaPOS account to browse a QR menu or submit an order for waiter approval, unless the restaurant enables additional identification steps.
7. Third-Party Services
We use trusted infrastructure and service providers, including:
| Provider | Purpose |
|---|---|
| Supabase | Authentication, database, file storage, and real-time sync |
| Google Firebase Cloud Messaging | Push notifications for web panels and mobile apps |
| Hosting & infrastructure partners | Secure application hosting and content delivery |
These providers process data only to operate UmaPOS, subject to their own privacy and security terms.
9. Data Security
- Encrypted HTTPS for data in transit
- Role-based access controls for admin, owner, and staff users
- Secure authentication and session management
- Industry-standard cloud infrastructure through our providers
No system is completely secure. Please use strong passwords and protect staff PINs.
10. Data Retention
We retain information for as long as needed to provide the Services, meet legal obligations, resolve disputes, and enforce agreements.
Restaurant data is generally kept while the restaurant’s UmaPOS account remains active. Account owners may request deletion subject to contractual and legal requirements.
11. Your Choices & Rights
- Access or update your account profile through the restaurant or admin panel where available
- Request correction or deletion by contacting us or your restaurant administrator
- Opt out of non-essential marketing emails by using unsubscribe links or contacting support
- Disable push notifications in your browser or device settings
Depending on your location, you may have additional privacy rights under applicable law.
12. Children's Privacy
UmaPOS is a business platform for restaurants and is not directed at children under 13. We do not knowingly collect personal information from children.
13. International Users
UmaPOS serves restaurants in multiple countries. Your information may be processed in countries where we or our service providers operate, with appropriate safeguards for cross-border transfers where required.
14. Changes to This Policy
We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised effective date.
Continued use of the Services after changes become effective constitutes acceptance of the updated policy.
15. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at hello@umapos.com.