Back to home NRestro

Privacy & Policy

How NRestro collects, uses, and protects your information.

Privacy Policy, Cookie Policy & Data Processing Agreement

This document governs the collection, use, processing, storage, and protection of data by Nrestro POS, accessible from https://nrestro.com. It applies to our website, POS software, mobile applications, and related services (collectively, the “Services”).

This policy is designed to comply with:

  • Privacy Act, 2075 (2018) – Nepal
  • Privacy Regulation, 2077 (2020) – Nepal
  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)

1. Consent

By using our Services, you confirm that you have read, understood, and agreed to this policy.

2. Information We Collect

a) Information You Provide

  • Name, email address, phone number
  • Business name, address, contact details
  • User accounts, roles, and credentials
  • Support communications and feedback

b) Customer & POS Transaction Data

  • End-customer name, phone number, email (if provided)
  • Orders, discounts, refunds, payment details
  • Staff activity logs and audit trails

c) Payment Information

Nrestro POS supports direct payment processing as well as third-party payment gateways. Payments are handled using secure, PCI-DSS–compliant systems. Sensitive card data is encrypted and not stored unless legally required.

d) Automatically Collected Data

  • IP address
  • Browser and device information
  • Operating system
  • Application usage logs and timestamps

3. How We Use Information

  • Provide and operate POS Services
  • Process payments and transactions
  • Manage accounts and business operations
  • Improve performance, reliability, and security
  • Communicate service updates and support
  • Detect and prevent fraud or misuse
  • Comply with legal obligations

4. Legal Basis for Processing (GDPR)

  • User consent
  • Contractual necessity
  • Legal obligations
  • Legitimate business interests

5. Cookies & Tracking Technologies

We use cookies and similar technologies to maintain secure sessions, remember preferences, and analyze usage.

Types of Cookies

  • Essential: Required for functionality and security
  • Functional: Store preferences
  • Analytics: Improve performance and usability

You may disable cookies in your browser settings; however, some features may not function correctly.

6. Log Files

We follow standard log file practices. Logs may include IP address, browser type, ISP, timestamps, and referring pages. These logs are used for analytics and security and are not directly linked to identifiable individuals.

7. Data Sharing & Third Parties

We may share data with trusted service providers, including:

  • Payment processors
  • Cloud hosting providers
  • Analytics and monitoring services
  • Email and SMS communication providers
  • Customer support platforms

8. International Data Transfers

Our primary servers are hosted in Singapore. By using our Services, you consent to the transfer and processing of data in Singapore and other jurisdictions where our providers operate.

9. Data Retention

Data is retained only as long as necessary to provide Services, comply with legal obligations, resolve disputes, and enforce agreements.

10. Data Security

We apply appropriate technical and organizational safeguards, including encryption, access controls, secure infrastructure, and monitoring. No system can guarantee absolute security.

11. Nepal Data Protection Rights

  • Right to privacy and confidentiality
  • Right to be informed about data usage
  • Right to access personal data
  • Right to correction of inaccurate data
  • Right to request deletion (subject to law)
  • Right to lodge complaints with authorities

12. GDPR Rights (EU Users)

  • Access
  • Rectification
  • Erasure
  • Restriction or objection
  • Data portability

13. CCPA Rights (California Consumers)

  • Right to know what data is collected
  • Right to request deletion
  • Right to opt out of data sale

Nrestro POS does not sell personal data.

14. App Store Privacy Disclosure

  • Data Collected: Personal, business, customer, transaction, and usage data
  • Purpose: App functionality, payments, analytics, security
  • Data Sharing: Payment gateways, hosting, analytics, communication services
  • Encryption: Data encrypted in transit and at rest where applicable
  • Children: Not intended for users under 13
  • Data Location: Singapore

15. Data Processing Agreement (DPA) – Business Clients

Roles

  • Controller: Business using Nrestro POS
  • Processor: Nrestro POS

Scope & Purpose

Processing of personal data for POS operations, payments, reporting, and customer and staff management.

Processor Obligations

  • Process data only on documented instructions
  • Ensure confidentiality and security
  • Assist with data subject requests
  • Notify of data breaches without undue delay

Sub-Processors

Nrestro POS may engage sub-processors such as cloud and payment providers, subject to appropriate safeguards.

Data Deletion

Upon termination of Services, data will be deleted or returned unless retention is required by law.

Governing Law

This DPA is governed by the laws of Nepal, unless otherwise agreed.

16. Children’s Information

Nrestro POS does not knowingly collect data from children under 13. If identified, such data will be promptly deleted.

17. Changes to This Policy

We may update this document from time to time. Changes will be posted on this page with a revised date.

16. Contact Us

If you have any questions, concerns, or requests regarding this Policy, please contact us:

Nrestro POS
Email: [email protected]
Website: https://nrestro.com
Data Hosting Location: Singapore
Registered Address: Bhaktapur, Nepal