Short version: we store the data you need to run operations — nothing more. No retargeting, no ad-tech.
Business name, NPWP (optional), owner email. Stored while account active + 7 years after termination (Indonesian tax regulation).
Name, role, hashed PIN (argon2id), shift log, branch location. PIN never stored plain-text. Avatar photo optional.
Name + WhatsApp number (optional, for order-ready notifications). Stored per-merchant — a guest at Maple & Oat is not identifiable by another restaurant.
Transaction amount, method (QRIS/cash/EDC), provider reference number. Card data never touches Posz — processed directly by the payment gateway (uncle-z payment / DOKU / NicePay).
Request a full export of merchant + staff + customer + transaction data any time by emailing posz@uncle-z.com. We reply within 5 business days.
Posz follows Indonesia's Personal Data Protection Act (UU 27/2022). You're the Data Controller for your customers; Posz is the Data Processor. Contractual details are in the terms of service.