1. Who We Are
YouPOS is operated by Donald Antonio (DFC Hub), a business registered in the Philippines with address at Ilocos Norte, Philippines.
For the personal data of account owners and staff, YouPOS acts as the data controller.
For personal data of end customers entered by Tenants into the platform, each Tenant is the data controller and YouPOS acts as a data processoron the Tenant's behalf.
2. Data We Collect
2.1 Account Owners (Tenants)
- Full name
- Email address
- Password (stored as a one-way hash; we never store plain-text passwords)
- Business name and address
- Subscription and billing records (amounts, payment references — no card data)
- Account settings and preferences
2.2 Staff Users
- Full name
- Email address
- Role and access level assigned by the Tenant owner
- Password (stored as a one-way hash)
- Action history (audit logs tied to that user's account)
2.3 End Customers (Entered by Tenants)
Tenants may enter their customers' information into YouPOS. This data is processed by us on behalf of the Tenant. It may include:
- Name
- Phone number or email (optional)
- Device and repair history
- Transaction and payment records (amounts, methods — no card data)
- Notes (optional, free-text entered by staff)
2.4 Technical and Usage Data
- IP addresses (used for rate limiting and security purposes)
- Browser type and session metadata (via standard web server logs)
- Request metadata for performance monitoring (no payload content logged)
We do not use advertising cookies, third-party tracking pixels, or behavioral analytics tools on youpos.dfchub.com.
3. How We Use Your Data
- To create and maintain your account and provide the YouPOS service.
- To process your subscription and billing arrangements.
- To provide customer support and respond to inquiries.
- To send transactional communications (account-related notifications).
- To enforce our Terms of Service and Acceptable Use Policy.
- To detect and prevent fraud, abuse, and security incidents.
- To comply with legal obligations.
- To improve and develop the platform using aggregate, non-identifiable usage patterns.
4. Legal Basis for Processing
Under the Philippine Data Privacy Act of 2012 (Republic Act No. 10173), we process personal data on the following bases:
- Contractual necessity — processing is necessary to provide the service you have subscribed to.
- Legitimate interests — for security, fraud prevention, and service improvement.
- Compliance with a legal obligation — where required by applicable Philippine law.
- Consent — where explicitly obtained (e.g., optional communications).
5. Data Sharing and Sub-Processors
We do not sell your personal data. We share data only with the following categories of third parties, and only as necessary to provide the service:
- Hosting providers — The platform runs on cloud infrastructure provided by Vercel, Supabase, and Upstash. Your data is stored on their servers.
- Email delivery — Resend is used to deliver receipt emails on your behalf. Only the recipient address and receipt content are transmitted.
We do not share personal data with advertisers, marketing platforms, or data brokers.
6. International Data Transfers
YouPOS is operated from the Philippines and uses infrastructure hosted in cloud data centers that may be located in Japan, Singapore, or other provider-managed regions. Where data is transferred internationally, we take reasonable steps to ensure it is protected in accordance with the Philippine Data Privacy Act.
7. Data Retention
- Active account data — retained for the duration of your subscription.
- Post-cancellation — retained for a 30-day recovery window, after which data is deleted or anonymized. Full deletion review completes within 60 days of cancellation.
- Backup data — automated backups retained for up to 3 months (7 daily, 4 weekly, 3 monthly copies). Deletion requests apply to live data immediately but may persist in backups until those backups expire.
- Billing records — retained for 7 years for accounting and legal compliance.
8. Security Measures
We implement reasonable technical and organizational measures to protect your personal data, including:
- HTTPS/TLS encryption for all data in transit.
- Passwords stored as one-way bcrypt hashes.
- Multi-tenant database isolation using row-level security policies.
- Role-based access control so staff only access data within their permission level.
- Rate limiting on authentication and sensitive endpoints.
- Automated database backups with documented recovery procedures.
9. Your Rights Under the Philippine Data Privacy Act (RA 10173)
- Right to be informed — to know that your data is being collected and how it is used.
- Right of access — to request a copy of the personal data we hold about you.
- Right to rectification — to request correction of inaccurate or incomplete data.
- Right to erasure or blocking — to request deletion or restriction of processing.
- Right to object — to object to processing of your data in certain circumstances.
- Right to data portability — to receive a copy of your data in a structured format.
- Right to damages — to claim compensation for violations of the Data Privacy Act.
- Right to file a complaint — with the National Privacy Commission (NPC) at privacy.gov.ph.
To exercise any of these rights, contact our privacy team at legal.youpos@dfchub.com. We will respond within 15 business days.
10. Receipts and BIR Compliance
Receipts generated by YouPOS are operational records only. They are not BIR-accredited official receipts or invoices. Tenants who require BIR-accredited official receipts must maintain a separate compliant receipting system.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or in-app notification and update the “Last updated” date at the top of this page. Continued use of YouPOS after the effective date constitutes your acceptance of the updated policy.
12. Contact