Privacy Policy

1. Introduction

Retalyz LLC ("Retalyz," "we," "us," or "our") operates the Retalyz inventory intelligence platform at retalyz.com. This Privacy Policy describes how we collect, use, disclose, and protect information when you use our platform and services.

By creating an account or using our services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you sign up, we collect:

• Business name and contact person name
• Email address and phone number
• Password (stored in hashed form only)
• Billing information (processed and stored by Stripe; we do not store card numbers)

2.2 POS System Data

To provide our services, we connect to your point-of-sale system and collect:

• POS API credentials (encrypted at rest)
• Product catalog information (names, SKUs, categories, pricing)
• Inventory levels and movement history
• Sales transaction data (items sold, quantities, timestamps)
• Purchase order and vendor information

2.3 Operational Data

We may also collect:

• Foot traffic data from people-counting systems (if enabled)
• Arcade revenue and transaction data (if applicable)
• Portal usage and activity logs

2.4 End-Consumer Data

If you enable loyalty program or customer analytics features, we may process your customers' names, email addresses, and purchase history on your behalf. In this case, you act as the data controller and we act as the data processor. You are responsible for obtaining appropriate consent from your customers.

2.5 Payroll & Accounting Data

For accounts that enable our QuickBooks Online and/or iSolved integrations, we process:

• Aggregated general ledger journal entries derived from your payroll runs (debits and credits per account number)
• Chart-of-accounts mappings between your payroll source and your accounting platform
• Push history logs (which journal entries were posted, when, and their status)
• Authentication tokens for QuickBooks Online and iSolved (encrypted at rest in our credential vault)

We do not process individual employee compensation, social security numbers, or employee-level tax withholding records. The payroll data we handle is limited to aggregated journal-entry totals sufficient to post to your accounting system. You remain the data controller; we act as a data processor.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our inventory intelligence platform
• Generate purchase order recommendations based on sales velocity analysis
• Detect inventory anomalies and provide alerts
• Generate reports and analytics dashboards
• Send scheduled email reports you configure
• Process payments and manage your subscription
• Communicate with you about service updates and support

4. Third-Party Services

We use the following third-party services to operate our platform:

• Supabase — database hosting and authentication
• Stripe — payment processing and subscription billing
• Vercel — application hosting and analytics
• Resend — transactional and report email delivery
• Lightspeed / Lifelong POS — POS data synchronization (on your behalf)
• Intuit QuickBooks Online — accounting integration for accounts that connect QBO (on your behalf)
• iSolved — payroll data integration for accounts that use iSolved (on your behalf)

Each third-party service has its own privacy policy. We only share the minimum data necessary for each service to function.

5. Data Security

We implement appropriate technical and organizational measures to protect your data:

• POS API credentials are encrypted at rest
• All data transmission uses TLS encryption (HTTPS)
• Database access is controlled through row-level security policies
• Each account's data is isolated through tenant-scoped access controls
• Passwords are hashed and never stored in plain text
• Administrative access is restricted and logged

6. Data Retention

We retain your data for as long as your account is active. If you cancel your subscription, we retain your data for 90 days to allow for reactivation, after which it is permanently deleted. You may request immediate deletion at any time by contacting us.

Aggregated, anonymized analytics data may be retained indefinitely as it cannot be linked back to your account.

7. Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Export your data in a machine-readable format
• Opt out of non-essential communications

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and California Privacy Rights Act, including the right to know what personal information we collect, the right to delete your information, and the right to opt out of the sale of your personal information. We do not sell personal information.

Other State Privacy Laws

Residents of states with applicable privacy laws (including Virginia, Colorado, Connecticut, and others) may have similar rights. Contact us to exercise any applicable rights.

8. Cookies and Tracking

We use essential cookies for authentication and session management. We use Vercel Analytics for privacy-friendly, anonymized usage analytics. We do not use third-party advertising trackers or sell data to advertisers.

9. Children's Privacy

Our services are designed for business use and are not directed at individuals under the age of 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on our platform. Your continued use of the service after changes are posted constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at: