Privacy Policy

Last updated: February 13, 2026

1. Information We Collect

We collect the following types of information:

  • Account information: Name, email address, and password when you register
  • Authentication data: OAuth tokens and profile information when you sign in with Google or Facebook
  • Business data: Store information, employee details (names, PINs), and order data you create within the Service
  • Payment information: Billing details processed through Xendit (we do not store your card details directly)
  • Usage data: Pages visited, features used, and general interaction patterns

2. Loyverse Integration Data

When you connect your Loyverse POS account, we access and store the following data from Loyverse:

  • Receipts and transaction history
  • Customer records
  • Items and categories
  • Store and employee information
  • Payment types and discounts

This data is synced to provide order tracking, reporting, and business management features. Your Loyverse API tokens are encrypted at rest using AES-256-GCM encryption and are never shared with third parties.

3. How We Use Your Data

We use your information to:

  • Provide and maintain the Service
  • Sync data between LaundryVerse and your Loyverse POS
  • Process subscription payments
  • Send important service-related notifications
  • Improve the Service based on usage patterns
  • Provide customer support

4. Data Storage and Security

Your data is stored in MongoDB databases hosted on secure cloud infrastructure. We implement the following security measures:

  • Encryption at rest: Sensitive data (Loyverse API tokens) is encrypted using AES-256-GCM
  • Secure authentication: Passwords are hashed and salted; sessions use JWT tokens
  • Multi-tenant isolation: Each business's data is isolated using tenant-specific identifiers
  • HTTPS: All data in transit is encrypted via TLS

5. Data Retention

We retain your data for as long as your account is active. If you cancel your subscription, your data is retained for 30 days after the end of your billing period. After account deletion, your data is permanently removed within 30 days, unless we are required by law to retain it.

6. Third-Party Services

We integrate with the following third-party services:

  • Loyverse: POS data synchronization (receipts, items, customers)
  • Xendit: Payment processing for subscriptions
  • Google: OAuth authentication (optional sign-in method)
  • Facebook: OAuth authentication (optional sign-in method)
  • Vercel: Application hosting and deployment
  • MongoDB Atlas: Database hosting

Each third-party service has its own privacy policy. We encourage you to review their policies.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Disconnect your Loyverse account at any time
  • Export your data in a standard format

To exercise any of these rights, contact us at [email protected].

8. Cookies

We use essential cookies to maintain your session and authentication state. We do not use third-party tracking cookies or advertising cookies. Session cookies include:

  • NextAuth session cookie: For admin authentication
  • DOD session cookie: For employee PIN-based authentication on devices

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at [email protected].