Legal

Privacy Policy

Effective: February 21, 2026 Last updated: February 23, 2026

Overview

Plain language summary: ENZO collects only the data necessary to provide your Point of Sale service. We store your business data locally on your device and in our secure cloud. We never sell your data to third parties.

This Privacy Policy explains how ENZO ("we," "us," or "our") collects, uses, stores, and protects your information when you use the ENZO Point of Sale application and website (collectively, the "Service") at enzopos.app and app.enzopos.app.

By using ENZO, you agree to the collection and use of your information in accordance with this policy. This policy is governed by the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and, where applicable, the General Data Protection Regulation (GDPR).

Information We Collect

1. Account & Identity Information

When you register for an ENZO account, we collect:

  • Full name and email address
  • Password (stored as a cryptographic hash — we never see your plain-text password)
  • Business name and type
  • Profile photo (optional)

2. Business & Transaction Data

As you use the Service, we store the business data you create, including:

  • Products, categories, and pricing information
  • Sales transactions and receipts
  • Inventory levels, purchase orders, and stock adjustments
  • Customer records you create within ENZO (names, contact details, purchase history)
  • Supplier information
  • Store/branch configuration and team member information

3. Payment & Billing Information

For paid subscriptions, billing is processed by PayMongo, a PCI-DSS compliant payment processor. ENZO does not store credit card numbers, CVVs, or full bank account details. We retain:

  • Subscription plan and status
  • Payment history and invoice records
  • Billing contact information
  • PayMongo customer and subscription reference IDs

4. Technical & Usage Data

We automatically collect limited technical data to maintain and improve the Service:

  • Device type, operating system, and browser version
  • IP address and approximate geographic region (country/city level)
  • Pages visited, features used, and session duration
  • Error logs and crash reports
  • Sync event logs (online/offline transitions)

5. Communications Data

If you contact us for support or send email receipts to customers through ENZO, we may retain:

  • Support ticket content and communication history
  • Email addresses used for receipt delivery

How We Use Your Information

We use your information solely to deliver, maintain, and improve the Service. Specifically:

Service Delivery

  • Authenticate your identity and manage your account
  • Synchronize your business data across devices
  • Process subscription payments and manage billing
  • Send digital receipts to your customers on your behalf
  • Generate sales reports and analytics within your account

Service Improvement & Security

  • Monitor for errors, bugs, and performance issues
  • Detect and prevent fraud, unauthorized access, and abuse
  • Analyze aggregate (anonymized) usage patterns to improve features
  • Conduct security audits and vulnerability testing

Communications

  • Send transactional emails (account confirmation, password reset, billing receipts)
  • Notify you of critical service updates, security alerts, or policy changes
  • Respond to support inquiries
  • Send product update announcements (you may opt out at any time)

Legal Compliance

  • Comply with applicable Philippine laws and regulations
  • Respond to valid legal process (court orders, government requests)
  • Enforce our Terms of Service

We do not use your business transaction data to train AI models, sell to advertisers, or share with any party for marketing purposes.

Sharing & Disclosure

We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:

Service Providers (Data Processors)

We share necessary data with trusted third-party vendors who process data on our behalf under strict data processing agreements:

  • Supabase — Cloud database and authentication (data hosted in servers compliant with international security standards)
  • PayMongo — Payment processing for subscriptions
  • Resend / SendGrid — Transactional email delivery (receipt emails, notifications)
  • Vercel — Application hosting and content delivery

Team Members You Invite

When you invite team members to your ENZO account, they gain access to the store data (products, sales, customers) according to the role you assign (Admin, Manager, or Cashier). You are responsible for managing who you invite.

Legal Requirements

We may disclose your information if required by law, regulation, legal process, or valid governmental request, or where we believe disclosure is necessary to protect the rights, property, or safety of ENZO, our users, or the public.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website at least 30 days prior to any such transfer and prior to your data becoming subject to a different privacy policy.

Data Storage & Security

Where Your Data Is Stored

Your data is stored in two locations:

  • Cloud: Our primary database runs on Supabase with PostgreSQL. Data is encrypted at rest (AES-256) and in transit (TLS 1.2+). Supabase maintains SOC 2 Type II compliance.
  • Local Device: A local copy is maintained in your browser's IndexedDB to enable offline functionality. This data is subject to your device's security settings.

Security Measures

  • All data transmitted between your device and our servers is encrypted via HTTPS/TLS
  • Passwords are hashed using industry-standard algorithms (bcrypt/Argon2) — never stored in plain text
  • Access to production systems is restricted to authorized personnel with multi-factor authentication
  • Regular security assessments and dependency audits are performed
  • Database access is controlled via Row Level Security (RLS) policies, ensuring users can only access their own organization's data

While we implement strong security measures, no method of electronic storage or transmission is 100% secure. We encourage you to use a strong, unique password and enable any available two-factor authentication.

Offline & Local Data

ENZO is an offline-first application. When you use ENZO without an internet connection:

  • All sales, inventory updates, and other changes are saved locally in your browser's IndexedDB
  • When your connection is restored, the app automatically syncs local data to the cloud
  • Conflict resolution is handled automatically, with timestamps used to determine the authoritative version of records

Local data on your device is subject to your browser's storage policies. Clearing your browser data or uninstalling the app may result in loss of locally-stored (unsynced) data. We strongly recommend ensuring your device syncs before clearing browser storage.

We do not have access to data that has not yet been synced to our servers.

Data Retention

We retain your data for as long as your account is active or as needed to provide the Service:

  • Active accounts: All data is retained for the duration of your account
  • Account deletion: Upon your request to delete your account, we will permanently delete your personal data within 30 days, except where retention is required by law (e.g., financial records required under Philippine tax regulations)
  • Backups: Backup copies may persist for up to 90 days after deletion before being purged from all backup systems
  • Anonymized analytics: Aggregate, anonymized usage data with no personally identifiable information may be retained indefinitely for product improvement purposes

Your Rights

Under the Philippine Data Privacy Act of 2012 and applicable international law, you have the following rights regarding your personal data:

Right to be Informed

You have the right to know what personal data we collect and how it is processed — which this policy provides.

Right to Access

You may request a copy of your personal data that we hold. You can export most of your business data directly from the ENZO app (Pro plan). For a full data export, contact us at [email protected].

Right to Rectification

You may update or correct your account information at any time through your account settings. For other corrections, contact our support team.

Right to Erasure (Right to be Forgotten)

You may request deletion of your account and associated personal data. To initiate this, go to Settings → Account → Delete Account in the app, or email us at [email protected].

Right to Data Portability

You may request your data in a machine-readable format (CSV/JSON). Pro users can export reports directly from the app.

Right to Object / Restrict Processing

You may object to or request restriction of certain processing activities (e.g., marketing emails). Use the unsubscribe link in emails or contact us directly.

Right to Lodge a Complaint

If you believe your data privacy rights have been violated, you may file a complaint with the National Privacy Commission of the Philippines at privacy.gov.ph.

To exercise any of these rights, contact us at [email protected]. We will respond within 15 business days in accordance with Philippine Data Privacy Act requirements.

Cookies & Tracking Technologies

We use the following types of storage and tracking technologies:

Essential Cookies & Storage

  • Authentication tokens: Stored in secure cookies or localStorage to keep you logged in
  • Session data: Temporary session information for security (CSRF protection, session state)
  • IndexedDB: Local database for offline-first functionality (contains your business data)

Performance & Analytics

  • We may use privacy-respecting analytics tools to understand how the application is used in aggregate. These tools do not track you across websites and do not use personal identifiers.

Meta Pixel (Facebook)

Our marketing website (enzopos.app) uses the Meta Pixel to measure the effectiveness of our advertising and to understand how visitors interact with our site. The Meta Pixel may collect information such as your IP address, browser type, pages visited, and actions taken on our website. This data is shared with Meta (Facebook) and is used to show you relevant ads on Facebook and Instagram, measure ad performance, and build audiences for advertising. You can control ad preferences in your Facebook Ad Settings.

You can control cookie preferences through your browser settings. Disabling essential cookies may prevent the application from functioning correctly.

Third-Party Services

ENZO integrates with the following third-party services. Please review their privacy policies:

Links to third-party websites on our landing page are provided for reference. We are not responsible for the privacy practices of third-party websites.

Live Chat (Tawk.to) & Meta Pixel

Tawk.to Live Chat

We use Tawk.to to provide a live chat widget on our website. When you use the chat to contact us:

  • Tawk.to may collect information such as your name, email (if you provide), IP address, browser information, and the content of your messages
  • We receive and store chat messages through Tawk.to so we can respond to your inquiries. We process this data in accordance with this Privacy Policy
  • Tawk.to's data practices are governed by their Privacy Policy

For questions about how we handle chat data, contact us at [email protected].

Meta Pixel

Our website uses products and services provided by Meta Platforms, Inc. ("Meta"). We use the Meta Pixel to measure ad effectiveness and understand visitor behavior. The Pixel may collect information including IP address, browser type, pages viewed, and actions taken. This data is shared with Meta and used for advertising purposes as described in the Cookies & Tracking section above. Meta's use of this data is governed by their Data Policy.

Your choices: You can control how Meta uses your data for advertising in your Facebook Ad Settings. To request deletion of data Meta holds about you, visit Meta's Data Deletion Instructions.

By using our website with the chat widget or while the Meta Pixel is active, you consent to the collection and processing of information by these services as described in their policies. You may use browser extensions or settings that block tracking pixels if you prefer not to have your data collected.

Children's Privacy

ENZO is a business application intended for use by adults and business owners. We do not knowingly collect personal information from individuals under 18 years of age. If we become aware that we have collected personal data from a minor without appropriate parental consent, we will take steps to delete that information promptly.

If you believe a minor has provided us with personal information, please contact us at [email protected].

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes:

  • We will update the "Last updated" date at the top of this page
  • We will notify you via email to the address on your account at least 14 days before changes take effect
  • For significant changes, we may also display a prominent notice within the application

Your continued use of ENZO after the effective date of any changes constitutes your acceptance of the updated policy.

Contact Us & Data Protection Officer

For any privacy-related questions, requests, or complaints, please contact us:

We aim to respond to all privacy-related inquiries within 15 business days. For urgent matters involving a potential data breach or security incident, we will respond within 72 hours as required by applicable law.

Last updated: February 23, 2026
← Back to Home Terms of Service →