Privacy Policy

This Privacy Policy explains how Karma Tab Holdings Limited ("Karma Tab", "we", "us", or "our") and its affiliates collect, use, disclose, store, and protect your personal information when you use our websites, applications, and services (collectively, the "Services").

We are committed to processing personal data transparently, responsibly, and in full compliance with the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong, the General Data Protection Regulation (EU Regulation 2016/679) ("GDPR"), and other applicable international privacy regulations.

1. Company Information

2. Definitions

• "Services" means Karma Tab point of sale and inventory management software, mobile and web applications, dashboards, APIs, and any other functionality offered by us, including www.karmatabpos.com.
• "Customer" or "Merchant" means any person or entity who registers to use the Services by creating a Karma Tab account.
• "You" refers to the Customer and (where applicable) authorized users, employees, or consumers of the Customer.
• "Personal Data" means any information relating to an identifiable individual, directly or indirectly, including name, identification number, email address, location data, or online identifiers.

3. Data Controller and Processor Roles

Depending on context, Karma Tab acts as:

• A Controller for data of our Customers and website visitors
• A Processor for data of end-consumers and employees collected or uploaded by our Customers

For GDPR or privacy-related matters, contact our Data Protection Officer at dpo@karmatabpos.com.

4. Types of Personal Data We Collect

We collect the following categories of information:

5. Legal Basis for Processing

We process personal data only where a lawful basis exists, including:

• To perform a contract (provide Services, support, and billing)
• Based on legitimate interest (improving Services, preventing fraud, marketing to existing users)
• To comply with legal obligations
• Based on your consent (for marketing or optional features)

You may withdraw your consent at any time by contacting dpo@karmatabpos.com.

6. How We Use Your Data

We use personal information for the following purposes:

• To enable and operate the Karma Tab Services
• To process transactions, send invoices, and manage subscriptions
• To provide customer support and technical assistance
• To send administrative updates and security notifications
• To send marketing communications (only if you opt-in)
• To improve our Services through analytics and feedback
• To comply with applicable laws and prevent fraudulent activities

7. Sharing & Disclosure

We may share data with:

• Service Providers and Business Partners who assist in hosting, payment processing, analytics, and customer support (under strict confidentiality agreements)
• Legal authorities, when required by law or to protect our rights
• Corporate affiliates within Karma Tab Group under controlled and compliant data-transfer agreements
• In case of merger or acquisition, where data transfer is part of business reorganization

We do not sell personal data to third parties.

8. International Data Transfers

Your data may be transferred to and processed in countries outside your residence (e.g., Hong Kong, Singapore, the EU, or the United States). All transfers comply with applicable data protection laws and use recognized safeguards such as Standard Contractual Clauses or adequacy decisions.

9. Data Retention

We retain your personal data only as long as necessary to:

• Provide Services
• Meet legal, tax, and accounting obligations
• Resolve disputes or enforce agreements

Once data is no longer needed, it will be securely deleted or anonymized.

10. Security Measures

We employ organizational, technical, and physical measures to safeguard your data, including:

• Data encryption (TLS/HTTPS in transit, encryption at rest for sensitive data)
• Secure access controls and multi-factor authentication
• Regular security audits and restricted access for staff
• Hosting in ISO 27001-certified data centers

However, no internet transmission is 100% secure, and we cannot guarantee absolute security.

11. Your Rights

Depending on applicable law (e.g., GDPR, PDPO), you have the right to:

• Access your personal data
• Request correction or deletion
• Restrict or object to processing
• Data portability
• Withdraw consent
• Lodge a complaint with a data protection authority

To exercise these rights, contact our DPO at dpo@karmatabpos.com.

12. Children's Privacy

Our Services are not directed to individuals under 16 years of age. We do not knowingly collect information from children. If you believe a child has provided personal data, please contact us immediately at dpo@karmatabpos.com.

13. Cookies & Tracking Technologies

We use cookies and similar technologies for session management, analytics, and marketing optimization. You may adjust your browser settings to decline cookies, but this may limit some Service functionality. A detailed Cookies Policy is available on our website.

14. Updates to This Policy

We may update this Privacy Policy periodically. Revisions will be posted on this page with an updated effective date. If material changes occur, we will notify you through the Service or by email.

Your continued use of the Services after such updates constitutes acceptance of the revised Privacy Policy.

15. Contact Us