1. Introduction
Welcome to Lunivo Labs. We are committed to protecting your privacy and ensuring your personal and business data is handled securely in compliance with the Personal Data Protection Act No. 9 of 2022 of Sri Lanka. This policy outlines how we handle the information required to provide the Lunivo POS software and related hardware.
2. Information Stored on Your Behalf (Client Data)
To provide the Lunivo POS service, our servers securely host the data you input into the system. We do not use, mine, or sell this data; it remains strictly yours. This includes:
- Operational Data: Store inventory, sales logs, and employee details entered into the Lunivo POS system. This data is stored solely so your POS system functions correctly and can be accessed by you from anywhere.
- Automated System Data: Usage logs, IP addresses, and device information. Our servers automatically log this basic technical data purely for security purposes (such as maintaining secure login sessions, preventing fraud, and troubleshooting system errors).
Your operational data belongs to you. Lunivo Labs does not use, mine, or sell client data stored within the Lunivo POS platform.
3. Information We Collect (Account & Billing)
To manage your subscription and fulfill your orders, we collect the following business information:
- Account Information: Name, email address, phone number, and business details provided during registration.
- Financial Data: Billing information required to process your Monthly, Yearly, or Lifetime subscriptions, as well as hardware bundle purchases.
4. How We Use Your Information
The Account and Billing data we collect is processed strictly for legitimate business operations, including:
- Providing, maintaining, and supporting the Lunivo POS software.
- Fulfilling hardware orders (Essential Desktop, Single-Screen, and Dual-Screen sets).
- Processing subscription payments and issuing invoices.
- Generating automated Sunday Google Drive backups for your business.
- Complying with legal obligations, including Sri Lankan VAT and SSCL (RAMIS) reporting requirements.
5. Data Security & Storage
We implement rigorous technical measures to protect your data against unauthorized access. Our security infrastructure includes:
- Bcrypt Hashing for all user passwords.
- CSRF Protection across the web application.
- Multi-Tenant Data Isolation to ensure your store's data is strictly separated from other clients.
- 64-Point Granular Staff Permission Matrices to help you control internal access.
6. Your Data Protection Rights
Under the Sri Lankan PDPA, you possess the following rights regarding your personal data:
- Right of Access: You may request a copy of the personal data we hold about you.
- Right to Rectification: You may ask us to correct inaccurate or incomplete data.
- Right to Erasure: You may request the deletion of your personal data under certain conditions.
- Right to Withdraw Consent: You may withdraw your consent for data processing at any time.
7. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:
- Email: lunivolabs@gmail.com
- Phone: +94 77 843 4126
- Location: Matale, Sri Lanka