Sign In

Privacy

Privacy Policy

Privacy Policy for Upsel

Last updated: 25/06/2025

At Upsel (“Upsel,” “we,” “us,” or “our”), we are committed to protecting your privacy and ensuring transparency in how we handle your data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our AI-driven business performance platform (the “Service”).

1. Information We Collect

To provide our Service, we collect and process data from various sources. This includes:

  • Account Information: When you create an account, we collect your name, email address, business name, and payment information.
  • Business Data from POS Systems: When you connect your Point of Sale (POS) system (e.g., Tevalis), we sync and store a copy of the following types of data (“Business Data”). Some of this information, such as employee names, may be considered Personally Identifiable Information (PII), which we handle with strict confidentiality.
    • Sales Data: Transaction details, items sold, revenue, and payment methods.
    • Staff Data: Employee names, roles, and performance metrics.
    • Product Data: Product catalogs, groups, and types.
    • Attendance Data: Staff clock-in/clock-out times and work hours.
  • Usage Data: We collect information about how you interact with our Service, such as features used and session duration, to help us improve our platform.

2. How We Use Your Information

Your information is used for the following purposes:

  • To Provide and Improve the Service: We use your Business Data to generate real-time dashboards, track Key Performance Indicators (KPIs), and provide you with actionable insights to enhance your business performance.
  • To Manage Your Account: We use your account information to manage your subscription, process payments, and communicate with you about service-related updates.
  • For Analytics and Development: We analyze aggregated and anonymized data to improve our algorithms, develop new features, and enhance the overall user experience. We will never use your specific Business Data for training our AI models without your explicit consent.
  • To Ensure Security: We monitor for and protect against fraudulent or unauthorized activity.

3. Data Storage and Security

We implement industry-standard security measures to protect your data. All Business Data is encrypted during transmission (TLS) and at rest. Our data is stored securely in Firestore, and access is strictly controlled by our backend services. We regularly review and update our security practices to protect your information from unauthorized access, disclosure, or destruction.

4. International Data Transfers

To provide you with the Service, we may store and process data in servers located outside of your home country, including in the United States. We take all necessary measures to ensure that your data is treated securely and in accordance with this Privacy Policy and applicable data protection laws.

5. Third-Party Integrations and Services

  • POS System Integration: Our Service relies on connecting to third-party POS systems like Tevalis. We only access the data necessary to provide our Service, as authorized by you. We are not responsible for the data practices of your POS provider.
  • Service Providers: We use trusted third-party services for functions such as payment processing (e.g., Stripe) and cloud hosting (e.g., Google Cloud). These providers are bound by confidentiality agreements and are prohibited from using your data for any other purpose.

6. Your Privacy Rights and Data Control

You have control over your data. You have the right to:

  • Access and Export Your Data: You can request access to or an export of your Business Data at any time.
  • Request Data Correction or Deletion: You can request that we correct inaccuracies or delete your Business Data. Please note that deleting certain data may impact your ability to use the Service.
  • Manage Permissions: You can revoke our access to your POS system at any time through your account settings, which will stop any future data synchronization.

GDPR Compliance

If you are a resident of the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR). These include the right to access, correct, update, or request deletion of your personal information. If you wish to exercise any of these rights, please contact us using the information below.

7. Data Retention

We retain your Business Data for as long as your account is active or as needed to provide you with the Service. If you cancel your subscription, we will retain your data for a limited period to allow for reactivation, after which it will be permanently deleted in accordance with our data retention policy. We may retain some anonymized data for analytical purposes.

8. Children’s Privacy

Our Service is intended for business users and is not directed at individuals under the age of 18. We do not knowingly collect personal information from children.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes via email or through the Service. Your continued use of the Service after such changes constitutes your acceptance of the updated policy.

10. Contact Information

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at:

Upsel
Level 2, 247 Cameron Road, Tauranga, 3110 , New Zealand
Email: [email protected]