How Astra POS collects, stores, processes, secures, and manages information across our platforms and services.
Effective Date: June 11, 2026
This Data Processing & Security Policy ("Policy") describes how Astra POS LLC ("Astra POS," "Company," "we," "our," or "us") collects, stores, processes, secures, and manages information through its software platforms, payment technologies, owner portal, technician portal, appointment booking systems, inventory tools, loyalty programs, gift card systems, payroll tools, reporting systems, and related services.
This Policy supplements the Privacy Policy, Software Subscription Agreement, Merchant Processing Services Addendum, Acceptable Use Policy, and Website Terms of Use. In the event of a conflict, the applicable customer agreement shall govern.
Astra POS LLC
3675 Crestwood Pkwy, Suite 310
Duluth, GA 30096
Phone: 770-680-4075
Email: info@myastrapos.com
Website: www.myastrapos.com
This Policy describes data ownership, data processing practices, security controls, storage practices, backup procedures, incident response procedures, and customer responsibilities. The objective is to protect merchant and customer information while ensuring reliable operation of Astra POS services.
Depending upon services used, Astra POS may process:
Business Information: business names, addresses, phone numbers, email addresses, and merchant account information.
Customer Information: names, email addresses, phone numbers, appointment history, purchase history, loyalty points, and gift card balances.
Employee & Technician Information: names, contact information, payroll records, commission records, and scheduling information.
Transaction Information: transaction amounts, transaction dates, transaction identifiers, and payment status information.
Inventory Information: product records, service records, stock counts, and purchase records.
Merchant retains ownership of all business data entered into Astra POS systems, including customer records, sales records, inventory records, appointment records, technician records, loyalty records, gift card records, and payroll records. Astra POS does not claim ownership of Merchant data. Merchant grants Astra POS a limited right to store, process, transmit, backup, and secure data solely for purposes of providing services.
Data may be stored using Amazon Web Services (AWS) or other reputable cloud infrastructure providers. Storage locations may change based on system performance, security requirements, regulatory considerations, and operational needs. Data may be stored in the United States and other authorized jurisdictions.
Astra POS maintains commercially reasonable safeguards including:
Access Controls: user authentication, password protection, and role-based permissions.
Network Security: firewalls, monitoring systems, and threat detection systems.
Data Protection: encryption in transit, encryption at rest where appropriate, and secure transmission protocols.
Administrative Controls: access limitations, security reviews, and user permission management.
No security system can guarantee complete protection against every threat.
Merchants are responsible for protecting credentials, maintaining password confidentiality, managing user access, and promptly disabling former employees. Astra POS is not responsible for losses resulting from compromised user credentials.
Payment card information is processed through approved payment processing systems. Astra POS does not intentionally store full card numbers except where permitted and necessary for authorized services. Card data handling remains subject to PCI DSS requirements, processor requirements, and card network requirements.
Astra POS may perform periodic backups of customer information. Backups are intended to support system recovery, disaster recovery, and operational continuity. Backup schedules may vary. Astra POS does not guarantee recovery of all data under every circumstance. Merchants are encouraged to maintain independent copies of critical business records.
Astra POS maintains reasonable business continuity procedures designed to address hardware failures, cloud infrastructure disruptions, cybersecurity incidents, data corruption events, and natural disasters. Recovery timelines may vary depending on the nature and severity of the incident.
If Astra POS becomes aware of a confirmed security incident affecting customer data, Astra POS may investigate the incident, mitigate risks, notify affected parties where required by law, and cooperate with regulatory authorities. Notification timelines shall be determined by applicable legal requirements and the circumstances of the event.
Merchant is responsible for maintaining secure devices, maintaining antivirus protection, updating operating systems, managing employee access, securing local networks, and training staff on security practices. Security is a shared responsibility between Astra POS and Merchant.
Data may be retained for service delivery, legal compliance, dispute resolution, regulatory requirements, and system maintenance. Retention periods may vary depending on data type and applicable law.
Merchants may request available exports of business data subject to verification procedures, outstanding balances, technical limitations, and legal requirements. Data export formats may vary.
Astra POS may utilize third-party providers for cloud hosting, payment processing, email communications, SMS communications, monitoring services, and analytics services. Third-party providers may process information as necessary to provide services.
Astra POS personnel with access to customer data are expected to maintain confidentiality consistent with business and operational requirements. Access is limited to personnel with legitimate business needs.
TO THE MAXIMUM EXTENT PERMITTED BY LAW, ASTRA POS SHALL NOT BE LIABLE FOR DATA LOSS, DATA CORRUPTION, CYBERATTACKS, THIRD-PARTY BREACHES, INTERNET FAILURES, AWS OUTAGES, LOST PROFITS, LOST REVENUE, BUSINESS INTERRUPTION, OR CONSEQUENTIAL DAMAGES. ASTRA POS'S TOTAL LIABILITY SHALL NOT EXCEED THE TOTAL FEES PAID BY MERCHANT DURING THE PRECEDING TWELVE (12) MONTHS.
Astra POS shall not be liable for delays or failures caused by circumstances beyond its reasonable control, including internet outages, AWS outages, cyberattacks, utility failures, natural disasters, government actions, labor disruptions, pandemics, and telecommunications failures.
Merchant agrees to indemnify and hold harmless Astra POS, its officers, members, employees, contractors, and affiliates from claims arising from Merchant security failures, employee misuse, customer disputes, regulatory violations, data misuse by Merchant, and privacy violations by Merchant, including attorneys' fees and costs.
This Policy shall be governed by the laws of the State of Georgia.
Any dispute arising from this Policy shall be resolved through binding arbitration in Gwinnett County, Georgia. The parties waive any right to trial by jury.
All disputes shall be resolved individually. Neither party may participate in class action or representative proceedings.
The prevailing party in any dispute shall be entitled to recover reasonable attorneys' fees, costs, and expenses.
Astra POS may update this Policy from time to time. Updated versions will become effective upon posting or other notice. Continued use of services constitutes acceptance of revised terms.
Astra POS LLC
3675 Crestwood Pkwy, Suite 310
Duluth, GA 30096
Phone: 770-680-4075
Email: info@myastrapos.com
Website: www.myastrapos.com