Legal

Data Processing & Security Policy

How Astra POS collects, stores, processes, secures, and manages information across our platforms and services.

Effective Date: June 11, 2026

This Data Processing & Security Policy ("Policy") describes how Astra POS LLC ("Astra POS," "Company," "we," "our," or "us") collects, stores, processes, secures, and manages information through its software platforms, payment technologies, owner portal, technician portal, appointment booking systems, inventory tools, loyalty programs, gift card systems, payroll tools, reporting systems, and related services.

This Policy supplements the Privacy Policy, Software Subscription Agreement, Merchant Processing Services Addendum, Acceptable Use Policy, and Website Terms of Use. In the event of a conflict, the applicable customer agreement shall govern.

1. Company Information

Astra POS LLC
3675 Crestwood Pkwy, Suite 310
Duluth, GA 30096
Phone: 770-680-4075
Email: info@myastrapos.com
Website: www.myastrapos.com

2. Purpose

This Policy describes data ownership, data processing practices, security controls, storage practices, backup procedures, incident response procedures, and customer responsibilities. The objective is to protect merchant and customer information while ensuring reliable operation of Astra POS services.

3. Data We Process

Depending upon services used, Astra POS may process:

Business Information: business names, addresses, phone numbers, email addresses, and merchant account information.

Customer Information: names, email addresses, phone numbers, appointment history, purchase history, loyalty points, and gift card balances.

Employee & Technician Information: names, contact information, payroll records, commission records, and scheduling information.

Transaction Information: transaction amounts, transaction dates, transaction identifiers, and payment status information.

Inventory Information: product records, service records, stock counts, and purchase records.

4. Customer Data Ownership

Merchant retains ownership of all business data entered into Astra POS systems, including customer records, sales records, inventory records, appointment records, technician records, loyalty records, gift card records, and payroll records. Astra POS does not claim ownership of Merchant data. Merchant grants Astra POS a limited right to store, process, transmit, backup, and secure data solely for purposes of providing services.

5. Data Storage

Data may be stored using Amazon Web Services (AWS) or other reputable cloud infrastructure providers. Storage locations may change based on system performance, security requirements, regulatory considerations, and operational needs. Data may be stored in the United States and other authorized jurisdictions.

6. Security Controls

Astra POS maintains commercially reasonable safeguards including:

Access Controls: user authentication, password protection, and role-based permissions.

Network Security: firewalls, monitoring systems, and threat detection systems.

Data Protection: encryption in transit, encryption at rest where appropriate, and secure transmission protocols.

Administrative Controls: access limitations, security reviews, and user permission management.

No security system can guarantee complete protection against every threat.

7. Password Security

Merchants are responsible for protecting credentials, maintaining password confidentiality, managing user access, and promptly disabling former employees. Astra POS is not responsible for losses resulting from compromised user credentials.

8. Payment Card Data

Payment card information is processed through approved payment processing systems. Astra POS does not intentionally store full card numbers except where permitted and necessary for authorized services. Card data handling remains subject to PCI DSS requirements, processor requirements, and card network requirements.

9. Backup Procedures

Astra POS may perform periodic backups of customer information. Backups are intended to support system recovery, disaster recovery, and operational continuity. Backup schedules may vary. Astra POS does not guarantee recovery of all data under every circumstance. Merchants are encouraged to maintain independent copies of critical business records.

10. Disaster Recovery

Astra POS maintains reasonable business continuity procedures designed to address hardware failures, cloud infrastructure disruptions, cybersecurity incidents, data corruption events, and natural disasters. Recovery timelines may vary depending on the nature and severity of the incident.

11. Data Breach Response

If Astra POS becomes aware of a confirmed security incident affecting customer data, Astra POS may investigate the incident, mitigate risks, notify affected parties where required by law, and cooperate with regulatory authorities. Notification timelines shall be determined by applicable legal requirements and the circumstances of the event.

12. Customer Responsibilities

Merchant is responsible for maintaining secure devices, maintaining antivirus protection, updating operating systems, managing employee access, securing local networks, and training staff on security practices. Security is a shared responsibility between Astra POS and Merchant.

13. Data Retention

Data may be retained for service delivery, legal compliance, dispute resolution, regulatory requirements, and system maintenance. Retention periods may vary depending on data type and applicable law.

14. Data Exports

Merchants may request available exports of business data subject to verification procedures, outstanding balances, technical limitations, and legal requirements. Data export formats may vary.

15. Third-Party Providers

Astra POS may utilize third-party providers for cloud hosting, payment processing, email communications, SMS communications, monitoring services, and analytics services. Third-party providers may process information as necessary to provide services.

16. Confidentiality

Astra POS personnel with access to customer data are expected to maintain confidentiality consistent with business and operational requirements. Access is limited to personnel with legitimate business needs.

17. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, ASTRA POS SHALL NOT BE LIABLE FOR DATA LOSS, DATA CORRUPTION, CYBERATTACKS, THIRD-PARTY BREACHES, INTERNET FAILURES, AWS OUTAGES, LOST PROFITS, LOST REVENUE, BUSINESS INTERRUPTION, OR CONSEQUENTIAL DAMAGES. ASTRA POS'S TOTAL LIABILITY SHALL NOT EXCEED THE TOTAL FEES PAID BY MERCHANT DURING THE PRECEDING TWELVE (12) MONTHS.

18. Force Majeure

Astra POS shall not be liable for delays or failures caused by circumstances beyond its reasonable control, including internet outages, AWS outages, cyberattacks, utility failures, natural disasters, government actions, labor disruptions, pandemics, and telecommunications failures.

19. Indemnification

Merchant agrees to indemnify and hold harmless Astra POS, its officers, members, employees, contractors, and affiliates from claims arising from Merchant security failures, employee misuse, customer disputes, regulatory violations, data misuse by Merchant, and privacy violations by Merchant, including attorneys' fees and costs.

20. Governing Law

This Policy shall be governed by the laws of the State of Georgia.

21. Arbitration

Any dispute arising from this Policy shall be resolved through binding arbitration in Gwinnett County, Georgia. The parties waive any right to trial by jury.

22. Class Action Waiver

All disputes shall be resolved individually. Neither party may participate in class action or representative proceedings.

23. Attorneys' Fees

The prevailing party in any dispute shall be entitled to recover reasonable attorneys' fees, costs, and expenses.

24. Modifications

Astra POS may update this Policy from time to time. Updated versions will become effective upon posting or other notice. Continued use of services constitutes acceptance of revised terms.

25. Contact Information

Astra POS LLC
3675 Crestwood Pkwy, Suite 310
Duluth, GA 30096
Phone: 770-680-4075
Email: info@myastrapos.com
Website: www.myastrapos.com