Privacy Policy

Last updated: April 25, 2026

What information do we collect?

RetailTill stores the data you enter into the system: staff accounts, customer records, products, and completed transactions. We also collect minimal technical data such as login timestamps and IP addresses for security.

How is payment data handled?

Card payments are processed by Stripe. RetailTill never sees full card numbers, CVC codes, or PINs. We store only the Stripe payment intent ID for your reference, and Stripe is responsible for PCI-DSS compliant storage of card details.

Do we use cookies?

Yes. RetailTill uses a session cookie to keep you signed in and a small localStorage entry to remember your cookie consent. We do not run third-party advertising trackers on the application itself.

How long do we retain data?

Transaction records are retained for as long as your store account is active, since you are typically required to keep sales records by law. You may delete your account and all associated data on request.

Who do we share your data with?

We share data only with the third-party services strictly required to operate the system: Stripe for payments and PHPMailer SMTP providers for receipt emails. We never sell or share data for marketing.

What are your rights?

You may request a full export of your data, ask us to delete it, or correct inaccurate information. Contact us at admin@retailtill.com with any questions.

How do we secure data?

All passwords are hashed with bcrypt. Sessions use HTTP-only cookies with SameSite=Strict. The site is served over HTTPS, and database queries use prepared statements to prevent SQL injection.