Privacy Policy for XtraPOS Cloud

Last Updated: March 2026

​

1. Introduction

​

XtraPOS Cloud, operated by Progressive Information Systems Ltd ("we," "us," or "our"), provides a cloud-based Point of Sale (POS) solution. We are committed to protecting the privacy of our Merchants and their customers in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act (Cap. 586 of the Laws of Malta).

​​

2. Data

​

We Process As a Data Processor, we handle the following information on behalf of the Merchant (the Data Controller):

• Transaction Data: Sales totals, VAT breakdown, payment methods, and timestamps.

• Inventory Data: Product names, SKUs, stock levels, and pricing.

• Customer Data: Names, emails, and phone numbers (if the Merchant utilises loyalty features).

• Integration Data: We access your third party data to facilitate automated syncing of retail sales and payments.

​​

3. Purpose of Processing

​

We process this data solely to:

• Facilitate retail transactions at the point of sale.

• Provide real-time inventory and sales reporting via our cloud dashboard.

• Automate accounting entries by syncing data to your connected Accounting System.

​​

4. Data Security

​

All data is encrypted in transit using SSL/TLS (HTTPS) and stored on secure cloud servers within the European Union. We implement strict access controls to ensure only authorized personnel can support your account.

​​

5. Third-Party Sharing

​

We do not sell or lease your data. Data is only shared with third parties upon your explicit authorization through the OAuth connection process.

​​

6. Your Rights

​

Under GDPR, you have the right to access, rectify, or request the deletion of your personal data. Please contact us via https://www.xtrapos.com/contact for any data-related inquiries.