Your privacy, our promise

This Privacy Policy describes how Tidar Cashless ("we", "us", or "our") handles personal information when you use our cashless event payment platform, including our website, dashboard, point-of-sale (POS), and digital wallet experiences (collectively, the "Service").

By using the Service you agree to the practices described here. If you do not agree, please do not use the Service.

We collect information in three main ways:

• Information you provide. Account details (name, email, phone), merchant profiles, event configuration, product catalogs, and communications you send us.
• Information generated by use. Transactions, top-ups, refunds, order history, wallet balances, merchant-assigned events, and logs produced by the POS and dashboard.
• Technical information. Device type, browser, IP address, approximate location, and usage analytics collected via cookies and similar technologies.

We use information to:

• Operate the Service, including authentication and payments.
• Generate receipts, reports, and reconciliation data for organizers and merchants.
• Detect and prevent fraud, abuse, and security incidents.
• Communicate service updates, support responses, and — with your consent — product news.
• Improve the Service and develop new features.
• Comply with legal obligations and enforce our Terms.

We do not sell personal information. We only share data when needed to run the Service:

• Event organizers and merchants you transact with, for the purpose of processing orders and delivering goods or services at their events.
• Service providers (hosting, database, email, analytics, payment processors) under data-processing agreements.
• Authorities when required by law, court order, or to protect rights, property, or safety.
• In a business transfer (merger, acquisition), subject to equivalent privacy protections.

We retain personal information only as long as necessary to provide the Service and for legitimate business or legal purposes — typically: account data while your account is active, transaction records for up to 10 years to meet accounting and tax obligations, and logs for a shorter security-defined window.

We use industry-standard measures to protect your data, including transport encryption (TLS), encryption at rest, fine-grained database access rules (Row-Level Security), least-privilege API access, and audit logs. No system is perfectly secure — please help us by using strong passwords and reporting suspicious activity.

Depending on your location, you may have the right to:

• Access the personal information we hold about you.
• Correct inaccurate or incomplete information.
• Request deletion of your personal information, subject to legal retention duties.
• Object to, or restrict, certain processing.
• Receive a portable copy of your data.
• Withdraw consent where processing is based on consent.

To exercise these rights, contact us at [email protected]. We respond within a reasonable timeframe and may ask for verification of your identity.

We use a minimal set of cookies to keep you signed in, remember preferences, and measure aggregate usage. You can control cookies via your browser settings; disabling essential cookies may break parts of the Service.

The Service is not directed to children under 13 (or the minimum age required by local law). We do not knowingly collect personal information from children. If you believe a child has provided us with data, please contact us and we will delete it.

Your data may be processed in countries other than your own. When we transfer personal data internationally, we rely on appropriate safeguards such as standard contractual clauses and reputable cloud providers with strong privacy commitments.

We may update this policy from time to time. Material changes will be announced on this page with a revised "Last updated" date. Continued use of the Service after changes means you accept the updated policy.

Questions or requests about this policy? Email [email protected]. We'll do our best to help.