Personal Data Processing Policy
This English version should be reviewed by legal counsel before production use.
Introduction
This Policy describes how personal data is collected, used, stored and protected in Neitben POS, developed and operated by One Consulting SAS.
It is part of the Terms and Conditions and is governed by Colombian Law 1581 of 2012, Decree 1377 of 2013, Law 1266 of 2008 and applicable Colombian rules.
1. Controller and Processor
Data Controller: each Business that uses Neitben POS to record transactions with customers, suppliers and employees.
Data Processor: One Consulting SAS, which operates the platform and processes data on behalf of the Controller.
Processor details: Cll 8A #88-90, Bogotá D.C., info@oneconsultingsas.com, cedeno@neitbenpos.com, +57 318 657 3560 and +57 320 923 9191.
2. Legal framework
Applicable rules include Law 1581 of 2012, Decree 1377 of 2013, Law 1266 of 2008, Law 527 of 1999 and related rules. The competent authority is the Superintendence of Industry and Commerce.
3. Data collected
Business customers: name, document, phone, email and address. Suppliers: name, tax ID, address, phone and email.
System users: username, display name, role and hashed PIN. Transactions: sales, purchases, expenses, payments, cash and inventory associated with the Business.
Technical data: device identifier, operating system, app version, sync logs and anonymized error logs for diagnostics.
4. Purposes
Data is used to record transactions, manage customer credit and payables, generate reports, enable WhatsApp communications, sync devices, provide support, improve the platform and comply with legal obligations.
Data is never sold, rented or shared for advertising purposes.
5. Legal basis
Processing is based on consent, contractual performance, legitimate interest to improve and protect the service, and applicable legal obligations.
6. Storage and security
Data is stored primarily in SQLite inside the Business device for offline operation. If synchronization is enabled, it is replicated to PostgreSQL with HTTPS/TLS 1.3 encryption in transit, JWT authentication and multi-tenant isolation.
Security measures include security headers, encrypted backups, bcrypt-hashed passwords, PBKDF2-SHA256 cashier PINs and restricted access for authorized personnel.
7. Third-party integrations
The platform may rely on ePayco, Wompi, Google Play, Android, WhatsApp, Sentry, PostHog, Hostinger and MinIO. Their use is governed by their own policies.
8. Data subject rights
Data subjects may access, rectify, delete, object, revoke consent, request portability and file complaints before the Colombian authority.
To exercise rights, write to cedeno@neitbenpos.com with the subject Personal data rights request. The Processor will respond within legal timelines.
9. Transfer, retention and minors
Data is not transferred to third parties for purposes other than service provision. If international sub-processors process data, equivalent guarantees are required.
Data is retained while the Account is active. After closure, it remains available for export for 30 days and is then deleted, unless legal retention applies.
The platform is aimed at businesses and professionals. It does not intentionally collect data from minors under 18.
10. Cookies, validity and contact
The website uses essential technical cookies. Analytics cookies are activated only after explicit visitor consent.
This Policy may be updated. Substantial changes will be notified at least 15 days in advance.
Contact: One Consulting SAS, cedeno@neitbenpos.com, info@oneconsultingsas.com, +57 320 923 9191.