Your privacy matters. This policy explains what data we collect, why, and what we do with it. The short version: your store data stays on your hardware, we don't sell your information, and we don't put ads on your display.
1. Who We Are
Brega LLC ("we," "us," "our") is a New Jersey company that provides point-of-sale software for convenience stores and bodegas. This policy covers data collected through our POS software, cloud portal, and website.
2. Data That Stays Local (On Your Hardware)
The following data is stored only on your local machine and is never transmitted to us unless you explicitly share it:
- Product catalog and inventory
- Sales transactions and receipts
- Customer names, phone numbers, and loyalty data
- Employee names, PINs, and time clock records
- Financial reports and daily close records
- Kitchen orders and display ads you create
We do not have access to this data. It lives on your hardware and you control it completely.
3. Data We Collect
3a. Account Information
When you purchase a subscription, we collect:
- Store name, owner name, email address
- Billing information (processed by Stripe — we never see your full card number)
- License key and activation status
Why: To create your account, process payments, and manage your license.
3b. System Health Data
Your POS periodically sends us:
- Software version and uptime
- Error logs (technical errors only, no transaction data)
- Machine fingerprint (hostname, hardware ID — for license binding)
Why: To monitor system health, push updates, and diagnose issues proactively.
3c. Anonymized Operational Data
As part of the Service, the POS collects and transmits anonymized, aggregated operational data including:
- Category-level sales velocity (not individual transactions)
- Traffic patterns (busy hours, not customer identities)
- Payment method distribution (percentage by type)
- Inventory movement and product performance trends
- Basket analysis and promotional effectiveness
Why: This data powers industry benchmarks, product improvement, and business intelligence services. All data is anonymized — it cannot be traced back to individual customers, specific transactions, or your store's identity. No personally identifiable information is included in these transmissions.
This data collection is a standard part of the Brega service and is included in all subscription tiers.
3d. Website Analytics
Our website may use basic analytics (page views, referral source). We do not use tracking cookies for advertising.
4. What We Do NOT Do
- We do not display third-party ads on your customer display or POS.
- We do not share identifiable store data with your competitors or distributors.
- We do not access your local database without your explicit permission.
- We do not use tracking pixels, retargeting, or behavioral advertising.
- We do not include personally identifiable customer information in any data we collect.
5. How We Protect Your Data
- License keys are signed with HMAC-SHA256 cryptographic signatures.
- All portal communications use TLS encryption (HTTPS).
- Payment processing is handled by Stripe, a PCI DSS Level 1 certified processor.
- Accounting tokens (QuickBooks, Xero) are encrypted at rest with AES-256-GCM.
- Employee PINs are hashed with bcrypt on your local system.
- Portal access is protected by rate limiting and API key authentication.
6. Data Sharing
We share data only with:
- Stripe — for payment processing (billing info only)
- Forage — for EBT/SNAP processing (if you enable EBT, transaction data goes to Forage per USDA requirements)
- QuickBooks / Xero — only if you enable accounting sync, and only the data you choose to sync
- Law enforcement — only if legally required by valid court order or subpoena
7. Data Retention
- Local data: Stays on your hardware indefinitely. You control deletion.
- Account information: Retained while your account is active. Deleted within 90 days of account closure upon request.
- System health logs: Retained for 90 days, then automatically purged.
- Anonymized operational data: Retained indefinitely (cannot be traced to individuals).
- Payment records: Retained as required by tax law (typically 7 years).
8. Your Rights
You have the right to:
- Access your data — request a copy of all data we hold about you.
- Correct your data — update your account information at any time.
- Delete your data — request deletion of your account and associated data.
- Export your local data using the built-in backup feature.
- Port your data — your local database is standard MySQL, fully exportable.
To exercise any of these rights, contact privacy@getbrega.com.
9. Children's Privacy
The Service is intended for business use by adults. We do not knowingly collect data from children under 13.
10. Changes to This Policy
We may update this policy from time to time. We will notify you of material changes via email or through the POS system. The "last updated" date at the top reflects the most recent revision.
11. Contact
Questions about your privacy? Contact us: