Privacy Policy

Last updated: 04.05.2025

Welcome to Heksia! This Privacy Policy explains how we collect, use, and protect your personal information when you interact with our platform, including:

• Our website (https://heksia.io)
• Heksia Manager — our business dashboard (https://app.heksia.io)
• Our point-of-sale application

By using any part of our platform, you agree to the terms described in this policy.

1. Information We Collect

Website (https://heksia.io)

We only collect data that you voluntarily submit via contact forms:

• Full name
• Company name
• Email address
• Phone number

We do not use cookies or trackers.

Heksia Manager (https://app.heksia.io)

To use Heksia Manager, you need to create an account linked to your business. We collect and store the following information:

• Company details (name, address, VAT number, country)
• Product catalog (names, prices, tax rates, categories)
• Staff data (names, roles, login credentials, access levels)
• Sales history and receipts
• Accepted payment methods (e.g., cash, card)
• Tax configuration and regional tax rules
• Reports and analytics (e.g., daily revenue, X/Z-reports)
• Printer and device configuration

We also store limited technical logs (e.g., web server and application logs) to ensure service stability and detect abnormal activity. These logs do not include sensitive personal data or banking information.

Heksia POS application

The app is connected to your Heksia account and cloud backend. It collects:

• Sales and transaction data (receipts, payments, taxes, discounts)
• Employee usage data (e.g., cashiers using the POS)
• Device info (model, OS version, app version)
• Authentication/session data

The app requires an active internet connection to function. Data is not stored locally in offline mode.

2. How We Use Your Information

Your data is used to:

• Provide and maintain platform functionality
• Generate receipts, reports, invoices, and analytics
• Enable secure login and user management
• Respond to support requests
• Improve our services
• Comply with tax and legal obligations

3. Data Storage & Security

All data is stored securely in the cloud. We use encrypted communication (HTTPS) and secure storage with access controls. Only authorized staff have access to your data.

4. Third-Party Services

We use the following GDPR-compliant services:

• Cloudflare Turnstile — protects website forms from bots.
• Umami — anonymous analytics on the website.
• Resend — for sending transactional emails (receipts, account recovery).
• Sentry — used for error and crash reporting. It helps us identify bugs and improve app stability. Sentry may collect technical information such as device type, OS version, and the part of the app where an error occurred. We do not intentionally send personal data to Sentry. Sentry is GDPR-compliant and hosted in the EU.
• Adyen — optional payment integration. If enabled, Adyen is used to process in-person payments via card terminals. Transaction details (such as amount, terminal ID, and session ID) may be shared with Adyen to complete the payment. Adyen is PCI DSS compliant and operates under strict data protection regulations (GDPR, PSD2).

5. Data Sharing

We do not sell, rent, or share your personal data for advertising purposes. Data may be shared with legal authorities if required by law.

6. Your Rights

You have the right to:

• Access a copy of your data upon request
• Request correction or deletion
• Close your account

To exercise your rights, contact us at support@heksia.io.

6.1. Account Deletion

To request deletion of your Heksia account and all associated data, please send an email to:

📧 support@heksia.io
📌 Subject: Account Deletion Request

What will be deleted:

• All personal data of users and employees associated with your account, including names, roles, email addresses
• Login credentials and access data

What may be retained:

Certain business and transactional information may be retained for up to 5 years to comply with applicable tax and legal obligations (e.g., EU VAT regulations). This includes:

• Company name, VAT number, and country
• Store identifiers and related tax settings
• Receipts, sales history, tax reports, and invoice records

Deletion timeline:

Your request will be processed within 30 days. You will receive confirmation once your personal data has been erased and your account deactivated. Retained financial records will remain securely stored as required by law.

7. Data Retention

We retain your data for as long as your account is active and as required by law (e.g. for fiscal reports). You can request deletion at any time.

8. Children's Privacy

Our platform is not intended for users under 16 years old. We do not knowingly collect data from minors.

9. Changes to This Policy

This policy may be updated in the future. We will notify you of changes via the website or app interface. The latest version will always be available at heksia.io/privacy-policy.

10. Contact

If you have any questions, reach out to us at support@heksia.io.