Privacy Policy

Last updated: 30 April 2026

GraphRetail("we", "us", "our") operates the graphretail.com website and the GraphRetail platform. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service. By using our Service, you consent to the data practices described in this policy.

1. Information We Collect

We collect the following types of information across all modules of the Service:

  • Account information: Your name, email address, password (hashed), company name, and store details when you create an account.
  • Staff data: Names, email addresses, roles, and permissions for staff accounts you create within the Service.
  • Transaction data (POS): Sales records, payment methods, receipt details, refund records, gift card balances, and held sale data processed through the Point of Sale module.
  • Inventory data: Product catalogues, stock levels, purchase orders, supplier information, and stock transfer records entered into the Inventory module.
  • Customer data (CRM): Information about your customers that you store in our CRM, including names, contact details, purchase history, and segmentation tags.
  • Repair data: Repair job records, device details, repair status history, parts used, customer notifications, and repair-specific invoices managed through the Repair Tracking module.
  • Invoicing data: Invoice records, recurring invoice configurations, payment terms, and PDF-generated invoice content.
  • Marketing data: Campaign records, recipient lists, message content, and delivery status for SMS and email campaigns sent via the Marketing module.
  • Analytics & reporting data: Dashboard metrics, KPI snapshots, revenue reports, and performance data generated from your usage.
  • Usage data: How you interact with the platform, including pages visited, features used, and actions taken.
  • Device information: Browser type, operating system, IP address, and device identifiers.

2. How We Use Your Information

We use the collected information to:

  • Provide, operate, and maintain all modules of the GraphRetail platform
  • Process POS transactions and generate receipts and invoices
  • Track inventory levels and facilitate stock transfers between your locations
  • Manage repair workflows and send customer status notifications
  • Generate and deliver invoices, including recurring invoices
  • Provide CRM features including customer profiles and purchase history
  • Facilitate marketing campaigns via SMS and email integrations
  • Provide AI-powered features including sales coaching, executive reports, analytics insights, and upsell recommendations
  • Generate dashboard analytics, reports, and KPI metrics
  • Send you technical notices, updates, and support messages
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and enforce our Terms of Service

3. AI Data Processing

Our Service includes AI-powered features that process your business data to provide analytics, sales coaching, executive reports, and automated upsell recommendations. When using AI features:

  • Your data may be processed by third-party AI model providers to generate responses and insights
  • We transmit only the minimum data necessary to provide the requested AI functionality
  • We do not use your business data to train general-purpose AI models
  • AI outputs are generated algorithmically and we make no guarantees regarding their accuracy

4. Data Storage and Security

We are committed to maintaining the highest standards of data protection. Your data is stored in tenant-isolated databases on infrastructure we operate or that is operated by third-party providers on our behalf. Our security measures include:

  • Automated encrypted backups with off-site replication
  • Automated backup integrity verification and restoration testing
  • Encryption in transit (HTTPS/TLS) and at rest
  • Tenant-isolated database architecture
  • Role-based access controls and audit logging
  • Continuous infrastructure monitoring and alerting

Important: While we implement rigorous, enterprise-grade security and backup measures, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security or preservation of your data, and you acknowledge that you transmit data to us at your own risk. We shall not be liable for any unauthorised access to, alteration of, or destruction of your data, whether through breach of our security, software errors, or any other cause. See our Terms of Service for full liability disclaimers.

5. Data Retention

We retain your data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements. Upon account termination:

  • You may request export of your data within 30 days, subject to technical feasibility
  • We may delete your data after the 30-day window without further notice
  • We are under no obligation to maintain, archive, or return your data after deletion
  • Certain aggregated, anonymised data may be retained indefinitely for analytics purposes

6. Data Sharing

We do not sell, trade, or rent your personal information. We may share data with:

  • Service providers: Third-party services that help us operate the platform, including Stripe (payment processing), Twilio (SMS/communications), AI model providers, and cloud hosting infrastructure.
  • Legal requirements: When required by law, regulation, subpoena, or legal process.
  • Business transfers: In connection with a merger, acquisition, or sale of assets.
  • Protection of rights: When disclosure is necessary to protect our rights, your safety, or the safety of others.

7. Multi-Tenant Data Isolation

The GraphRetailplatform operates a multi-tenant architecture where each customer's data is logically isolated in separate databases. Your data is never accessible to or shared with other tenants. Staff accounts you create operate within your tenant boundary and are subject to the role-based access controls you configure.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. By using our Service, you consent to the transfer of your information to such countries, which may have different data protection laws.

9. Your Rights

Subject to applicable law, you have the right to:

  • Access and receive a copy of your personal data
  • Correct inaccurate personal data
  • Request deletion of your personal data
  • Object to processing of your personal data
  • Export your data in a portable format
  • Withdraw consent where processing is based on consent

To exercise these rights, contact us at privacy@graphretail.com.

10. Your Customer Data Obligations

When you store your customers' personal data within the CRM, Marketing, or Repair modules, you act as the data controller for that information. You are solely responsible for:

  • Obtaining appropriate consent from your customers to store and process their data
  • Complying with applicable privacy laws (including the Australian Privacy Act 1988)
  • Responding to your customers' data access, correction, or deletion requests
  • Ensuring marketing communications comply with anti-spam legislation

11. Cookies

We use essential cookies to maintain your session and remember your preferences. We do not use third-party tracking cookies or advertising cookies.

12. Children's Privacy

Our services are intended for business use and are not directed at individuals under 18. We do not knowingly collect personal information from children.

13. Your Data Backup Responsibility

Important: While we maintain enterprise-grade backup and recovery infrastructure, you are solely responsible for maintaining independent backups of your critical business data. We strongly recommend exporting and backing up your data regularly. We are not liable for any data loss, corruption, or destruction for any reason whatsoever. See our Terms of Service for complete details.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by posting the updated policy and updating the "Last updated" date. Continued use constitutes acceptance.

15. Contact Us

If you have questions about this Privacy Policy, contact us at privacy@graphretail.com.