Skip to content
Legal · Privacy

Your data. Your business. Non-negotiable.

Privacy Policy

Last updated: April 13, 2026 ~10 min 10 sections
  • TLS 1.2+
  • AES-256
  • Tenant-isolated
  • JWT · 30 days

This Policy describes how Hypernova Labs ("NAOS", "we") collects, uses, shares and protects information when you use NAOS POS and related services. Read this Policy together with our Terms and Conditions.

art. 6 · law 81

Your 6 rights over your data.

Guaranteed by Panama's Law 81 and honored without friction. Write to privacy@naos.site and we will reply within 30 days.

01

Access

Request a copy of your data.

02

Rectification

Correct inaccurate data.

03

Deletion

Request deletion of your data.

04

Portability

Export in a structured format.

05

Objection

Opt out of marketing and profiling.

06

Withdraw

Withdraw previously granted consent.

Information We Collect

We collect the following categories of information:

  • Account data: name, email, phone, tax ID (RUC) and business details.
  • Operational data: products, sales, orders, inventory and end-customer data you record in the POS.
  • Technical data: device, operating system, IP address, terminal identifiers and event logs.
  • Subscription payment data: processed by external payment providers; NAOS does not store full card numbers.
  • Cookies and local storage for sessions, preferences and offline-first mode (SQLite, AsyncStorage).

How We Use Information

We use the information to:

  • Provide and operate the Service (offline-online sync, electronic invoicing, reports, AI).
  • Bill the subscription and charge for contracted services.
  • Provide technical support and operational communications.
  • Improve the product through aggregated analytics and anonymous metrics.
  • Comply with legal, tax and fraud-prevention obligations.
  • Send marketing communications only with your explicit consent.

Sharing with Third Parties

NAOS does not sell your data. We share information only with:

  • Qualified Authorization Providers (PAC) and the Panama DGI for issuing electronic invoices.
  • Payment processors for collecting the subscription.
  • Infrastructure providers (Google Cloud Platform in U.S. regions) under data processing agreements.
  • Competent authorities when required by law or court order.
  • Successors in case of merger, acquisition or corporate reorganization.

Storage and Security

We apply reasonable technical and organizational measures: encryption in transit (TLS 1.2+) and at rest, role-based access control, JWT authentication, per-tenant isolation, daily backups, continuous monitoring and audit logs. However, no Internet transmission or storage system is 100% secure and we cannot guarantee absolute security. Notify us of any suspected unauthorized access to your account.

Data Retention

We retain your information while the account is active and for legally applicable periods (minimum 5 years for tax records in Panama). After cancellation you have 30 days to export your data; thereafter it will be deleted or anonymized, except where a legal or regulatory obligation requires longer retention.

Your Rights

You have the right to request:

  • Access to your personal data and a copy of it.
  • Rectification of inaccurate or incomplete data.
  • Deletion or restriction of processing.
  • Portability of your data in a structured format.
  • Objection to processing for marketing purposes.
  • Withdraw previously granted consent.

To exercise these rights write to privacy@naos.site. We will respond within a maximum of 30 days.

Cookies and Similar Technologies

The website and admin portal use strictly necessary session cookies, preference cookies (language, theme), and optionally analytics cookies to understand usage. You can manage cookies from your browser settings. The mobile app uses local storage (SQLite and AsyncStorage) for offline-first mode; this data is not cookies but performs a similar function and is removed when uninstalling the app.

International Transfers

Your data is stored primarily in Google Cloud Platform in regions of the United States. By using the Service you accept these transfers. NAOS requires its providers to sign contractual clauses that ensure an adequate level of protection in line with international standards and applicable Panamanian legislation (Law 81 on Personal Data Protection).

Minors

The Service is intended for businesses and individuals over 18 years of age. We do not knowingly collect personal data from minors. If we detect information about minors we will delete it. If you are a parent or guardian and believe your child has provided us data without your consent, contact us at privacy@naos.site.

Changes to this Policy

NAOS may update this Policy by publishing a new version with the last-updated date at the top. Material changes will be notified by email or within the Service at least 15 days in advance. Continued use of the Service after the effective date implies acceptance of the changes.
Link copied