YSW Lab

ນະໂຍບາຍຄວາມເປັນສ່ວນຕົວ

Last updated: April 16, 2026

1. Information We Collect

When you use YSW Lab's services (SellOS, BuyOS, SupplierOS), we collect:

  • Account information: Name, email address, phone number, and password when you register.
  • Business information: Business name, address, business type, tax registration number, and operating hours.
  • Payment data: Payment transactions are processed securely by Stripe. We do not store your full credit card details. We retain transaction records (amounts, dates, order IDs) for accounting and dispute resolution.
  • Order data: Order history, product/menu items, customer preferences, and delivery information.
  • Usage data: Pages visited, features used, device information, IP address, and general analytics to improve our service. On mobile apps, Firebase Analytics collects app usage events and Firebase Crashlytics collects crash reports and device diagnostics.
  • Device data: Device identifiers (for push notifications via Firebase Cloud Messaging), operating system version, app version, and screen resolution.
  • AI interaction data: Messages sent during AI consultations (menu design, photo enhancement, marketing copy) to provide and improve AI features.

2. How We Use Your Information

  • To provide and operate the SellOS merchant POS, BuyOS consumer ordering, and SupplierOS supply chain services.
  • To process orders and payments between merchants, consumers, and suppliers.
  • To generate AI-powered features (menu design, photo enhancement, demand forecasting, marketing copy).
  • To send important service updates, order notifications, and security alerts.
  • To improve our services through aggregated, anonymized analytics.
  • To detect and prevent fraud, abuse, and security incidents.

3. Cookies & Local Storage

We use:

  • Essential cookies: For authentication, session management, and security (CSRF protection). These are required for the service to function.
  • Analytics cookies: Vercel Analytics for aggregated, privacy-friendly usage metrics. No personal data is tracked.
  • Local storage: For offline mode data sync, user preferences, and cart state.

We do not use advertising or third-party tracking cookies.

4. Data Sharing

We share your data only with the following third-party services, solely to provide the Service:

  • Stripe: Payment processing. Subject to Stripe's Privacy Policy.
  • Anthropic (Claude AI): Processes consultation messages for AI features. Subject to Anthropic's Privacy Policy.
  • Google Cloud Platform: Backend hosting (Cloud Run, Cloud SQL) in the Asia-Southeast1 (Singapore) region for POS services.
  • Firebase (Google): Push notifications (Cloud Messaging), app analytics (Firebase Analytics), and crash reporting (Crashlytics) for mobile apps. Subject to Firebase Privacy Policy.
  • Regional payment gateways: Depending on your country, payments may be processed by local providers (e.g., Xendit in Indonesia, Razorpay in India, Tap Payments in UAE). Each processor only receives data necessary to complete your transaction and is subject to their own privacy policy.
  • Supabase: Authentication and database hosting (AWS infrastructure).
  • Vercel: Website hosting and edge delivery.
  • Cloudflare: DNS, CDN, and API proxy services.

We do not sell, rent, or trade your personal data to any third party for marketing or advertising purposes.

5. Data Retention

  • Active accounts: Data is retained for the duration of your account.
  • Inactive accounts: Accounts with no login for 180 days may be marked dormant and eventually deleted, with prior notice.
  • Deleted accounts: Upon account deletion, your data is retained for 30 days (to allow recovery), then permanently deleted.
  • Transaction records: Retained for 7 years as required by Singapore tax regulations.

6. Your Rights

You have the right to:

  • Access: Request a copy of all personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your account and associated data.
  • Export: Export your data (orders, products, customer lists) in CSV format at any time via the dashboard.
  • Withdrawal of consent: Withdraw consent for optional data processing (e.g., analytics) at any time.

To exercise these rights, contact us at research@ysw-lab.com. We will respond within 30 days.

7. Children's Privacy

YSW Lab is not intended for use by children under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

8. Data Security

We implement industry-standard security measures including:

  • TLS encryption for all data in transit.
  • Encryption at rest for stored data (Supabase/AWS).
  • Rate limiting, input validation, and XSS/CSRF protection.
  • Server-authoritative architecture preventing client-side data manipulation.
  • Multi-region deployment (Singapore, US, EU) for redundancy.

9. PDPA Compliance (Singapore)

YSW Lab complies with the Personal Data Protection Act 2012 (PDPA) of Singapore. We collect, use, and disclose personal data only for purposes that a reasonable person would consider appropriate under the circumstances. You may withdraw consent for non-essential data processing at any time.

10. GDPR Compliance (European Union)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Legal basis: We process your data based on contractual necessity (to provide the Service), legitimate interest (analytics, security), and consent (optional features like AI consultations).
  • Data portability: You may request your data in a structured, machine-readable format.
  • Right to erasure: You may request complete deletion of your personal data, subject to legal retention requirements.
  • Right to restrict processing: You may request we limit how we use your data.
  • Right to object: You may object to processing based on legitimate interest.
  • Supervisory authority: You have the right to lodge a complaint with your local data protection authority.

For GDPR-related requests, contact research@ysw-lab.com. We will respond within 30 days.

11. Location Data

Our mobile apps do not collect precise GPS location data. We may derive approximate location from your IP address for analytics, fraud prevention, and to determine applicable tax rates. Business addresses provided by merchants are stored for store listing and delivery purposes.

12. International Data Transfers

Your data may be processed in Singapore, the United States, or the European Union (our server regions). We ensure that all data transfers comply with applicable data protection laws and that our hosting providers maintain appropriate security standards.

13. Changes to This Policy

We may update this policy from time to time. We will notify registered users of significant changes via email. Continued use of the Service after changes constitutes acceptance.

14. Contact

For privacy-related inquiries: