Privacy Policy

Regulatory Compliance

Tri Tech Technology is committed to protecting privacy and handling personal data with transparency, integrity, and accountability. This Privacy Policy is designed to comply with the following:

Pakistan Electronic Transactions Ordinance 2002. Our data collection, processing, and storage practices conform to Pakistan's foundational legislation governing electronic commerce, digital services, and data integrity in electronic transactions.

Prevention of Electronic Crimes Act 2016 (PECA). We maintain data security standards and cybersecurity practices consistent with Pakistan's legislation on the prevention of electronic crimes and the protection of digital systems and data.

Pakistan Personal Data Protection Framework. Pakistan has not yet enacted a comprehensive personal data protection statute; a Personal Data Protection Bill remains in draft at the date of this policy. We nonetheless adhere to the principles of lawful, fair, and transparent processing, and will align our practices with the Personal Data Protection Bill and any associated regulations as and when they are enacted.

Fiscal Invoicing Integration (PRA / SRB / FBR). Where supported for your province and business type, TTT POS integrates with the applicable revenue authority's electronic invoicing and sales-reporting system: for restaurant and other taxable services in Punjab, the Punjab Revenue Authority (PRA) under the Punjab Sales Tax on Services Act 2012 and its electronic invoice-monitoring system; for services in Sindh, the Sindh Revenue Board (SRB); and, for taxable goods and Tier-1 retail, the Federal Board of Revenue (FBR) via PRAL (including FBR SRO 288(I)/2026, as amended). Where an integration is active for your business, sales and tax-invoice data is transmitted to the relevant authority — together with the system invoice number and QR code it requires — to meet your statutory tax-invoicing obligations. Tax registration, rate selection, and filing remain your responsibility, as set out in the Terms of Service.

Pakistan Software Export Board (PSEB) Compliance. Tri Tech Technology is a software company operating as a registered partnership in Pakistan and maintains compliance with PSEB operational and regulatory standards applicable to SaaS platform providers.

If you have questions about our compliance posture or wish to exercise your data rights, please contact us at legal@tritechtechnologyllc.com.

1. Introduction

This Privacy Policy explains how Tri Tech Technology (also referred to as TTT, we, us, or our) collects, uses, shares, retains, and protects personal information when you use our TTT POS point-of-sale software, the associated back-office dashboard, mobile and web applications, and all related services (together, the Services).

We take privacy seriously. This policy explains, in clear and complete terms, what personal information we collect, the purposes for which we process it, the legal grounds on which that processing is conducted, how and when it may be shared, and what rights you hold with respect to it. If any aspect of this policy is unclear, we encourage you to contact us directly before using the Services.

Our principal place of business is at 30 Civic Center, Block D2, Lahore, Punjab, Pakistan 54000.

2. Controller and Processor Roles

Because TTT POS is operational business software, the roles of "controller" and "processor" differ depending on the type of data:

• TTT as controller. Tri Tech Technology is the data controller for the account, business, and billing information of the Subscriber (the business that licenses TTT POS), and for technical and usage data about how the Services are used.
• TTT as processor. For the operational data that a Subscriber generates by running its business through TTT POS — including sales transactions, order records, end-customer details entered at the point of sale, staff and user records, inventory, supplier, and financial data — the Subscriber is the data controller and TTT acts as a data processor, processing that data only on the Subscriber's documented instructions and as needed to provide the Services.

Subscribers are responsible for ensuring a valid lawful basis exists for the personal data they collect about their own customers and staff, and for handling those individuals' data-rights requests directly.

3. Who This Policy Applies To

This Privacy Policy applies to:

Subscribers. Businesses that register for and use TTT POS under a paid or trial subscription to operate point-of-sale, inventory, and reporting functions.

Users. Owners, managers, cashiers, waiters, and other staff authorised by a Subscriber to access and operate TTT POS under a Subscriber account, each typically identified by a login and an encrypted PIN.

End Customers. Individuals who purchase from a Subscriber and whose details (such as a name or phone number for a receipt, an order, a tab, or a linked loyalty card) are entered into TTT POS by the Subscriber.

Website visitors. Individuals who access the TTT POS website or marketing pages without registering for an account.

Support contacts. Individuals who contact TTT for assistance, enquiries, or information.

4. Information We Collect

4.1 Account and Business Information

When you register or complete onboarding, we collect your name, email address, business name, phone number, business address, and tax registration details (such as your NTN/STRN) where required for FBR-integrated invoicing. We also collect your account password and user PINs, which are stored in encrypted form, along with your business type, branch details, subscription plan, and configuration settings.

4.2 Subscription Payment Information

Subscription fees that you pay to TTT for the Services are collected by cheque, bank transfer, or by Stripe, Inc. on our behalf. We do not store or handle your complete card details for subscription payments. Where Stripe is used, we receive only what is necessary to manage your account, including payment confirmation status, the last four digits of your card, billing name and address, and renewal records. Stripe operates as an independent data controller under its own privacy policy and PCI DSS Level 1 standards.

4.3 Point-of-Sale and Operational Data

When you operate your business through TTT POS, we process the operational data you generate, on your behalf and as your processor. This includes sales and order records, item and menu data, discounts, rewards, gift-card and void/refund records, till session and cash-drawer activity, expenses, inventory and recipe data, supplier and purchase-order records, financial and profit-and-loss reports, and tax data. Where you enter end-customer details (such as a name or phone number for a receipt, order, or loyalty linkage), those details are processed as part of this operational data.

4.4 Staff and User Activity Data

TTT POS records staff and user activity for security and accountability, including login and PIN events, role-based permissions, branch assignments, time-stamped audit logs, and records of sensitive actions such as drawer opens, voids, refunds, and price overrides.

4.5 Usage and Technical Data

We automatically collect information about your activity and the device you use, including the features and pages you access, actions performed in the dashboard, session duration and frequency, device and terminal identifiers, browser type, operating system, IP address, and approximate location derived from that IP address. We also collect error logs and diagnostic data to maintain performance.

4.6 Offline and Synchronisation Data

TTT POS is designed to keep operating during internet outages. During an outage, transaction and operational data is stored locally on your device and synchronised to our servers once connectivity is restored. You remain responsible for reconciling your records following any offline period.

4.7 Support Communications

When you contact us, we collect and retain the content of your messages, any attachments, your contact details, and records of our responses, used solely to resolve your enquiry and maintain service quality.

4.8 Information from Third Parties

We may receive limited information from integrated third-party services. If you use Google Single Sign-On, we receive your name, email address, and profile identifier from Google. Stripe provides payment confirmation and fraud-risk signals related to your subscription. We do not purchase personal data from data brokers.

5. How We Use Your Information

We use the information we collect to provide and maintain the Services, process your subscription payments, guide you through account setup and onboarding, operate point-of-sale, inventory, reporting, and integration features, and keep your dashboard and terminals functioning correctly. Where FBR integration is active for your business, we use your transaction and tax data to generate and transmit compliant digital tax invoices to the relevant revenue authorities.

When you contact us, we use your information to respond to support requests and resolve technical issues. TTT also generates aggregated and de-identified data from use of the Services to understand how the Services are used so we can improve performance, reliability, and usability, and to produce industry insights, as permitted under the Terms of Service and Merchant Subscription Agreement. We use your contact details to send transactional communications such as renewal reminders, billing confirmations, and service updates. Where you have opted in, we may send marketing communications, which you can unsubscribe from at any time.

We process information where necessary to detect fraud, prevent unauthorised access, and protect the Services and their users, and we retain certain records to meet legal and regulatory obligations.

We will not sell your personal information to any third party, at any time, for any purpose, and we will not use your Subscriber Content to train or develop any AI or machine-learning model.

6. Legal Basis for Processing

Contractual Necessity. Processing required to perform the Services you have subscribed to and fulfil our obligations under the Terms of Service, including account provisioning, payment processing, authentication, and delivery of POS features.

Legitimate Interests. Processing in pursuit of our legitimate business interests, where not overridden by your rights — including improving, securing, and maintaining the Services, detecting and preventing fraud, and understanding usage patterns.

Legal Obligation. Processing necessary to comply with applicable law, including tax-invoicing and reporting obligations to the FBR and provincial revenue authorities, anti-money-laundering obligations, regulatory record-keeping, and lawful requests from courts or government authorities.

Consent. Processing based on your affirmative opt-in, including marketing communications and non-essential cookies. You may withdraw consent at any time without affecting prior lawful processing.

7. How We Share Your Information

We share personal information only in the limited circumstances below. We do not sell, rent, or trade personal information.

Revenue Authorities. Where fiscal invoicing integration is active for your business, sales and tax-invoice data is transmitted to the applicable revenue authority — the Punjab Revenue Authority (PRA) for services in Punjab, the Sindh Revenue Board (SRB) for services in Sindh, or the Federal Board of Revenue (FBR) via PRAL for goods and Tier-1 retail — to satisfy your statutory tax-invoicing obligations.

Service Providers. We engage carefully selected processors who act only on our documented instructions and apply appropriate security measures, including:

• Stripe, Inc. — for subscription payment processing and billing (not for your customers' card payments).
• Intercom, Inc. — for in-app support messaging and engagement.
• Google — for reCAPTCHA bot detection and, where you elect to use it, Single Sign-On.
• Contabo GmbH — cloud hosting and infrastructure, hosting the Services and storing data on our behalf on servers located in Germany / the European Union.

Legal Requirements. We may disclose information to courts, government authorities, regulators, or law enforcement where required by applicable law, court order, or binding legal process.

Business Transfers. In a merger, acquisition, restructuring, or sale of the business, personal information may be transferred to the successor entity, with advance notice of any material change.

With Your Consent. In any other circumstances, we will seek your prior informed consent before disclosing your personal information.

8. TTT Loyalty and Other Integrations

TTT Loyalty. Where a Subscriber uses both TTT POS and TTT Loyalty, customer data, transaction records, loyalty points activity, and reward redemptions are synchronised between the two products in real time. This data sharing is first-party and is not disclosed to any external party.

Stripe. Used to process subscription payments. Stripe is an independent data controller and is PCI DSS Level 1 certified. See the Stripe Privacy Policy.

Intercom. Powers the in-app support messenger. See the Intercom Privacy Policy.

Google reCAPTCHA. Used on login and form pages to distinguish humans from bots, solely for security. See the Google Privacy Policy.

9. Cookies and Tracking Technologies

We use cookies, local storage, and session storage on the TTT POS web client to support authentication, application state, user preferences, and integrations. For a full description of each technology, its purpose and retention, and how to manage your preferences, please refer to our Cookie Policy.

10. Data Retention

We retain personal information only for as long as necessary for the purposes for which it was collected. Account and registration information is kept for the duration of your subscription and for 2 years after closure. Billing, transaction, and tax-invoice records are retained for at least 7 years to meet tax and accounting requirements under Pakistani law. Support records are kept for 3 years, security and audit logs for 12 months, and usage data for up to 26 months in anonymised form. When data is no longer needed, it is securely deleted or permanently anonymised.

11. Data Security

All data transmitted between your devices and the Services is encrypted in transit, and personal information stored in our databases is encrypted at rest. User PINs and passwords are stored in encrypted form. Access to personal data within our organisation is restricted on a need-to-know basis, supported by role-based access controls and audit logging. Because card payments are handled by your external terminal and acquiring bank, we do not store your customers' card details. In the event of a data breach affecting your personal information, we will notify you and the relevant authorities without undue delay and, in any event, within 72 hours of becoming aware of a breach likely to affect your rights, consistent with applicable Pakistani law including the Prevention of Electronic Crimes Act 2016 and any sectoral reporting requirements.

12. International Data Transfers

The Services are hosted on Contabo GmbH infrastructure, with servers located in Germany / the European Union. TTT is headquartered and operates from Pakistan; accordingly, personal information is primarily stored and processed in the European Union and is accessed by TTT from Pakistan. Certain other third-party providers we engage, including Stripe, Intercom, and Google, may process data in the United States, the European Union, or other jurisdictions. Because our primary hosting is in the EU, that data benefits from the data-protection standards of the General Data Protection Regulation (GDPR). Where personal information is transferred between Pakistan and other jurisdictions, we take steps to ensure it remains adequately protected, including contractual data-transfer terms and the selection of providers maintaining internationally recognised security certifications. A list of our sub-processors and the data-processing terms applicable to Merchant data are set out in the Data Processing Addendum to the Merchant Subscription Agreement.

13. Your Data Rights

You have the right to access, correct, or delete the personal information we hold about you. You may also request that we restrict or stop processing your data, request a portable copy, or withdraw consent where processing is based on consent, and you may object to processing for direct marketing at any time. To exercise any of these rights, contact us at legal@tritechtechnologyllc.com. We will respond within 3 business days and may ask you to verify your identity first.

Where the request concerns end-customer or staff data that a Subscriber controls, we will refer the request to the relevant Subscriber, who is responsible for responding as the data controller.

14. Account Deletion

Subscribers may request deletion of their account by writing to info@tritechtechnologyllc.com from the registered primary account email. Upon validating a deletion request:

• Access to the Services will be terminated at the end of the current paid Billing Period, or immediately where no fees are outstanding.
• Subscriber Content will be made available for export for 30 days following closure, provided all outstanding fees are settled in full.
• Account and personal information will be deleted or anonymised in accordance with the retention schedules in section 10, subject to retention obligations required under applicable law (including mandatory retention of tax-invoice records).

Deletion of a Subscriber account does not fulfil data-erasure requests for end-customer or staff data. As the data controller for that data, the Subscriber must manage those rights requests directly.

15. Children's Privacy

The Services are designed exclusively for commercial use by businesses and are not directed toward or appropriate for individuals under the age of 18. TTT does not knowingly collect personal information from anyone under 18. If we become aware that such information has been inadvertently collected, we will delete it without undue delay. If you believe we may have collected information from a person under 18, please contact us at info@tritechtechnologyllc.com.

16. Pakistan Legal Compliance

Tri Tech Technology is a software company operating as a registered partnership, established in Lahore, Punjab, Pakistan. Our data handling, privacy, and security practices are designed to comply with the laws and regulatory standards applicable to SaaS platform providers in Pakistan, including:

• The Electronic Transactions Ordinance 2002, establishing the framework for electronic commerce, digital records, and data integrity in Pakistan.
• The Prevention of Electronic Crimes Act 2016 (PECA), governing cybersecurity obligations, data-system security, and electronic offences.
• The Personal Data Protection Bill (in draft at the date of this policy) and any associated regulations, with which we will align our practices as and when they are enacted.
• The Punjab Sales Tax on Services Act 2012 (PRA), the Sindh Sales Tax on Services Act 2011 (SRB), the Sales Tax Act 1990, and the Income Tax Ordinance 2001, with respect to fiscal invoicing integration, POS reporting, and tax record-keeping, as applicable to the Merchant's province and sector.
• The Companies Act 2017, with respect to corporate governance and record-keeping.
• The Anti-Money Laundering Act 2010, with respect to financial record-keeping and transaction monitoring applicable to SaaS subscription services.

TTT maintains registration and compliance with applicable Pakistani authorities, including the Pakistan Software Export Board (PSEB), and engages with regulatory guidance issued by Pakistan's Ministry of Information Technology and Telecom (MoITT).

17. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our data practices, features and integrations, or applicable legal requirements. When we make material changes, we will update the Last Updated date above, send written notice by email to registered Subscribers, or display a prominent in-app notification. Your continued use of the Services after the effective date constitutes acceptance of the revised policy. Where a change is material and you do not accept it, you may terminate your subscription in accordance with the Terms of Service.

18. Contact Us

For any questions, concerns, or formal rights requests relating to this Privacy Policy, please contact us. We aim to provide a substantive response within 5 business days.