Pocket Terminal LogoPocket Terminal
Legal

Privacy Policy

Last updated: April 26, 2026

This Privacy Policy explains how Simlina OÜ ("we", "us", "our"), the company behind Pocket Terminal, collects, uses, and protects personal data when you use our website at pocketterminal.com and the Pocket Terminal platform. We are committed to complying with the EU General Data Protection Regulation (GDPR).

1. Data Controller

The data controller responsible for your personal data is:

Simlina OÜ
Tallinn, Estonia
Privacy contact: legal@pocketterminal.com
General support: support@pocketterminal.com

2. What Data We Collect

2.1 Account Data

When you create a Pocket Terminal account, we collect your email address. This is required to create and identify your account and to communicate with you about the service.

2.2 Business & Transaction Data

Data you enter into the Pocket Terminal platform — such as product listings, inventory records, sales transactions, and staff information — is stored and processed to provide the service. This data belongs to you and is never shared with third parties for their own purposes.

2.3 Payment Data

Subscription payments are processed by Stripe. We do not store your full card number, CVV, or other sensitive payment credentials on our servers. Stripe's handling of your payment data is governed by the Stripe Privacy Policy.

2.4 Technical & Log Data

We may collect standard server logs including IP addresses, browser type, and access timestamps for security and operational purposes. This data is not used for tracking or profiling.

3. How We Use Your Data

We use your personal data for the following purposes:

  • To provide and maintain the service — account creation, authentication, and access control.
  • To communicate with you — transactional emails such as account confirmations, billing receipts, and service alerts.
  • To process payments — via Stripe for subscription billing.
  • To ensure security — detecting and preventing fraudulent or abusive activity.
  • To improve the service — with your consent, aggregated and IP-anonymized website usage analytics to understand how visitors interact with our pages (see Section 5).

4. Legal Basis for Processing (GDPR)

We rely on the following legal bases under GDPR Article 6:

  • Contract performance (Art. 6(1)(b)) — processing your email address and business data is necessary to provide the Pocket Terminal service you have signed up for.
  • Consent (Art. 6(1)(a)) — for optional analytics cookies on our marketing website (see Section 5). You may withdraw consent at any time.
  • Legitimate interests (Art. 6(1)(f)) — server log data for security and fraud prevention.
  • Legal obligation (Art. 6(1)(c)) — retaining billing records as required by applicable law.

5. Cookies & Analytics

5.1 Strictly Necessary Cookies

The Pocket Terminal application uses session cookies solely to keep you logged in to your account. These cookies are essential for the service to function and are exempt from consent under the ePrivacy Directive.

5.2 Analytics Cookies (Optional)

On our marketing website (pocketterminal.com) we use Google Analytics 4 to understand how visitors interact with our pages so we can improve them. These cookies are only set after you give explicit consent via our cookie banner. We use Google Consent Mode v2 with IP anonymization enabled, and we do not use Google Analytics for advertising, remarketing, or cross-site tracking.

The legal basis is your consent (Art. 6(1)(a) GDPR). You can withdraw consent at any time by clicking "Decline" the next time the banner appears, by clearing the cookie_consent entry in your browser's local storage, or by visiting our site in a private/incognito window.

Google LLC is certified under the EU–US Data Privacy Framework, which the European Commission has recognised as providing an adequate level of protection for personal data transferred from the EU to the United States. For details on Google's processing, see the Google Privacy Policy.

5.3 What We Do Not Use

We do not use advertising cookies, third-party tracking pixels, or social-media tracking cookies. You can delete all cookies via your browser settings at any time; doing so will log you out of your account and reset your analytics consent choice.

6. Data Sharing & Third Parties

We do not sell, rent, or share your personal data with third parties for marketing purposes. We use the following third-party processors:

  • Stripe — payment processing. Stripe is certified to PCI DSS Level 1 and operates under GDPR-compliant data processing agreements.
  • Google LLC (Google Analytics 4) — website usage analytics on pocketterminal.com, loaded only after you give consent. Google is certified under the EU–US Data Privacy Framework.
  • Amazon Web Services EMEA SARL (AWS) — application hosting, database, and storage. All Pocket Terminal production data is hosted in the AWS Frankfurt (eu-central-1) region within the European Union. AWS operates under GDPR-compliant Data Processing Addenda and EU Standard Contractual Clauses, and is certified under the EU–US Data Privacy Framework.
  • Google Cloud (Google LLC) — Firebase Cloud Messaging — used solely to deliver push notifications to the Pocket Terminal Android application (e.g. sync alerts and account notifications). Limited technical identifiers (such as device push tokens) are processed for this purpose. Google is certified under the EU–US Data Privacy Framework.

7. Data Retention

We retain your account data for as long as your account is active. On account closure, the following retention rules apply:

  • Trial expiry without subscription — if your 15-day free trial ends and you do not subscribe to a paid plan, your account is marked inactive and all account data is permanently deleted 15 days after the trial expiry date.
  • Subscription cancellation — if you cancel a paid subscription, your account is marked inactive at the end of the current billing period, and all account data is permanently deleted 15 days after the inactivity start date, unless you re-subscribe within that window.
  • Account deletion request — if you ask us to delete your account, your personal data will be removed within 30 days of the request.

In all cases, we retain certain records where required by legal obligations — for example, billing and accounting records are retained for 7 years under Estonian accounting law. We will send reminder emails before any scheduled deletion so you have an opportunity to export your data or re-subscribe.

8. International Data Transfers

Simlina OÜ is based in Estonia (EU). Where data is processed by third-party service providers outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

9. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — request correction of inaccurate or incomplete data.
  • Right to erasure — request deletion of your personal data ("right to be forgotten").
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to restrict processing — ask us to limit how we use your data.
  • Right to object — object to processing based on legitimate interests.

To exercise any of these rights, contact us at legal@pocketterminal.com. We will respond within 30 days.

10. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Estonian supervisory authority:

Andmekaitse Inspektsioon (Data Protection Inspectorate)
Website: www.aki.ee
Email: info@aki.ee

11. Data Security

We implement industry-standard security measures including TLS/SSL encryption in transit and encryption at rest. Access to personal data is restricted to authorised personnel only. However, no method of transmission over the internet is 100% secure.

12. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify affected users without undue delay, in accordance with GDPR Article 34.

13. Children's Privacy

Pocket Terminal is a business tool intended for use by adults operating commercial enterprises. We do not knowingly collect personal data from individuals under the age of 16. If you believe a minor has submitted data to us, please contact legal@pocketterminal.com and we will promptly delete it.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice within the platform. The "last updated" date at the top of this page reflects the most recent revision. Continued use of the service after changes constitutes acceptance of the updated policy.

15. Contact

For any privacy-related questions or requests, please contact:

Simlina OÜ — Pocket Terminal
Privacy & data requests: legal@pocketterminal.com
General support: support@pocketterminal.com

Back to Pocket Terminal