top of page

Privacy Policy

A legal disclaimer

Effective Date: January 1, 2025

DUCKING A LLC ("DUCKING A," "we," "our," or "us") values your privacy and is committed to protecting your personal data. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you visit our website (https://www.duckinga.com), and when you use our products and services, including our point-of-sale (POS) software and systems (collectively, the "Services").

This policy also explains our role and responsibilities concerning the personal data of your customers that is processed through our POS Services when you, our merchant client, use our Services.

Please read this policy carefully to understand our views and practices regarding your personal data and how we will treat it. By accessing or using our Services, you signify your understanding and agreement with the terms of this Privacy Policy.

1. Information We Collect

We collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device ("personal data"). The categories of personal data we collect include:

  • A. Information You (Our Merchant Clients) Provide to Us:

    • Personal Identifiers: Name, email address, phone number, business name, business address, tax identification numbers.

    • Account Credentials and Preferences: Usernames, passwords, security questions, user preferences for our Services.

    • Payment Information: Billing address, payment card details (typically processed through a secure third-party payment processor), and bank account information for service payments.

    • Business Operations Data: Information you input into the POS system related to your business, such as employee names for user accounts, store location details, and potentially inventory data if synced with our systems.

    • Customer Support Inquiries: Information provided when you contact us for support, including the nature of the query and any related correspondence.

  • B. Information We Automatically Collect When You Use Our Services:

    • Device and Connection Information: IP address, device type and identifiers (e.g., MAC address), operating system, browser type and version, internet service provider.

    • Usage Information: Details of your use of our Services, including features utilized, clicks, navigation paths, session duration, error logs, system diagnostic information, hardware status, software version, and performance data from POS terminals and software.

    • Cookies and Similar Tracking Technologies: We use cookies, web beacons, and similar technologies to collect information about your interaction with our website and some features of our Services. Please see Section 8 ("Cookies and Tracking Technologies") for more details.

  • C. Information from Third Parties:

    • Business Partners and Service Providers: We may receive information from third-party service providers who assist us in providing and improving our Services (e.g., payment processors, analytics providers, cloud hosting services).

    • Public Databases: We may collect information from publicly available sources to verify business information or for due diligence purposes.

  • D. Information We Process on Behalf of Our Merchant Clients (Data of Your Customers):

    • When you use our POS Services, we process personal data of your customers on your behalf as a "Data Processor" or "Service Provider" under applicable privacy laws. You, the merchant, are the "Data Controller" or "Business" responsible for this data.

    • This data may include:

      • Transaction Details: Items purchased, transaction amount, date and time of transaction, payment method (e.g., truncated card numbers, type of card – we do not store full payment card numbers after authorization), loyalty program information.

      • Customer Identifiers (if provided by you or your customer): Name, email address, phone number, or other identifiers if used for receipts, loyalty accounts, or order fulfillment.

    • Our use of this data is governed by our agreement with you, the merchant, and this Privacy Policy. We do not use your customers' personal data for our own independent marketing or other purposes unless explicitly agreed upon with you or as required by law.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To Provide, Operate, and Maintain Our Services:

    • Set up and manage your account.

    • Process transactions you make through our Services (e.g., your service payments to us).

    • Enable the functionality of the POS system for your business operations.

    • Provide customer support and respond to your inquiries.

  • To Improve and Personalize Your Experience:

    • Understand how you use our Services to enhance features and usability.

    • Personalize content and service offerings based on your preferences.

  • To Communicate with You:

    • Send administrative information, such as updates to our terms, conditions, and policies.

    • Provide service-related announcements, security alerts, and support messages.

    • Send marketing communications (where permitted by law and with your consent, if required), from which you can opt-out (see Section 5).

  • To Process Transactions (on behalf of merchants):

    • Facilitate the processing of your customers' transactions through the POS system as directed by you.

  • To Analyze Usage Trends and Improve Our Offerings:

    • Conduct research and analysis to understand service usage and identify areas for improvement.

    • We may aggregate and anonymize data collected through our Services (including transaction data from POS systems) to generate statistical insights, such as sales trends or popular items. This aggregated and anonymized data does not identify any individual and may be used for our business purposes.

  • For Security and Fraud Prevention:

    • To monitor for and prevent fraudulent or unauthorized activity.

    • To protect the security and integrity of our Services and data.

  • To Comply with Legal Obligations:

    • To comply with applicable laws, regulations, court orders, or other legal processes.

    • To respond to lawful requests from public authorities.

3. Sharing Your Information

We do not sell your personal data or the personal data of your customers that we process on your behalf. We may share your information in the following circumstances:

  • With Service Providers: We share information with third-party vendors, consultants, and other service providers who perform services on our behalf. These may include:

    • Payment processors (for your service fees and to facilitate your customer transactions).

    • Cloud hosting providers.

    • Data analytics providers.

    • Customer support service providers.

    • Security and fraud prevention services. These providers are contractually obligated to protect your data and use it only for the services they provide to us.

  • With Business Partners or Contractors: In connection with providing specific integrated Services you choose to use (e.g., integrations with third-party accounting software or loyalty programs selected by you). We will only share information necessary for these integrations to function as directed by you.

  • As Directed by Our Merchant Clients: We share data of your customers as necessary to provide the POS Services to you and as you direct (e.g., providing your customers with receipts, or facilitating your customer loyalty programs).

  • With Authorities When Required by Law or Legal Process: We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to:

    • Comply with a legal obligation or a request from law enforcement or other public authorities.

    • Protect and defend our rights or property.

    • Prevent or investigate possible wrongdoing in connection with the Services.

    • Protect the personal safety of users of the Services or the public.

  • In Connection with a Business Transfer or Restructuring: If DUCKING A LLC is involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of company assets, or transition of service toanother provider, your information may be sold or transferred as part of such a transaction as permitted by law and/or contract. We will notify you of any such deal and outline your choices in that event.

4. Data Processed on Behalf of Merchants (Your Customers' Data)

As a provider of POS Services, we act as a "Data Processor" or "Service Provider" for the personal data of your customers that you collect and manage through our Services. You, the merchant, are the "Data Controller" or "Business" and are primarily responsible for ensuring that your customers' privacy rights are respected, including providing them with necessary privacy notices and obtaining any required consents.

Our obligations as a Data Processor are outlined in our agreement with you (which may include a Data Processing Addendum - DPA). We will only process your customers' data in accordance with your instructions, our contractual agreement, and applicable law. If your customers have questions about their data or wish to exercise their privacy rights, they should generally direct their inquiries to you, the merchant. We will assist you, as reasonably necessary and in accordance with our agreement, in responding to such requests.

5. Your Choices and Rights

Depending on your location and applicable law (e.g., GDPR, CCPA/CPRA), you may have certain rights regarding your personal data. These rights may include:

  • For Our Merchant Clients (Regarding Your Own Data Provided to Us):

    • The Right to Access: You can request a copy of the personal data we hold about you.

    • The Right to Rectification (Correction): You can request that we correct any inaccurate or incomplete personal data.

    • The Right to Erasure (Deletion): You can request that we delete your personal data, subject to certain exceptions (e.g., where we are legally required to retain it).

    • The Right to Restrict Processing: You may request that we limit the way we use your personal data.

    • The Right to Data Portability: You may request to receive your personal data in a structured, commonly used, and machine-readable format, and to have it transmitted to another controller.

    • The Right to Object to Processing: You may object to our processing of your personal data based on our legitimate interests.

    • The Right to Opt-Out of Marketing Communications: You can opt-out of receiving marketing emails from us by following the unsubscribe instructions included in those emails or by contacting us.

    • The Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

  • For Customers of Our Merchant Clients:

    • If you are a customer of a merchant using DUCKING A's POS Services and have questions about your personal data or wish to exercise your privacy rights, please direct your request to the merchant from whom you made your purchase or with whom you have a direct relationship. DUCKING A processes your data on behalf of and as instructed by the merchant. We will assist our merchant clients in responding to your requests where applicable and as required by law.

You can exercise your rights applicable to data DUCKING A directly controls by contacting us at privacy@duckinga.com. We may need to verify your identity before processing your request.

6. Data Security

We implement appropriate technical and organizational measures designed to protect the security of your personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures may include, for example, encryption of data at rest and in transit, access controls, regular security assessments, and staff training.

[Optional: If applicable, add: "DUCKING A LLC is committed to adhering to industry-standard security practices, such as those outlined in the Payment Card Industry Data Security Standard (PCI DSS), for the aspects of our Services that handle payment card information. However, we typically utilize third-party PCI DSS compliant payment processors for the direct handling and storage of full payment card data."]

However, please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

7. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements, and to resolve disputes.

The criteria used to determine our retention periods include:

  • The length of time we have an ongoing relationship with you and provide Services to you (e.g., as long as you have an account with us).

  • Whether there is a legal obligation to which we are subject (e.g., certain laws require us to keep records of your transactions for a certain period of time).

  • Whether retention is advisable in light of our legal position (e.g., in regard to applicable statutes of limitations, litigation, or regulatory investigations).

For data we process on behalf of our merchant clients (your customers' data), we retain this data in accordance with our agreement with the merchant and their instructions, or as required by law. [Consider developing an internal data retention schedule and potentially linking to a summary or providing more specific general timelines if feasible and appropriate.]

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies (like web beacons and pixels) to collect and use personal information about you, including to understand user activity, improve the user experience, and for interest-based advertising (where applicable).

You can manage your cookie preferences through your browser settings. However, disabling certain cookies may affect the functionality of our website and Services. [Recommendation: Develop a separate, more detailed Cookie Policy that is linked from this Privacy Policy. This Cookie Policy should list the specific cookies used, their purpose, their duration, and how users can manage them.]

9. Children’s Privacy

Our Services are not intended for use by children under the age of 13 (or a higher age threshold where applicable under local law). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child without appropriate consent, we will take steps to delete such information as soon as possible. If you are a parent or guardian and believe your child has provided us with personal data, please contact us.

Merchants using our POS system are responsible for their own compliance with laws regarding the collection of data from minors who may be their customers.

10. International Users and Data Transfers

If you are accessing our Services from outside the United States, please be aware that your personal data may be transferred to, stored, and processed in the United States, where our servers are located and our central database is operated. The data protection laws of the United States may not be as comprehensive as those in your country.

By using our Services, you understand that your information may be transferred to our facilities and to those third parties with whom we share it as described in this Privacy Policy. [For businesses with significant operations/customers in regions like the EEA/UK, consult legal counsel to include specific language on:

  • The legal basis for processing personal data (e.g., consent, contractual necessity, legitimate interests).

  • The specific mechanisms used for lawful international data transfers (e.g., Standard Contractual Clauses, Adequacy Decisions).]

11. Third-Party Links

Our Services may contain links to other websites or services operated by third parties that are not controlled by DUCKING A LLC. This Privacy Policy does not apply to such third-party services. We encourage you to review the privacy policies of any third-party services before providing any information to or through them.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements,or other factors. If we make material changes, we will notify you by posting the new Privacy Policy on our website with a new effective date. For significant changes, we may also provide a more prominent notice (such as by adding a statement to our homepage or sending you a notification directly if you are an active client). We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

13. Contact Us

If you have any questions, concerns, or comments about this Privacy Policy or our privacy practices, or if you wish to exercise your rights,

please contact us at:

DUCKING A LLC

1024 Commonwealth Avenue Boston, MA 02215

Email: privacy@duckinga.com

bottom of page