AB POS SOLUTIONS, INC.
CORPORATE PRIVACY POLICY

Effective Date: July 16, 2026 | Last Updated: July 16, 2026

This Corporate Privacy Policy describes how AB POS Solutions, Inc. ("AB POS," "we," "us," or "our") collects, uses, discloses, retains, and protects personal information through the websites, portals, ordering environments, and online services identified below, together with their authorized subdomains and webpages that link to this Policy (each a "Site" and collectively, the "Digital Properties").

This Policy is intended to provide a unified corporate privacy framework. A specific product, merchant, transaction, employment process, jurisdiction, or third-party integration may be subject to an additional notice, contractual term, authorization, or legally required disclosure. If an additional notice conflicts with this Policy, the more specific notice governs the relevant processing activity to the extent of the conflict.

1. Scope and Digital Properties

This Policy applies to personal information processed by AB POS through the following Digital Properties when operated or controlled by AB POS Solutions, Inc.:

  • abpos.com. Corporate website, merchant-services information, forms, support resources, and company communications.
  • nuvpos.com. Website for the NUV POS technology ecosystem and related restaurant, retail, operational, reporting, and customer-experience solutions.
  • orb1.net. Platform environment for independent sales organizations, resellers, partners, payment organizations, and related onboarding or account functions.
  • c-portal.net. Authenticated customer portal supporting account access, reporting, services, cases, documentation, and related functionality.
  • ab-login.com. Authentication and administrative environment for authorized internal, partner, or platform users.
  • abgoeats.net and abgoeats.com. AB GO Eats digital ordering environments, including merchant pages, menus, ordering, checkout, service communications, and related functions.

This Policy does not automatically govern a third-party website, a merchant's independent business practices, or a service that does not link to this Policy. Merchants, partners, payment providers, delivery providers, financial institutions, and other third parties may act as independent businesses with their own privacy obligations.

2. Individuals Covered and AB POS's Role

This Policy may apply to Site visitors, merchant owners and representatives, partners and agents, authorized portal users, merchant employees, customers placing digital orders, support contacts, prospective customers, vendors, job applicants, and other persons who interact with the Digital Properties.

AB POS may act as a business determining the purposes and means of processing, as a service provider or processor acting on documented instructions, or in another legally recognized role. The applicable role depends on the service, contract, data source, and processing activity. When AB POS processes information on behalf of a merchant or partner, that organization may be primarily responsible for providing notices and responding to individual privacy requests.

3. Categories of Personal Information We May Collect

The categories collected depend on the relationship, Digital Property, service, and choices involved. AB POS may collect:

  • Identity and contact information, such as name, business name, title, mailing or service address, email address, telephone number, and preferred language;
  • business and merchant information, including entity information, ownership or authorized-representative details, locations, products, service selections, licenses, agreements, tax information, and operational configurations;
  • account and authentication information, such as usernames, encrypted or hashed credentials, multifactor-authentication details, access rights, login history, session information, and security events;
  • financial and payment-related information, including billing details, bank-account information, payment-card information, transaction identifiers, invoices, payment status, chargebacks, refunds, processing history, and settlement or residual information, as applicable;
  • order and customer-service information, including menu selections, order contents, pickup or delivery information, special instructions, loyalty information, digital receipts, merchant communications, and support cases;
  • commercial and relationship information, including inquiries, demonstrations, applications, purchases, subscription history, partner assignments, communications, preferences, and responses to surveys;
  • device, network, and usage information, including IP address, device and browser characteristics, operating system, identifiers, referring pages, pages viewed, interactions, approximate location, logs, and cookie information;
  • communications and content, including emails, call or chat records where permitted, uploaded documents, notes, feedback, reviews, and information submitted through forms or support channels;
  • employment or applicant information submitted through careers functions, such as résumé, experience, education, availability, professional qualifications, and interview materials; and
  • fraud-prevention, compliance, and verification information obtained or generated to authenticate users, manage risk, investigate activity, or satisfy legal and contractual requirements.

AB POS does not require every category for every interaction. We seek to limit collection to information reasonably necessary and proportionate for the relevant product, service, request, security function, or legal obligation.

4. Sources of Personal Information

We may collect personal information directly from you; from merchants, partners, agents, employers, authorized users, or account administrators; automatically through a Digital Property; from payment, identity-verification, fraud-prevention, delivery, hosting, analytics, communications, or support providers; from public records or publicly available sources; and from other parties as permitted by law or authorized by contract.

5. Purposes for Processing

AB POS may process personal information to:

  • provide, configure, maintain, support, and improve products, portals, ordering services, payment-related services, and customer experiences;
  • establish and administer merchant, partner, customer, employee, applicant, and authorized-user relationships;
  • authenticate users, manage permissions, secure accounts, monitor availability, troubleshoot systems, and maintain audit records;
  • process or facilitate orders, payments, refunds, billing, invoices, subscriptions, equipment, support, and contractual obligations;
  • communicate about accounts, orders, service events, security, support, training, updates, and requested information;
  • conduct analytics, reporting, research, quality review, product development, capacity planning, and business administration;
  • market products or services and measure communications or campaigns, subject to consent and opt-out rights where applicable;
  • detect, investigate, prevent, and respond to fraud, misuse, unauthorized activity, security incidents, disputes, and legal claims; and
  • comply with law, card-network or financial-industry requirements, lawful process, regulatory obligations, and enforceable agreements.

6. Cookies and Similar Technologies

The Digital Properties may use cookies, pixels, web beacons, local storage, software development kits, and related technologies for essential operations, preferences, analytics, performance, security, customer support, social-media functions, and advertising where permitted. Details concerning cookie categories, consent, browser controls, opt-out preference signals, and domain-specific configurations are provided in the AB POS Solutions, Inc. Corporate Cookie Policy linked from the applicable Digital Property.

7. How We Disclose Personal Information

AB POS may disclose personal information, subject to applicable law and contractual restrictions:

  • to merchants, partners, account administrators, authorized users, and their personnel as necessary to provide the requested relationship or service;
  • to processors and service providers supporting hosting, cybersecurity, authentication, analytics, communications, customer service, document management, payment functions, fraud prevention, delivery, professional services, and business operations;
  • to payment processors, acquiring institutions, sponsoring or member banks, card networks, ACH participants, financial institutions, and compliance or risk providers where relevant to a payment or merchant service;
  • to integration, ordering, delivery, accounting, software, or technology partners at the direction of an authorized customer or as necessary for an enabled feature;
  • to professional advisers, auditors, insurers, financing sources, and corporate affiliates subject to appropriate obligations;
  • to governmental authorities, courts, regulators, law enforcement, or other parties when reasonably necessary to comply with law, lawful process, protect rights or safety, investigate misconduct, or enforce an agreement; and
  • in connection with a proposed or completed merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or comparable corporate transaction, subject to applicable protections.

AB POS may use and disclose aggregated or de-identified information where permitted by law, provided the information is not reasonably capable of being associated with an identifiable individual. AB POS does not use this Policy to characterize a disclosure as a statutory "sale" or "sharing" unless the applicable legal definition is satisfied.

8. Payment, Financial, and Merchant Information

Payment and merchant-services information may be subject to specialized legal, contractual, card-network, banking, security, and record-retention requirements. Depending on the transaction and service, AB POS may transmit information to or receive information from payment processors, financial institutions, acquiring banks, card networks, ACH operators, gateways, fraud providers, or merchants. Those entities may independently determine certain processing purposes and maintain separate notices.

Where technically and operationally appropriate, AB POS seeks to limit exposure to full payment credentials through tokenization, hosted payment fields, encryption, access restrictions, or use of authorized payment providers. No statement in this Policy modifies the terms of a merchant-processing agreement, payment authorization, or applicable financial privacy notice.

9. Data Retention

AB POS retains personal information for the period reasonably necessary to fulfill the purpose for which it was collected, provide and secure services, maintain business and audit records, comply with legal or financial obligations, resolve disputes, investigate incidents, and enforce agreements. Retention periods vary based on the data category, relationship, system, transaction, applicable limitation period, contractual requirement, and legal obligation. Information may be deleted, anonymized, archived, or restricted when active retention is no longer required.

10. Information Security

AB POS maintains reasonable administrative, technical, and organizational safeguards designed to protect personal information against unauthorized access, acquisition, use, alteration, disclosure, destruction, or loss. Controls may include authentication, multifactor authentication, role-based access, logging, encryption where appropriate, network and endpoint protections, backups, vendor controls, vulnerability management, employee procedures, and incident response. No security program or transmission method can guarantee absolute security.

11. Privacy Choices and Individual Rights

Depending on your residence and subject to legal exceptions, you may have rights to confirm whether AB POS processes personal information about you; access, correct, delete, or obtain a portable copy of covered information; obtain information about categories of processing or recipients; withdraw consent; and opt out of qualifying targeted advertising, sale, sharing, or profiling.

Maryland residents may have rights under the Maryland Online Data Privacy Act, including rights to confirm processing, access, correct, delete, and obtain a portable copy of covered personal data, and to opt out of qualifying targeted advertising, sale of personal data, and certain profiling. AB POS will not unlawfully discriminate against an individual for exercising an applicable privacy right.

To submit a request, contact info@abpos.com with the subject line "Privacy Request." To appeal a decision on a prior request, use the subject line "Privacy Appeal" and identify the prior request. We may verify identity, authority, account relationship, and residency before acting. If AB POS processes the information solely for a merchant or partner, we may direct the request to that organization or assist it as required by contract and law.

Marketing Communications. You may unsubscribe from promotional email through the link included in the message or by contacting us. Transactional, security, account, order, or service communications may continue when necessary. SMS practices may be governed by a separate SMS Privacy Policy and SMS Terms of Service.

12. Children and Minors

The corporate, merchant, partner, and authenticated portal functions are not directed to children. AB GO Eats ordering functions are intended to facilitate transactions with participating merchants and are not designed to collect children's information for targeted advertising. We do not knowingly sell sensitive personal data or knowingly process personal data of individuals we know or should know are under eighteen (18) for targeted advertising where prohibited by applicable law. A parent or guardian who believes a child submitted personal information may contact info@abpos.com.

13. External Services and Merchant Environments

Digital Properties may link to, embed, or integrate with merchant websites, delivery providers, social networks, payment services, financial institutions, and other external services. Their privacy practices are governed by their own notices. Participating merchants control many aspects of their customer relationships, menus, orders, loyalty programs, communications, and employee information and may be independently responsible for privacy compliance.

14. International and Cross-Border Processing

AB POS and its service providers may process information in the United States and other locations where they operate. Privacy and data-protection laws may differ across jurisdictions. Where legally required, AB POS will use an authorized transfer mechanism or contractual protection appropriate to the processing. Individuals outside the United States should review any location-specific notice presented with the applicable service.

15. Corporate Governance and Policy Changes

Responsibility for this Policy may involve AB POS privacy, legal, compliance, information-security, operations, human-resources, marketing, and technology functions. Material new processing should be evaluated for purpose, minimization, notice, consent, vendor, security, retention, and regulatory requirements. AB POS may periodically review privacy controls, provider relationships, access, retention, and disclosures.

We may revise this Policy to reflect changes in law, technology, services, business practices, or corporate structure. The revised version will be posted on the applicable Digital Properties with an updated date. When required, we will provide additional notice or obtain consent before a material change applies.

16. Contact Us

Questions, privacy requests, appeals, or complaints may be directed to:

AB POS Solutions, Inc.
Privacy Department
Email: info@abpos.com
Website: https://abpos.com