PRIVACY STATEMENT

AB POS Solutions, Inc.
NUV POS | AB GO | orb1

Effective Date: July 16, 2026 | Last Updated: July 16, 2026

This Privacy Statement applies to the websites, products, platforms, applications, hardware, software, and services owned or operated by AB POS Solutions, Inc.

1. Introduction and Scope

This Privacy Statement describes how AB POS Solutions, Inc. ("AB POS," "we," "us," or "our") collects, uses, discloses, retains, and protects personal information in connection with its websites, products, platforms, hardware, software, applications, and related services, including those offered under the NUV POS, AB GO, and orb1 brands (collectively, the "Services").

AB POS Solutions, Inc. is the legal entity that owns and operates NUV POS, AB GO, and orb1. NUV POS, AB GO, and orbl are brands, products, platforms, or services owned by AB POS Solutions, Inc. and are not separate legal entities unless expressly stated otherwise.

This Privacy Statement primarily applies to:

  • Merchants: businesses that have expressed interest in, applied for, or contracted to use the Services;
  • Merchant Personnel: owners, officers, employees, contractors, and authorized users of Merchants who access or use the Services;
  • Guests: individuals who interact with Merchants through the Services, including by placing orders, making purchases, joining loyalty programs, receiving digital receipts, or using pickup, delivery, gift card, mobile ordering, or order-and-pay functionality;
  • Business Partners: resellers, independent sales organizations, integration partners, vendors, and other commercial partners; and
  • Website and Application Users: individuals who visit our websites, including https://nuvpos.com, or use our mobile or web applications.

Merchants are independent businesses and may maintain their own privacy notices and practices. When AB POS processes personal information on behalf of a Merchant, the Merchant may be responsible for determining why and how that information is processed. Questions concerning a Merchant's independent privacy practices should be directed to that Merchant.

2. Definitions

"Personal information" or "personal data" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to an identified or identifiable individual or household. It does not include information that is lawfully considered public, aggregated, or deidentified under applicable law.

"Sensitive personal information" may include government identification numbers, account credentials, precise geolocation, financial account information, racial or ethnic origin, disability information, and other information classified as sensitive under applicable law.

"Services" includes, as applicable:

  • point-of-sale systems and related hardware and software;
  • payment processing and payment-related services;
  • application programming interfaces and integrations;
  • online ordering, pickup, delivery, mobile ordering, order-and-pay, gift card, and loyalty services;
  • customer relationship management, marketing, reporting, and analytics tools;
  • merchant, employee, administrative, and partner portals and applications;
  • payroll, team management, financing, card, or financial products when expressly offered by AB POS or an identified business partner; and
  • support, implementation, training, security, fraud prevention, and related operational services.

3. Personal Information We Collect

The personal information we collect depends on your relationship with AB POS, the Services used, and applicable legal requirements.

A. Merchants and Business Partners

We may collect:

  • name, business name, title, and contact information;
  • business and mailing addresses;
  • date of birth and identity-verification information;
  • taxpayer identification, Social Security, passport, driver's license, or other government identification information when required for underwriting, compliance, or identity verification;
  • ownership, control, and beneficial-owner information;
  • bank account and payment information;
  • merchant application, processing, transaction, settlement, chargeback, and account information;
  • business financial, credit, risk, and underwriting information;
  • contracts, applications, electronically accepted records, and support communications;
  • device, equipment, license, configuration, and usage information; and
  • information related to integrations, reseller relationships, or partner accounts.

B. Merchant Personnel

Depending on the Services selected by the Merchant, we may collect:

  • name, email address, phone number, address, and employee identification number;
  • username, password or authentication credentials, permissions, and access records;
  • job title, role, wage rate, salary, hours worked, scheduling, timekeeping, and performance-related operational data;
  • transaction, order, tip, refund, void, and register activity associated with the user;
  • Social Security or other government identification number;
  • banking and payroll information;
  • tax documentation;
  • benefits, dependent, and beneficiary information;
  • driver's license information;
  • professional and educational history; and
  • demographic information when collected for a lawful and disclosed purpose.

The Merchant determines which workforce-related modules it activates and may independently collect or control additional employee information.

C. Guests

When you interact with a Merchant through the Services, we may collect:

  • name and contact information;
  • delivery, billing, or general location information;
  • order, purchase, transaction, refund, and payment method information;
  • account and profile information;
  • loyalty enrollment, points, offers, and redemption history;
  • gift card information;
  • pickup or delivery information, including vehicle information voluntarily provided for curbside pickup;
  • preferences, feedback, and customer-support communications; and
  • device, application, website, cookie, and usage information.

Payment card information may be submitted through the Services and transmitted to payment processors or financial institutions. Depending on the applicable payment configuration, AB POS may receive tokens, masked account numbers, authorization results, transaction identifiers, or related payment records. AB POS does not retain card security codes after authorization. Payment information is handled in accordance with applicable contractual, legal, and payment-card security requirements.

D. Websites, Applications, and Communications

We may collect information you provide when you:

  • request information, a demonstration, support, or training;
  • complete a form or application;
  • create an account;
  • subscribe to communications;
  • communicate with sales, support, billing, compliance, or other personnel; or
  • participate in a survey, promotion, or event.

This information may include your name, company, title, email address, telephone number, message content, and related records.

E. Information Collected Automatically

When you use our websites, applications, devices, or online Services, we may automatically collect:

  • device type, model, identifiers, and operating system;
  • browser type, settings, and language;
  • IP address and approximate location derived from it;
  • application, page, feature, and interaction activity;
  • referring and destination pages;
  • diagnostic, crash, security, and performance data;
  • date, time, duration, and frequency of use;
  • advertising or similar identifiers, where permitted; and
  • transaction and purchase activity associated with the Services.

With permission or when required to provide a requested feature, we may collect location information using GPS, Bluetooth, cellular, or Wi-Fi technologies. Device or browser settings may allow you to limit location access.

F. Information From Other Sources

We may receive personal information from:

  • Merchants and their authorized personnel;
  • payment processors, financial institutions, card networks, and service providers;
  • resellers, independent sales organizations, integration partners, and other business partners;
  • identity verification, fraud prevention, sanctions screening, credit reporting, and underwriting providers;
  • delivery, online-ordering, loyalty, marketing, and analytics providers;
  • government agencies and public records; and
  • social media platforms or other public sources when you interact with us through those services.

4. How We Use Personal Information

We may use personal information to:

  • provide, operate, maintain, configure, and support the Services;
  • process orders, payments, refunds, settlements, disputes, and related transactions;
  • establish, administer, authenticate, and secure accounts;
  • evaluate merchant applications and determine eligibility for Services;
  • verify identity, ownership, authority, banking information, and compliance status;
  • communicate about transactions, purchases, accounts, support requests, service changes, and security matters;
  • provide implementation, updates, maintenance, training, and technical support;
  • detect, investigate, mitigate, and prevent fraud, unauthorized activity, security incidents, and prohibited conduct;
  • comply with payment-network rules, underwriting requirements, contracts, legal obligations, court orders, and governmental requests;
  • conduct accounting, auditing, billing, collections, reporting, risk management, and business operations;
  • troubleshoot, analyze, develop, test, and improve the Services;
  • create aggregated or deidentified information;
  • personalize features and experiences;
  • provide marketing communications and measure their effectiveness, subject to applicable law and your choices;
  • establish, exercise, or defend legal claims; and
  • complete a merger, financing, acquisition, reorganization, sale, or other corporate transaction.

We limit the collection, use, and retention of personal information to what is reasonably necessary and proportionate for disclosed purposes, subject to applicable law.

5. How We Disclose Personal Information

We may disclose personal information to:

  • Merchants and authorized Merchant Personnel when necessary to provide the Services;
  • payment processors, acquiring banks, sponsoring banks, card networks, financial institutions, and fraud-prevention providers;
  • hosting, cloud, software, security, communications, analytics, customer-support, and other service providers;
  • payroll, benefits, employment, delivery, online ordering, gift card, loyalty, financing, and integration partners when the applicable Service is used;
  • resellers, independent sales organizations, agents, and business partners supporting the Merchant relationship;
  • professional advisers, auditors, insurers, accountants, and legal counsel;
  • law enforcement, regulators, courts, governmental authorities, or other parties when disclosure is required or permitted by law;
  • an acquiring or successor organization in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets; and
  • other parties at your direction or with your consent.

We may disclose aggregated or deidentified information that cannot reasonably be linked to an individual. We require recipients of deidentified information to maintain it in deidentified form when required by law.

AB POS does not sell personal information for money. Certain advertising, analytics, or cookie-related disclosures may nevertheless be considered a "sale," "sharing," or use for targeted advertising under some state privacy laws. Where applicable, you may exercise the opt-out rights described below.

6. Cookies and Similar Technologies

AB POS and authorized third parties may use cookies, pixels, software development kits, web beacons, local storage, and similar technologies to:

  • operate and secure websites and applications;
  • authenticate users and maintain sessions;
  • remember settings and preferences;
  • detect fraud and technical problems;
  • measure performance and usage;
  • improve products and content; and
  • support analytics, marketing, or advertising where permitted.

Cookies may be session-based or persistent and may be placed by AB POS or a third party. Browser settings may allow you to block or delete cookies, but disabling necessary cookies may prevent certain features from functioning. Where required, we provide additional controls for nonessential cookies and recognize legally valid opt-out preference signals, including Global Privacy Control, as applicable.

7. Sensitive Personal Information

We use sensitive personal information only for legitimate and disclosed purposes, including providing requested Services, processing payments, administering payroll when applicable, verifying identity, preventing fraud, maintaining security, and complying with law. We do not use or disclose sensitive personal information to infer characteristics about an individual except as permitted by law or with valid consent.

Where applicable law provides a right to limit certain uses or disclosures of sensitive personal information, instructions for exercising that right are provided in Section 11.

8. Data Retention

We retain personal information only for as long as reasonably necessary for the purposes described in this Privacy Statement, including:

  • the duration of the customer, user, partner, or employment-related service relationship;
  • transaction processing, settlement, reconciliation, chargeback, and dispute periods;
  • tax, accounting, audit, anti-fraud, anti-money-laundering, payment-network, and regulatory requirements;
  • enforcement of contracts and collection of amounts due;
  • security, incident response, and prevention of abuse; and
  • establishment, exercise, or defense of legal claims.

Retention periods vary based on the type of information, the Service involved, applicable contracts, legal requirements, and operational necessity. When information is no longer required, we delete, deidentify, or securely dispose of it in accordance with applicable policies and law.

9. Security

We maintain administrative, technical, physical, and organizational safeguards designed to protect personal information against unauthorized access, acquisition, disclosure, alteration, destruction, or loss. These safeguards may include access controls, encryption, authentication, monitoring, incident-response procedures, employee training, vendor oversight, and security testing appropriate to the nature of the information and Services.

No system, network, transmission, or storage method is completely secure. Accordingly, we cannot guarantee absolute security. Users are responsible for protecting their credentials and promptly notifying AB POS of suspected unauthorized access.

10. Children

The Services are not directed to children under 13, and AB POS does not knowingly collect personal information online directly from children under 13 without legally required parental consent. If we learn that we collected such information in violation of applicable law, we will take appropriate steps to delete it.

A parent or legal guardian who believes a child under 13 provided personal information to AB POS may contact us using Section 14. Additional protections may apply to individuals under 16 under certain state laws.

11. Privacy Rights and Choices

Depending on your state or country of residence and subject to applicable exceptions, you may have the right to:

  • confirm whether we process your personal information;
  • access or obtain a copy of personal information;
  • correct inaccurate personal information;
  • request deletion of personal information;
  • obtain certain information in a portable format;
  • opt out of the sale or sharing of personal information;
  • opt out of targeted advertising;
  • opt out of certain profiling or automated decisions producing legal or similarly significant effects;
  • limit certain uses or disclosures of sensitive personal information;
  • withdraw consent where processing depends on consent; and
  • appeal a decision concerning a privacy request.

You may also unsubscribe from marketing email by using the unsubscribe link included in the communication. Transactional, security, account, billing, or service-related communications may continue when necessary.

To submit a privacy request, use the contact information in Section 14 and clearly identify the right you wish to exercise. We may need to verify your identity and authority before completing a request. An authorized agent may submit a request where permitted by law, subject to verification of the agent's authority and the consumer's identity.

We will respond within the period required by applicable law. If we deny a request, we will provide the reason and information about any available appeal process. We will not unlawfully discriminate against you for exercising a privacy right.

If AB POS processes your information solely on behalf of a Merchant, we may direct your request to that Merchant or assist the Merchant in responding.

12. United States State-Specific Disclosures

A. California

This section supplements the rest of this Privacy Statement for California residents and applies only when AB POS is subject to the California Consumer Privacy Act, as amended ("CCPA"), for the relevant processing activity.

During the preceding 12 months, AB POS may have collected the categories of personal information described below:

  • identifiers, including names, contact details, account credentials, IP addresses, government identifiers, and device identifiers;
  • customer records and information described in California Civil Code Section 1798.80;
  • protected classification information when provided for payroll, employment-related services, or another lawful purpose;
  • commercial information, including transaction, order, purchase, and loyalty history;
  • internet or electronic network activity;
  • geolocation information;
  • audio, electronic, visual, or similar information, including support calls or submitted recordings when applicable;
  • professional or employment-related information;
  • education information when provided for employment-related services;
  • inferences generated from other information; and
  • sensitive personal information, including government identifiers, account credentials, financial account information, precise geolocation where collected, racial or ethnic origin, and other information classified as sensitive by law.

The sources, purposes, and categories of recipients for this information are described in Sections 3 through 5. The retention criteria are described in Section 8.

AB POS does not sell personal information for money. However, some disclosures involving advertising or analytics technologies may constitute "sharing" or a "sale" under the CCPA. California residents may opt out of applicable sale or sharing and may use Global Privacy Control where supported and legally required.

AB POS does not knowingly sell or share the personal information of consumers under 16 without the affirmative authorization required by law.

California residents may exercise the rights to know, access, correct, delete, opt out of sale or sharing, limit certain uses of sensitive personal information, and receive nondiscriminatory treatment, subject to applicable exceptions. Requests may be submitted as described in Section 11.

California's "Shine the Light" law may provide California residents with additional rights concerning certain disclosures for third parties' direct marketing purposes. Requests may be submitted using Section 14.

B. Maryland

This section applies to Maryland residents when AB POS is subject to the Maryland Online Data Privacy Act for the relevant processing activity.

Subject to applicable exceptions, Maryland residents may have the right to access, correct, delete, and obtain a portable copy of personal data, and to opt out of targeted advertising, sale of personal data, and certain profiling. Residents may also designate an authorized agent for certain opt-out requests and may appeal a denied request.

AB POS processes sensitive data only as permitted by applicable Maryland law and obtains consent where legally required. Requests may be submitted as described in Sections 11 and 14.

C. Other U.S. States

Residents of other states may have similar or additional rights. AB POS will process eligible requests in accordance with the law applicable to the requester and the relevant processing activity.

13. International Users

AB POS is based in the United States. If you access the Services from outside the United States, your information may be transferred to, stored in, or processed in the United States or another jurisdiction where AB POS or its service providers operate. Applicable safeguards will be used where required by law.

The availability of the Services and the applicability of foreign privacy laws depend on the specific product, customer relationship, location, and processing activity. Individuals entitled to rights under applicable non-U.S. law may contact AB POS as described below.

14. How to Contact Us

Questions, complaints, and privacy requests may be submitted to:

AB POS Solutions, Inc.
Privacy Department
Website: https://nuvpos.com

Please use the contact method provided on the website and include "Privacy Request" in the subject or description. Do not include Social Security numbers, complete payment card numbers, passwords, or other highly sensitive information in an unencrypted message.

15. Changes to This Privacy Statement

We may update this Privacy Statement to reflect changes in the Services, business practices, technology, or applicable law. The "Last Updated" date indicates when the Statement was most recently revised. When legally required, we will provide additional notice or obtain consent before a material change takes effect.

Your continued use of the Services after an updated Privacy Statement becomes effective constitutes acknowledgment of the updated Statement to the extent permitted by law. This provision does not limit any consent or notice right that cannot legally be waived.