Privacy Policy

Effective Date: February 5, 2026

Last Updated: February 5, 2026

1. Introduction

FornaxLink, LLC ("FornaxLink," "we," "us," or "our") operates the Tavvi point-of-sale platform and consumer mobile application (collectively, the "Service"). This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and ensuring the security of your personal information. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily provide when using our Service, including:

  • Account Information: Name, email address, phone number, business name, and password when you create an account
  • Business Information: Business address, tax identification numbers, bank account details, and merchant verification documents
  • Payment Information: Credit card numbers, debit card numbers, bank account information, and billing addresses processed through our secure payment partners
  • Transaction Data: Purchase history, order details, refund requests, and payment records
  • Communications: Customer support inquiries, feedback, and correspondence with us
  • Employee Data: For merchant users, information about staff members including names, roles, work schedules, and compensation details

2.2 Information Collected Automatically

When you access our Service, we automatically collect certain information, including:

  • Device Information: Device type, operating system, unique device identifiers, browser type, and mobile network information
  • Usage Data: Pages visited, features used, time spent on the Service, and interaction patterns
  • Location Data: Approximate location based on IP address, and precise location if you grant permission for store locator features
  • Log Data: IP address, access times, referring URLs, and system activity

2.3 Information from Third Parties

We may receive information from third parties, including:

  • Payment processors (Stripe) for transaction verification and fraud prevention
  • Identity verification services for merchant onboarding
  • Analytics providers for Service improvement
  • Social media platforms if you choose to link your accounts

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Operations

  • Process payments and facilitate transactions between merchants and customers
  • Create and manage your account
  • Provide customer support and respond to inquiries
  • Enable loyalty programs, rewards, and promotional offers
  • Generate sales reports, analytics, and business insights for merchants

3.2 Security and Compliance

  • Detect, prevent, and investigate fraud, unauthorized access, and other illegal activities
  • Verify merchant identity and business legitimacy
  • Comply with legal obligations, including tax reporting and anti-money laundering requirements
  • Enforce our Terms of Service and other agreements

3.3 Service Improvement

  • Analyze usage patterns to improve features and user experience
  • Develop new products, services, and functionality
  • Conduct research and analytics
  • Test and troubleshoot new features

3.4 Communications

  • Send transactional messages (receipts, order confirmations, account updates)
  • Provide security alerts and important notices
  • Send marketing communications (with your consent where required)
  • Deliver push notifications for order updates and promotions

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 With Service Providers

We share information with third-party service providers who perform services on our behalf, including:

  • Payment Processors: Stripe processes payments and is subject to their own privacy policies
  • Cloud Infrastructure: Google Cloud Platform and Firebase for data storage and processing
  • Communication Services: Twilio for SMS notifications and email providers for transactional messages
  • Analytics: Service usage analytics to improve our platform

4.2 With Merchants and Customers

  • Customer information is shared with merchants to fulfill orders and provide services
  • Merchant business information is displayed to customers for store discovery
  • Transaction history is accessible to both parties involved in a transaction

4.3 For Legal Purposes

We may disclose information when we believe disclosure is necessary to:

  • Comply with applicable laws, regulations, or legal processes
  • Respond to lawful requests from government authorities
  • Protect the rights, property, or safety of FornaxLink, our users, or others
  • Investigate potential violations of our Terms of Service

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any change in ownership or control of your personal information.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption
  • PCI DSS Compliance: Our payment processing adheres to Payment Card Industry Data Security Standards
  • Access Controls: Role-based access controls and multi-factor authentication for sensitive systems
  • Security Monitoring: Continuous monitoring for unauthorized access and security threats
  • Regular Audits: Periodic security assessments and vulnerability testing

While we strive to protect your information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to implementing and maintaining appropriate safeguards.

6. Data Retention

We retain your information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law:

  • Active Accounts: Account information is retained while your account is active
  • Transaction Records: Financial records are retained for 7 years for tax and legal compliance
  • Deleted Accounts: Upon account deletion, personal data is removed within 90 days, except where retention is required by law
  • Anonymized Data: We may retain anonymized, aggregated data indefinitely for analytics purposes

7. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

7.1 Access and Portability

You have the right to request a copy of the personal information we hold about you in a portable format.

7.2 Correction

You may update or correct inaccurate information through your account settings or by contacting us.

7.3 Deletion

You may request deletion of your personal information, subject to legal retention requirements. Some information may need to be retained for legal compliance, fraud prevention, or to complete transactions.

7.4 Opt-Out Rights

  • Marketing Communications: You can unsubscribe from marketing emails using the link in each email or through account settings
  • Push Notifications: Disable through your device settings
  • Location Services: Disable precise location access through your device settings

7.5 Do Not Track

Our Service does not currently respond to "Do Not Track" browser signals. We do not track users across third-party websites.

8. California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request disclosure of the categories and specific pieces of personal information collected about you
  • Right to Delete: Request deletion of personal information, subject to certain exceptions
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out: We do not sell personal information, so no opt-out is required
  • Right to Limit Use: Limit the use of sensitive personal information to what is necessary for the Service
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at privacy@fornaxlink.com. We will verify your identity before processing your request.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws than your country.

When we transfer data internationally, we implement appropriate safeguards, including:

  • Standard Contractual Clauses approved by relevant authorities
  • Data processing agreements with service providers
  • Compliance with applicable data transfer frameworks

10. Children's Privacy

Our Service is not directed to children under 13 years of age (or 16 in certain jurisdictions). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@fornaxlink.com, and we will take steps to delete such information.

11. Third-Party Links and Services

Our Service may contain links to third-party websites, services, or applications. This Privacy Policy does not apply to those third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access.

12. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information and improve our Service:

  • Essential Cookies: Required for basic Service functionality (authentication, security)
  • Analytics Cookies: Help us understand how users interact with our Service
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Disabling certain cookies may affect Service functionality.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you via email or through the Service
  • Provide prominent notice for significant changes

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

FornaxLink, LLC

Email: privacy@fornaxlink.com

General Inquiries: support@fornaxlink.com

For California residents: You may also designate an authorized agent to submit requests on your behalf. The authorized agent must provide written proof of authorization.