← Back to ACOS

Privacy Policy

Last updated: June 1, 2026

1. Who We Are

Automata Global (OneAutomata) operates ACOS (Automata Commerce OS), an AI-native Point of Sale and Commerce Operating System. We are committed to protecting your personal data in compliance with applicable privacy laws including GDPR, CCPA, and the laws of Costa Rica.

Data controller: Automata Global · privacy@oneautomata.com

2. Data We Collect

We collect the following categories of data:

  • Account data: email address, business name, country, and role used during registration
  • Transaction data: sales records, products sold, payment methods, and amounts — necessary to operate the POS
  • Inventory data: product catalog, stock levels, and purchase orders you create
  • Customer data: customer names, phone numbers, and purchase history you enter
  • Usage data: feature usage, session duration, and error logs for platform improvement
  • Device data: browser type, operating system, and IP address for security and analytics

3. How We Use Your Data

We use your data to:

  • Provide and operate the ACOS platform
  • Generate AI-powered insights, inventory predictions, and business intelligence
  • Send transactional communications (receipts, security alerts)
  • Improve the platform using anonymized, aggregated usage data
  • Comply with legal obligations and prevent fraud

We do not sell your personal data to third parties. We do not use your transaction or customer data to train public AI models.

4. AI Features and Data Processing

ACOS uses AI to provide features like natural language queries, inventory forecasting, and product recommendations. These AI features process your business data locally within your account context. AI queries are sent to Anthropic's Claude API with data scoped strictly to your organization. Anthropic's data usage policies apply to these interactions.

5. Data Sharing

We share data only with:

  • Supabase: database and authentication infrastructure (EU/US data centers)
  • Anthropic: AI query processing for the ACOS AI assistant
  • Symbiotic: payment processing for NFC and tap-to-pay transactions
  • Google Cloud Platform: hosting infrastructure

All processors are bound by data processing agreements.

6. Data Retention

We retain transaction data for 7 years to comply with tax regulations. Account data is retained while your account is active. Upon account deletion, personal data is purged within 30 days; anonymized transaction records may be retained for regulatory compliance.

7. Your Rights

Depending on your jurisdiction, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data (right to be forgotten)
  • Export your data in a portable format
  • Opt out of marketing communications at any time
  • Lodge a complaint with your local data protection authority

To exercise these rights, contact us at privacy@oneautomata.com. We respond within 30 days.

8. Cookies

ACOS uses strictly necessary cookies for authentication (session tokens) and locale preferences. We do not use advertising cookies. Analytics are privacy-first and anonymized.

9. Security

We use industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, row-level security on all business data, and regular security audits. To report a vulnerability, see our security.txt.

10. Changes to This Policy

We may update this Privacy Policy. Material changes will be notified by email at least 14 days before taking effect. The "Last updated" date at the top of this page reflects the most recent revision.

11. Contact

For privacy inquiries: privacy@oneautomata.com
For general support: contact page
Automata Global · San José, Costa Rica