Flawless Retail LLC ("Flawless POS," "we," "us," or "our") provides a cloud-based retail and wholesale platform for jewelry businesses, including point-of-sale (POS), inventory, e-commerce, wholesale/B2B, customer relationship management (CRM), marketing, reporting, integrated payment processing, hardware/RFID support, and AI-powered tools (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, and safeguard personal information through our website at flawlessretail.com and through the Services.
SECTION 01Our two roles: controller and processor
We handle personal information in two distinct capacities:
- As a controller — for personal information about our website visitors and about the businesses and individuals who create and manage Flawless POS accounts (our "Customers," typically jewelry retailers and wholesalers), and their billing and support interactions.
- As a processor / service provider — for personal information that our Customers collect from their own customers ("Merchant Customer Data") and load into or generate within the Services. For that data, the Customer is the controller and we process it on the Customer's behalf under our agreement and applicable Data Processing Addendum.
SECTION 02Information we collect
a. Information Customers provide to us
Business and contact details (name, business name, email, phone, address), account credentials, billing details, and the content of support and other communications.
b. Merchant Customer Data processed on behalf of Customers
Depending on how a Customer configures the Services, this may include end-customer names and contact details; purchase, order, repair, layaway, memo, and transaction history; custom profile fields (for example, ring size, metal preferences, birthdays, and anniversaries); wish lists; loyalty data; uploaded images; images of government-issued identification (such as a driver's license) or business cards captured by the Customer (for example, to support chargeback evidence); and communications content, including emails, SMS/text messages, call recordings, transcripts, and AI-generated summaries.
c. Payment information
Card payments are processed through PCI-DSS-compliant third-party payment processors (for example, Clearent by Xplor) and supported hardware (for example, PAX terminals) and online gateways. Card data is handled and tokenized by the processor; we do not store full payment card numbers on our systems and receive only limited transaction metadata needed to operate the Services.
d. E-commerce and website data
Orders, shipping and billing addresses, and information collected automatically when you visit our website or a Customer storefront (see Cookies, below).
e. Information collected automatically
Device and usage data, IP address, browser type, operating system, referring/exit pages, log data, and similar information collected through cookies and comparable technologies.
f. Information from integrations and third parties
Data from services a Customer connects, such as accounting (QuickBooks Online), shipping and insurance (for example, JM Shipping, JM Care Plan), social catalog (Facebook/Instagram), fraud and tax tools, and the payment processor.
g. Location data
Approximate location derived from IP address; if a Customer enables store-locator or delivery features, more precise location data may be processed at the end customer's direction.
SECTION 03How we use information
We use personal information to:
- Provide, operate, and maintain the Services and process sales, orders, and payments;
- Provide customer support and manage accounts, subscriptions, and billing;
- Develop, improve, and secure the Services and prevent fraud and support loss prevention;
- Personalize experiences and surface relevant recommendations within the platform;
- Manage loyalty and rewards programs configured by our Customers;
- Conduct analytics and business improvement activities;
- Send service and (where permitted) marketing communications;
- Power optional AI features (see Section 5); and
- Comply with legal obligations and enforce our agreements.
SECTION 04Cookies and tracking technologies
We and our providers use cookies and similar technologies for essential functionality, preferences, analytics, and (where applicable) marketing. Categories include:
- Strictly necessary — required for the site and Services to function (authentication, security, load balancing).
- Preferences — remember your settings and choices.
- Analytics — help us understand how visitors use our site (for example, Google Analytics).
- Marketing — used by us or our partners to measure campaign effectiveness and, where applicable, deliver tailored advertising.
You can manage cookies through your browser controls and any cookie preference tools we provide. Disabling certain cookies may affect site functionality.
SECTION 05AI-powered features
When a Customer uses AI features (such as the AI assistant for plain-language questions, photo-to-inventory, AI product photography, AI-assisted marketing content, and call recording summaries/transcripts), relevant data may be processed by third-party AI providers (for example, Anthropic and OpenAI) under their terms and our agreements with them, which contractually restrict provider use of the data for training general models. AI outputs may be inaccurate or incomplete and should be reviewed before use.
SECTION 06SMS / text messaging
Where the Services are used to send text messages, or where we text you (for example, verification codes or service notices), message frequency varies, and message and data rates may apply. You can reply STOP to opt out at any time and HELP for help.
Mobile opt-in data and consent are not shared with third parties or affiliates for their own marketing purposes. Carriers are not liable for delayed or undelivered messages.
Customers using SMS features within the Services are responsible for obtaining all required consents (including TCPA-compliant prior express written consent for marketing messages) before messaging their end customers, and for honoring opt-out requests promptly.
SECTION 07Email marketing
We may send promotional emails about Flawless POS to Customers and prospects who have opted in or have an existing business relationship with us, consistent with the CAN-SPAM Act. Every marketing email includes an unsubscribe link and our physical mailing address. To opt out, click the unsubscribe link in any email or email privacy@flawlesspos.com. We will honor opt-out requests within 10 business days. Transactional and service messages (billing, security, account changes) will continue regardless of marketing preferences.
SECTION 08Call recording
The Services support recording, transcription, and summarization of calls. Where calls are recorded, applicable law may require notice to or consent from participants (some U.S. states are "two-party consent" jurisdictions). Customers are responsible for providing any legally required notices and obtaining any required consents from the individuals they communicate with. When we record calls with our own Customers (for example, support calls), we provide notice at the start of the call.
SECTION 09How we share information
We share personal information with:
- Service providers and subprocessors that help us operate the Services (cloud hosting, payment processing, email/SMS delivery, AI providers, shipping/insurance, analytics, fraud prevention, and tax) under written contracts that restrict use of the information.
- Our Customers, where we process Merchant Customer Data on their behalf.
- Third-party integrations a Customer enables (such as QuickBooks Online, JM Shipping, Facebook/Instagram catalog).
- Authorities or others where required by law, subpoena, or to protect rights, property, or safety.
- In connection with a business transaction such as a merger, acquisition, financing, or sale of assets, in which case we will require the recipient to honor this Privacy Policy or notify you of any changes.
We do not sell personal information for money, and we do not "share" personal information for cross-context behavioral advertising as those terms are defined under California law.
SECTION 10Data retention
We retain personal information for as long as needed to provide the Services, maintain accounts, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:
- Account & billing records: for the life of the account plus 7 years after termination to satisfy tax and accounting requirements.
- Merchant Customer Data: retained according to our agreement with the Customer. On account termination, Customers may export their data; we then delete or de-identify it within 90 days, unless a longer period is required by law.
- Support communications: typically retained for 3 years.
- Marketing data: retained until the recipient opts out, plus a suppression record to honor that choice.
- Backup copies: may persist on encrypted backups for up to 90 additional days after deletion from live systems.
SECTION 11Data security
We use administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit (TLS) and at rest, role-based access controls, two-factor authentication for administrative access, audit logging, network segmentation, vulnerability scanning, PCI-DSS-aligned payment handling through our processors, and documented incident response and system recovery procedures. We restrict access to personal information to personnel who need it to perform their job duties.
No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your credentials confidential and notifying us promptly of any suspected unauthorized access.
SECTION 12International data transfers
The Services are operated from and intended primarily for use in the United States. If you access the Services from outside the United States, your information will be transferred to, stored, and processed in the United States and other jurisdictions where our service providers operate. Where required, we rely on appropriate transfer mechanisms (such as the European Commission's Standard Contractual Clauses and the UK Addendum) and implement supplementary safeguards consistent with applicable law.
SECTION 13Your privacy rights and choices
Depending on where you live, you may have rights to access, correct, delete, or port your personal information, and to opt out of certain processing. Rights include:
- Access & portability — obtain a copy of the personal information we hold about you in a portable format.
- Correction — request that we correct inaccurate or incomplete information.
- Deletion — request that we delete personal information, subject to legal exceptions.
- Opt-out — opt out of marketing communications and, where applicable, sale/sharing or targeted advertising.
- Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior lawful processing.
- Non-discrimination — we will not discriminate against you for exercising your privacy rights.
How to exercise your rights: contact us using Section 18. We will verify requests and respond within the timeframes required by law (generally 45 days for U.S. state law requests). Authorized agents may submit requests on your behalf where permitted.
EEA / UK (GDPR), where applicable
Where GDPR or UK GDPR applies, our legal bases for processing include contract performance, legitimate interests (operating and improving the Services, fraud prevention), consent (where collected), and compliance with legal obligations. You have rights of access, rectification, erasure, restriction, portability, and objection, and the right to lodge a complaint with a supervisory authority.
SECTION 14California privacy rights (CCPA / CPRA)
If you are a California resident, you have rights to know, access, delete, correct, opt out of sale/sharing, and limit the use of sensitive personal information, plus the right to non-discrimination for exercising these rights.
Categories collected in the last 12 months: identifiers; commercial information; internet/network activity; geolocation (approximate); professional/employment-related information (for our Customers); and inferences drawn from the foregoing. Categories of sensitive personal information may include account log-in credentials and, where collected by our Customers, government identifier images.
Sale/sharing: we do not sell personal information for monetary consideration and do not share it for cross-context behavioral advertising. We do not knowingly sell or share the personal information of consumers under 16.
To exercise California rights, email privacy@flawlesspos.com with the subject line "California Privacy Request."
SECTION 15Children's privacy
The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13 in violation of the Children's Online Privacy Protection Act (COPPA). If we learn that we have collected personal information from a child under 13 without verified parental consent, we will delete it. Parents or guardians who believe their child has provided personal information to us should contact us at privacy@flawlesspos.com.
SECTION 16Third-party links and services
Our website and the Services may link to or integrate with third-party sites and services that have their own privacy practices. We are not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy policies of every third-party service you use.
SECTION 17Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes to our practices, the Services, or applicable law. We will post the updated version with a new "Last updated" date. For material changes, we will provide additional notice as required by law (for example, by email to account administrators or by a prominent notice within the Services). Your continued use of the Services after the effective date constitutes acceptance of the revised policy.
SECTION 18Contact us
Questions, concerns, or privacy requests? We are here to help.
Flawless Retail LLC — Privacy Office
For data-processing terms, business Customers may request our Data Processing Addendum (DPA).
1 Willow Bridge Rd, CS6
Vail, CO 81657, United States