Privacy Policy

Effective date: May 9, 2026. This page describes the general public policy. Specific commercial agreements, implementation scopes and signed contracts may define additional terms.

How SABSUS handles data for business accounts, users, customers, orders, payments, documents and integrations.

Data we process

SABSUS may process company information, employee information, customer profiles, orders, products, services, stock operations, documents, payments, delivery addresses, communications, notifications, integrations and technical logs.

Why the data is used

Data is used to run the system: orders, CRM, bookings, inventory calculations, delivery, receipts, documents, analytics, support and security.

Payment data

Payment operations may be processed by external payment providers. SABSUS may store payment statuses, amounts, transaction identifiers, payment links and operational records, but should not store full bank card data.

Integrations

When email, calendar, payments, maps, telephony, delivery or other APIs are connected, the system may store the required integration settings, tokens or identifiers in a protected environment when needed for the feature to operate.

Storage and access

Access should be limited by roles, company permissions and assigned users. Customers and employees see only the sections required for their role and scenario.

Data deletion

A company or user may request deletion of data unless it conflicts with required operational, legal or accounting obligations. Use the Data Deletion or Account Deletion page for requests.

Contact

For privacy questions, contact support@sabsus.com.

Business customer data

In many SABSUS deployments, the business using the platform is the controller of its customer records, employee records and operational data. SABSUS acts as the platform that stores, organizes and processes those records so the business can operate its workflows. This can include customer names, phone numbers, email addresses, order history, delivery addresses, bonus points, deposit balances, documents, signatures, messages, tasks and preferences.

The business is responsible for collecting customer data lawfully and for explaining its own privacy practices to its customers when required. SABSUS provides the technical system for managing the workflow, but each business remains responsible for how it chooses to use customer information, which campaigns it sends, which employees have access and which external integrations are connected.

Security practices

Security may include role-based access, account authentication, protected server-side functions, limited visibility by interface, integration token handling, operational logging and separation between public customer flows and internal management screens. No operational platform can guarantee zero risk, but the system should be configured to reduce unnecessary exposure and keep sensitive actions server-side when appropriate.

Retention and exports

Business records may be retained while an account is active or while they are needed for receipts, accounting, dispute resolution, fraud prevention, legal requirements, security review or operational history. Before deletion, a business should export information it needs to keep, such as receipts, invoices, signed documents, reports and accounting records.

Customer communications and notifications

SABSUS may store communication preferences and message history so a business can understand what was sent, when it was sent and which customer or order it relates to. This can include operational messages, payment links, login links, order updates, reminders, marketing campaigns and support-related messages. Businesses should only send communications that are appropriate for their customer relationship and applicable consent requirements.

Analytics and operational reporting

Aggregated and operational data may be used to show dashboards, order totals, sales performance, payment method distribution, inventory alerts, customer activity and employee workload. These reports are intended to help the business operate more accurately. They should not be used to make decisions that violate applicable employment, consumer protection or privacy laws.

International processing

SABSUS may be used by businesses in different countries, and connected infrastructure or third-party services may process data in more than one jurisdiction. A business using SABSUS should consider the laws that apply to its own customers, employees, locations and payment operations.

Legal notice

This page is provided for transparency and does not replace a signed service agreement, order form, data processing agreement or implementation statement of work when one is used.