Derah
Product

Web-Based POS

Dedicated page for hardware-agnostic terminal.

Online Webstore

Dedicated page for the eCommerce & BYO payment features.

The Sync Ecosystem

Dedicated page explaining the Configure Once, Sync Everywhere technology.

Solutions

For Restaurants

Tailored features for full-service dining.

For Coffee Shops

Optimized flows for quick-service and cafe operations.

IntegrationsPricing
Sign inSign Up
Legal

Privacy Policy

Effective 27 May 2026 · Last updated 27 May 2026

Derah(“Derah”, “we”, “us”) provides a point-of-sale (POS) operating system for restaurants and cafés in Kuwait. This policy explains how the Derah POS application(the “App”) handles information.

1. Two roles: who controls the data

Our platform involves two kinds of data, and our responsibility differs for each. This distinction is central to this policy.

A. Data we control — about the merchant and its staff.When a restaurant (“Merchant”) uses Derah, we collect a limited amount of information about the Merchant's business and the staff who operate the App. For this data, Derah is the controller.

B. Data we process on the Merchant's behalf — about the Merchant's own customers. When Merchant staff record an order or enrol a guest for loyalty, the App stores information the Merchant has chosen to collect about its own customers (for example, a name and phone number a cashier types in). For this data, the Merchant is the controller and Derah acts only as a processor, handling it under the Merchant's instructions and our agreement with the Merchant. The Merchant's own privacy notice governs how that data may be used. If you are a guest of a restaurant and have questions about your data, please contact that restaurant directly.

The App does notread your device's address book or contacts. Any customer information in the App is entered manually by Merchant staff.

2. Information we collect (as controller)

Account & identity. Business/terminal account email used to sign the terminal in; staff member identity; staff POS PINs (stored only as a salted one-way hash, never in plain text).

Device & technical data. Device model, operating-system version, app version, language, and network information (including local IP address) used to keep the terminal in sync and to discover receipt printers on the local Wi-Fi. Basic diagnostic and reliability information.

Support communications. Information you provide when you contact us for support.

Information we do NOT collect

  • Payment card data. The App does not process or store card data. Payments are taken on separate, certified payment terminals connected over the local network; card details never pass through the App.
  • Precise location, your device photos, your device contacts/address book, health data, or browsing history.
  • Advertising identifiers. We do not use them and we do nottrack you across other companies' apps or websites.

3. Information we process on the Merchant's behalf (as processor)

On the Merchant's instruction, the App stores and syncs the Merchant's business records, which may include:

  • Customer contact info the Merchant chooses to keep — typically a name and phone number — for loyalty, receipts, and attributing an order to a guest.
  • Order, catalog, inventory, and sales records.

We process this data solely to provide the service to the Merchant. We do not use it for our own purposes, do not sell it, and do not use it for advertising.

4. How we use information

  • Provide, operate, sync, and secure the POS service.
  • Authenticate terminals and staff.
  • Provide customer support.
  • Detect, prevent, and investigate fraud, abuse, and security incidents.
  • Comply with legal obligations.
  • Maintain and improve reliability and performance.

We do not sell personal data, and we do not use personal data for cross-app advertising or tracking.

5. Local-network access

The App scans the local Wi-Fi network to find compatible receipt printers and to send print jobs and cash-drawer commands to them. This communication stays on the local network between the tablet and the printer; it is not used to collect information about other devices.

6. How information is shared

  • Service providers that host and operate our infrastructure (e.g. cloud database, sync, and storage providers) under contractual confidentiality and data-protection obligations.
  • The Merchant, for data we process on its behalf.
  • Legal and safety — where required by law or to protect rights, safety, and the integrity of the service.
  • Business transfers — in connection with a merger, acquisition, or sale of assets, subject to this policy.

We do not sell personal information.

7. Data retention

We retain controller data for as long as the account is active and as needed to provide the service, then for any period required by law. Data we process on a Merchant's behalf is retained according to the Merchant's instructions and our agreement with the Merchant; on termination it is deleted or returned per that agreement.

8. Security

We protect information with encryption in transit (TLS/HTTPS), encryption of sensitive values at rest, hashed POS PINs, and access controls. Credentials stored on the device are kept in the platform's secure storage (Keychain / Keystore). No method of transmission or storage is 100% secure, but we work to protect your information.

9. Your choices and account management

Derah accounts are created and managed through the Derah web dashboard, not inside the App. To access, correct, or delete a Derah account or its data, sign in to the dashboard or submit a request by emailing info@derahkw.com. We will respond within the period required by applicable law.

If you are a guest/customer of a restaurant and want your data accessed or removed, please contact that restaurant (the controller of your data).

10. Children

The App is a business tool intended for restaurant staff. It is not directed to children and we do not knowingly collect personal information from children.

11. International transfers

We operate in Kuwait. Where data is processed or stored outside Kuwait by our infrastructure providers, we take steps to ensure it remains protected consistent with this policy and applicable law.

12. Changes to this policy

We may update this policy from time to time. Material changes will be reflected by updating the “Last updated” date and, where appropriate, by additional notice.

13. Contact

Derah
Email: info@derahkw.com