# GDPR & Data Compliance

Version: v0.6.0 Beta\
Date: 2026-02-20

## Data Types (Typical)

-   Transaction data (items, totals, payment method)
-   KlubKort account identifiers (card/searchkey) and balance
-   Operational logs (system / print agent)

## Processing Purpose

-   Completing sales and producing receipts
-   Maintaining customer account balance (KlubKort)
-   Basic operational auditing and troubleshooting

## Storage & Retention

-   Primary storage is local on the terminal
-   Hourly backups are created for recovery and reporting
-   Retention should be defined per event (recommended: minimum needed
    for accounting + troubleshooting)

## Security Controls

-   Offline-first design (no public POS exposure required)
-   Restricted access to SUADMIN and system accounts
-   Physical access control to the terminal is required
-   Secure tunnel recommended for backup transfer

## Recommendations for Operators

-   Restrict access to the terminal and admin panels
-   Keep Windows user accounts protected
-   Verify backups before/after events
-   Document retention period and deletion procedure