Privacy Policy

Last updated: June 22, 2026  ·  Thimi Solutions LLC  ·  Boston, MA

1. Who We Are

Thimi Solutions ("Thimi", "we", "our", or "us") is a software company headquartered in Boston, Massachusetts. We build and operate self-service POS kiosk systems, web applications, mobile apps, and data dashboards for small businesses.

This Privacy Policy describes how we collect, use, and share information about you when you use our website (thimisolutions.com), contact us for services, or use any of our software products.

2. Information We Collect

Information you provide directly through our contact forms:

  • Name — to personalize our response to your inquiry.
  • Email address — to send you our quote, follow-ups, and service communications.
  • Phone number or WhatsApp number — to contact you directly if our email does not reach you, or to communicate via WhatsApp at your preference. We will never use this number for unsolicited marketing.
  • Business name — to understand your context and tailor our proposal.
  • Project description — the details you share about your idea or service need.
  • Payment information processed through Stripe (we never store raw card data — Stripe is PCI-DSS compliant).
  • Business configuration data required to set up your POS kiosk (menu items, prices, business hours).

Information collected automatically:

  • Analytics data via Google Analytics 4 (GA4): page views, session duration, and general geographic region.
  • Browser type, device type, and operating system.
  • IP address (anonymized in GA4 configurations).
  • Preferred language (stored in your browser's localStorage — never sent to our servers).

3. How We Use Your Information

  • To respond to your quote requests and inquiries within 24 hours — by email and/or phone/WhatsApp.
  • To configure, deliver, and support your POS kiosk or other contracted services.
  • To process payments through Stripe for subscription billing.
  • To analyze website traffic and improve our content (via GA4).
  • To communicate service updates, maintenance, or security notices related to your account.

We do not sell your personal information to third parties. We do not use your data for advertising. We will never send you unsolicited messages to your phone number or WhatsApp.

4. Cookies & Local Storage

Our website uses cookies and browser storage to function properly and to understand how visitors interact with our site. We use no advertising cookies and no social media tracking pixels. Here is exactly what we use:

You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on. You can clear all cookies and localStorage at any time through your browser settings — this will reset your language preference and analytics tracking.

5. Data Storage and Security

Your contact and lead data is stored in Google Firebase (Firestore) on Google Cloud infrastructure in the United States. Firebase enforces encryption at rest and in transit (TLS/HTTPS).

A copy of each quote request is also logged in a private Google Sheet accessible only to Thimi Solutions staff. You will receive an email and/or WhatsApp confirmation that your request was received.

Firebase Security Rules enforce write-only access from our website — no external party can read, modify, or delete your data through our public API.

We will notify affected users within 72 hours of discovering any data breach affecting personal information.

6. Third-Party Services

7. Your Rights

  • Request access to the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data (processed within 30 days).
  • Withdraw consent for any communications at any time.
  • Request that we contact you only by email and not by phone/WhatsApp.

California residents have additional rights under the CCPA. We do not sell personal data. Contact us to exercise any of these rights.

8. Data Retention

We retain contact inquiry data (name, email, phone, business, project description) for up to 2 years. Business and order data for active subscribers is retained for the subscription period plus 1 year. You may request earlier deletion at any time.

9. Children's Privacy

Our services are not directed to children under 13. We do not knowingly collect personal information from children. Contact us immediately if you believe we have done so.

10. Data Processor vs. Data Controller (SaaS Kiosk Services)

Under modern privacy regulations like GDPR, CCPA/CPRA, and other applicable global standards, a distinction is made between entities that control data and those that process it on behalf of others:

  • Thimi as a Data Controller: We act as the Data Controller for personal data collected directly from visitors to our website (thimisolutions.com) and from our direct business clients (such as merchant billing, subscription management, contact inquiries, and customization details).
  • Thimi as a Data Processor: When a merchant business client deploys our self-service POS Kiosks, Kitchen Display Systems (KDS), or local dashboards at their retail location (e.g., Golden Goose Market), Thimi processes customer orders, items purchased, transaction amounts, and guest feedback solely on behalf of, and under the specific instruction of, that merchant client. The merchant is the **Data Controller** for their customers' transaction data and is responsible for providing their own privacy notice. If you are an end-customer of one of our merchants and wish to submit a data access, correction, or deletion request, you must contact that merchant directly. We will assist our merchant clients in fulfilling such requests in accordance with our contractual obligations.

11. Trademark and Competitor Comparison Disclaimer

All third-party trademarks, service marks, logos, brand names, and trade names referenced on our website (including but not limited to Toast, Square, Clover, Apple Pay, and Google Pay) are the sole property of their respective registered owners. Our references to these competitors and payment systems are for comparative and educational purposes only under fair use principles, and do not imply any affiliation, sponsorship, endorsement, or partnership between Thimi Solutions and these third-party companies.

12. Artificial Intelligence (AI) and Generated Media Disclosure

To provide high-quality visual representation of our products and services, Thimi Solutions may utilize artificial intelligence (AI) text-to-image and media generation tools (such as Midjourney, DALL-E, and custom shader runtimes) to create background textures, conceptual illustrations, mockups, and virtual presentation imagery. All such AI-generated graphics are utilized strictly for illustrative marketing purposes and do not represent real individuals, proprietary competitor hardware, or direct customer assets. We do not warrant that these representations depict physical hardware layouts or actual client integrations unless explicitly stated.

13. California Privacy Rights (CCPA / CPRA)

If you are a resident of California, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you specific rights regarding your personal information:

  • Right to Know: The right to request that we disclose what personal information we collect, use, disclose, and sell/share about you.
  • Right to Delete: The right to request the deletion of your personal information collected or maintained by us.
  • Right to Correct: The right to request that we correct inaccurate personal information that we maintain about you.
  • Right to Opt-Out of Sale or Sharing: We do not sell or share your personal information with third parties for cross-context behavioral advertising. Therefore, we do not offer an opt-out.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise any of these rights, please contact us at info@thimisolutions.com or via WhatsApp.

14. European Union / EEA Privacy Rights (GDPR)

If you are located in the European Union (EU) or the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR):

  • Legal Basis for Processing: We process your personal data under the following legal bases: (a) your consent (e.g., when you fill out our contact form), (b) performance of a contract (e.g., when providing our subscription services), (c) compliance with our legal obligations, or (d) our legitimate business interests (e.g., analyzing website usage via GA4 and maintaining security).
  • Your Rights: You have the right to access, rectify, or erase your personal data; request restriction of processing; object to processing; and request data portability. If processing is based on consent, you may withdraw it at any time.
  • International Data Transfers: Your personal data is transferred to and processed on servers located in the United States. We implement appropriate safeguards (such as standard contractual clauses) to protect your personal data in transit.
  • Supervisory Authority: You have the right to lodge a complaint with a data protection authority in your country of residence if you believe our processing of your personal data violates applicable laws.

15. Massachusetts Data Protection Standard (WISP Compliance)

Thimi Solutions LLC is headquartered in Massachusetts and complies with the standards for the protection of personal information of residents of the Commonwealth under 201 CMR 17.00. We maintain a Written Information Security Program (WISP) containing administrative, technical, and physical safeguards designed to secure personal information against unauthorized access, destruction, or disclosure. We enforce TLS/HTTPS encryption in transit, strict access control policies for staff, and regular security audits of database rules.

16. Changes to This Policy

We may update this Privacy Policy periodically to reflect legal, regulatory, or operational changes. The "Last updated" date at the top reflects the most recent revision. For material changes affecting how we collect or handle your personal contact details, we will notify active subscription accounts directly.

Contact Us About Privacy

For any privacy questions, data access requests, or deletion requests:

Email: info@thimisolutions.com

WhatsApp: +1 (781) 823-1927

Address: Thimi Solutions LLC · Boston, MA 02129

We respond to all privacy requests within 5 business days.