Clover Privacy Addendum

Last updated: 22 May 2026 · Effective:22 May 2026 · Prime Construct Ltd (trading as TillTalk)

This Clover Privacy Addendum (“Addendum”) supplements TillTalk's Privacy Policy and applies specifically to merchants who connect TillTalk to their Clover point-of-sale system. It describes how TillTalk receives, uses, stores, and shares data obtained through the Clover platform. In the event of a conflict between this Addendum and the Privacy Policy, this Addendum takes precedence for Clover-related processing.

1. Scope

This Addendum applies when a TillTalk client (a business owner, “Merchant”) authorises TillTalk to access their Clover merchant account for the purpose of reading transaction data.

TillTalk accesses the Clover platform solely as a service provider to the Merchant. TillTalk does not operate an independent relationship with Clover's end-customers. All access is strictly read-only; TillTalk does not create, modify, or delete any records in the Merchant's Clover account.

2. Data received from Clover

Through the Clover API, TillTalk reads the following data on the Merchant's instruction:

Transaction data

  • Transaction amount, tip amount, total
  • Tender type (cash, card, gift card)
  • Transaction timestamp
  • Channel (in-person, online)
  • Refund status
  • Clover order ID and payment ID (internal reference only)

Customer-level identifiers (where present in the transaction)

Where a Clover transaction includes customer-identifying fields (e.g., email or phone captured at the till, via a loyalty programme, or through online ordering), TillTalk reads and immediately hashes these fields using deterministic SHA-256 before any storage or onward transmission. Raw values are never written to disk by TillTalk.

  • Customer email (hashed in memory; raw value discarded)
  • Customer phone number (hashed in memory; raw value discarded)
  • Customer first name and last name (hashed in memory; raw value discarded)
  • Card token (an opaque reference from Clover; never the card number itself)

Merchant account data

  • Merchant ID
  • OAuth access token (encrypted at rest; used only to authenticate API calls)

Cash transactions and transactions that contain no customer-identifying fields are not hashed and cannot be attributed to an individual customer. Such transactions are used only in aggregate revenue reporting.

3. How TillTalk uses this data

TillTalk uses the data received from Clover exclusively for the following purposes, all carried out on the Merchant's instruction:

  • Ad performance verification: hashed customer identifiers and transaction values are sent to the ad platforms (Meta, Google, TikTok) specified by the Merchant, so the platforms can verify which ad campaigns drove real in-store revenue
  • Revenue reporting and analytics: transaction totals and aggregated metrics are used to produce weekly performance reports for the Merchant
  • Campaign optimisation: aggregated and anonymised signals are used to adjust the Merchant's ad targeting and budget allocation

TillTalk does not use Clover data for any purpose beyond those listed above. TillTalk does not sell Clover data, does not use one Merchant's Clover data to benefit another Merchant, and does not build cross-merchant profiles.

4. Storage and security

Hashed identifiers:stored in TillTalk's Railway-hosted PostgreSQL database, encrypted at rest. Row-level records are retained for 24 months from the transaction date; after that, they are aggregated into daily summaries and the row-level data is deleted.

Transaction metadata: retained in aggregate form for the duration of the client relationship plus two years.

OAuth credentials: the Clover OAuth access token is encrypted using Fernet symmetric encryption before storage. It is decrypted only in memory for the duration of an API call and never logged.

Transmission: all communication between TillTalk and Clover uses TLS 1.2 or higher.

Access controls:access to production systems is restricted to authorised personnel (currently limited to the founder). No third party has access to raw Clover data within TillTalk's systems.

5. Sharing

Data received from Clover is shared only with the following parties, and only as required to deliver the service:

  • Ad platforms (on Merchant instruction): hashed customer identifiers and transaction values are transmitted to Meta, Google, and TikTok via their respective conversion APIs, solely for the purpose of matching ad conversions to real in-store purchases. Only hashed data is shared; raw values are never transmitted to ad platforms.
  • Infrastructure sub-processors: data passes through TillTalk's hosting providers (Railway, Vercel, Supabase) in the course of normal service operation. See the sub-processor list for details.

Clover data is never sold, licensed, or shared with any party not listed above.

6. Merchant rights

Access: Merchants may request a copy of all data TillTalk holds relating to their Clover account by contacting daniel@tilltalk.ie.

Disconnection and deletion: A Merchant may disconnect their Clover integration at any time by uninstalling the TillTalk app from the Clover App Market. Disconnection automatically triggers the deletion process described in §6.5. The Merchant's TillTalk account itself, and any other connectors (Meta, Google, TikTok, etc.) the Merchant has authorised, are preserved. To delete the entire TillTalk account and cascade deletion across all connectors, see tilltalk.ie/data-deletion.

Correction: transaction data is read-only from Clover and cannot be modified by TillTalk. To correct a transaction record, update it in the Clover system; TillTalk will reflect the correction on the next data sync.

Customer deletion requests: if a customer of the Merchant requests deletion of their data, the Merchant should instruct TillTalk at daniel@tilltalk.ie. TillTalk will delete the relevant hashed records and, where ad platforms expose deletion APIs (such as Meta's CAPI deletion event), will propagate the deletion to the relevant platform on the Merchant's instruction.

Automated deletion on Clover uninstall: When a Merchant uninstalls the TillTalk Clover app, TillTalk receives an APP_UNINSTALLED webhook from Clover and immediately marks the Merchant's Clover data as pending deletion. The access token and Clover-sourced records are retained for 48 hours to allow accidental-uninstall recovery — reinstalling within that window restores access without data loss. After 48 hours, an automated job hard-deletes the access token, transaction snapshots, identity records, and webhook events older than 90 days. The Merchant's TillTalk account and other connectors are preserved either way; see tilltalk.ie/data-deletion for full-account deletion.

7. Compliance posture

GDPR:TillTalk operates as a data processor for personal data received through Clover, with the Merchant acting as data controller of their customers' data. TillTalk's processing is governed by a Data Processing Agreement with each Merchant (incorporated into the Terms of Service).

Clover Developer Agreement:TillTalk accesses Clover data under the Clover Developer Agreement, which sets out permitted use cases for marketplace applications. TillTalk's use is limited to the use cases described in this Addendum and does not extend beyond what is permitted by that agreement.

Data minimisation: TillTalk reads only the transaction fields required for ad performance verification. No POS inventory data, employee data, or device data is accessed.

Audit log: TillTalk maintains an internal log of all Clover API calls, including timestamp, endpoint, and response code. This log is retained for 90 days and is available to Merchants on request.

8. Contact

For any question or request relating to Clover data processing:

Email: daniel@tilltalk.ie
Post: Prime Construct Ltd, Farran, Mourneabbey, Co. Cork, P51 KF88, Ireland

Related documents: Privacy Policy · Sub-Processor List · Terms of Service