GDPR‑ready open POS flagged

An open-source checkout system pitched as “GDPR ready” is getting fresh attention after a social post pointed readers to the Open Source Point of Sale codebase. (x.com) The repository behind Open Source Point of Sale is public on GitHub, where it shows about 4,100 stars, 2,500 forks, and more than 6,600 commits as of April 13, 2026. The project describes itself as a web-based point-of-sale system written in PHP with MySQL or MariaDB as its database. (github.com) The project’s own README and website both list “GDPR ready” among features alongside stock management, receipts, invoicing, barcode printing, supplier and customer records, and multilingual support. The maintainers also say version 3.4 is a major overhaul built on CodeIgniter 4. (github.com, opensourcepos.org) A point-of-sale system is the software a shop uses to ring up sales, track inventory, print receipts, and store customer records. A General Data Protection Regulation claim matters because those systems can hold names, purchase histories, tax data, and employee access logs. (opensourcepos.org, github.com) The “GDPR ready” label does not mean automatic legal compliance for every store that installs the software. In a 2018 project issue about European Union rules, one user noted that deletion requests could be hard to reconcile with the software’s past approach of soft-deleting customer records to preserve receipt history. (github.com) That tension is common in retail software: merchants need records for accounting, taxes, and returns, while privacy rules can require access, correction, and erasure workflows. Open-source code can make those tradeoffs easier to inspect, but the operator still has to configure hosting, retention, access controls, and consent practices. (github.com, github.com) The codebase is also still actively maintained. GitHub shows the latest stable release, version 3.4.1, was published on June 5, 2025, and the repository lists more recent commits and pre-release builds from the master branch. (github.com, github.com) Security is part of that maintenance picture. The repository has a published security policy promising a response within 48 hours to reported vulnerabilities, and GitHub also shows a security advisory published in early 2026 for a critical cross-site request forgery flaw tied to disabled request protection. (github.com, github.com) That leaves the current moment looking less like a product launch than a visibility spike for an existing project. The code is open, the “GDPR ready” claim is longstanding, and the harder question for any merchant is still how much compliance work begins after the install. (github.com, opensourcepos.org)