Privacy Policy

1. Introduction

CartPOS ("we," "our," or "us") is a mobile point-of-sale application designed for small businesses. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our CartPOS mobile application and related services.

By using CartPOS, you consent to the collection and use of information in accordance with this policy.

2. Information We Collect

Account Information (Required)

• Email address - For account creation and login
• Password - Hashed with bcrypt (12 rounds) for security

Profile Information (Optional)

• Name - Your business name
• Phone number - For account recovery

Security Information

• Security question & answer - For password reset verification (answer hashed)
• Session tokens - Cryptographically secure UUIDs for authentication

Device Information

• Device ID - Unique identifier for your device
• Device name - For session identification (e.g., "Samsung Galaxy")
• Session data - Login timestamps, active status

Business Data (Your Content)

• Inventory items - Product names, prices, stock levels, categories
• Transaction history - Sale records, timestamps, payment types
• Customer records - Customer names, phone numbers, credit balances (Khata)
• Expense records - Expense categories, amounts, descriptions

Subscription & Payment Data

• Subscription status - Trial, active, expired
• Payment history - Amount, date, status (stored securely)
• Activation codes - Purchase and redemption history

Preferences

• Language preference - English or Gujarati
• Feature flags - Which features are enabled for your account

3. How We Use Your Information

We use the information we collect to:

• Account Management - Create and maintain your account, authenticate logins
• Provide Services - Enable POS features, inventory management, Khata tracking
• Process Transactions - Record sales, manage inventory, track expenses
• Subscription Management - Track trial period, manage subscriptions, generate activation codes
• Security - Verify identity, prevent unauthorized access, secure sessions
• Customer Support - Help you with account issues, password reset
• Legal Compliance - Meet legal obligations, resolve disputes

4. Data Storage

Where We Store Data

• Cloud Storage (Convex) - Account data, business data synced to cloud
• Local Device Storage (AsyncStorage) - App settings, cached data on your device
• Backup Encryption - Local backups encrypted with AES-256-GCM using your password

Data Retention

• Account data - Retained while account is active
• Business data - Retained until you delete your account
• Transaction history - Kept for your business records
• Payment records - Kept for tax/legal compliance

5. Security Measures

• Password Hashing - bcrypt with 12 rounds
• Session Security - cryptographically secure UUID tokens
• Data Encryption - AES-256-GCM for backups
• Payment Security - Razorpay handles all payment processing
• Biometric Option - Optional fingerprint/face login (device-based)

6. Data Sharing

We DO NOT:

• Sell your personal information
• Share your business data with advertisers
• Use your data for marketing

Service Providers (Limited)

• Convex - Cloud backend (database, authentication)
• Razorpay - Payment processing (they handle your card data)
• Expo/Google - Push notifications (if enabled)

Legal Disclosure

• We may disclose information when required by law
• To protect our rights and prevent fraud

7. Your Rights

• Access - View your personal information
• Correct - Update inaccurate data
• Delete - Request account deletion (contact support)
• Export - Backup your data using in-app export feature
• Opt-out - Disable optional features

To exercise these rights, contact us at support@taddstechnology.com

8. Subscription & Payments

• Trial Period - 7-day free trial
• Subscription - ₹500/month (or ₹5,000/year)
• Payment Processing - Razorpay handles all payments securely
• Activation Codes - Purchase online, redeem in app
• We do NOT store - Credit card numbers, bank details

9. Permissions We Request

Android:

• INTERNET - Sync data with cloud, process payments
• USE_BIOMETRIC - Optional fingerprint/face login
• VIBRATE - Transaction feedback

iOS:

• Face ID / Touch ID - Optional biometric login

10. Children's Privacy

CartPOS is intended for business use. Our service is not intended for children under 13. We do not knowingly collect personal information from children under 13.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page. Your continued use of CartPOS after changes constitutes acceptance of the updated policy.