Privacy Policy

📋1. Introduction

Welcome to Stores, a Point-of-Sale (POS) and inventory management application developed by bydhiva. This Privacy Policy explains how we collect, use, store, and protect information when you use our mobile application ("App") on Android or iOS devices.

By using the App, you agree to the practices described in this policy. If you do not agree, please discontinue use of the App.

🏢2. Who We Are

• Application Name: Stores
• Package Name: com.bydhiva.stores
• Developer / Data Controller: bydhiva
• Contact: privacy@bydhiva.com
• Website: https://bydhiva.com

📦3. Information We Collect

3.1 Account & Authentication Data

When you log in, we receive the following information from our authentication provider (Keycloak / OpenID Connect):

• User ID (unique identifier)
• Email address
• Full name (given name, family name, display name)
• Username
• Assigned roles and permissions within your organization

Authentication tokens (access token, refresh token, ID token) are stored securely on your device using the platform's encrypted secure storage and are never shared with third parties.

3.2 Business / Operational Data

To provide POS and inventory management features, the App stores the following business data locally on your device and synchronises it with our servers:

• Orders — items, quantities, pricing, discounts, fees, payment method, status, timestamps
• Menu — categories, items, prices, descriptions, availability, add-ons, item images
• Inventory — stock levels, restock records, wastage logs, recipe details
• Organisation and outlet information — name, address, outlet ID
• Members and roles — user list, role assignments, permission sets
• Receipt templates — header/footer text, promotional content

3.3 Device & Technical Data

• Network connectivity status (online/offline detection for data synchronisation)
• Bluetooth device addresses of paired thermal receipt printers (stored locally only)

3.4 Images

The App may request access to your device's photo library when you upload images for menu items. Images are uploaded to our servers and stored with the corresponding menu item record. We do not access your camera.

🔒4. App Permissions

⚙️5. How We Use Your Information

We use the information described above solely to:

• Authenticate you and maintain your session securely
• Provide core POS features: order creation, payment processing, and receipts
• Display and manage your organisation's menu and inventory
• Enable offline functionality and synchronise data when connectivity is restored
• Connect to Bluetooth thermal printers to print receipts
• Store and display menu item images

We do not use your data for advertising, behavioural profiling, or sale to third parties.

🛡️6. Data Storage & Security

On-Device Storage

Authentication tokens are stored in your device's encrypted secure storage (Expo SecureStore). Business data is cached in an on-device SQLite database to support offline operation. This data is accessible only to the App.

Server Storage

Business data is synchronised with our servers at https://api-stores.bydhiva.com. All communication is encrypted in transit using TLS/HTTPS. Authentication is handled via OAuth 2.0 with PKCE through https://auth.bydhiva.com.

Security Measures

• TLS encryption for all network requests
• OAuth 2.0 + PKCE authentication flow
• Encrypted device storage for tokens
• Idempotency keys to prevent duplicate transactions during offline sync
• Role-based access control (RBAC) to limit data access by user role

🤝7. Data Sharing & Third Parties

We do not sell, rent, or trade your personal information. Data may be shared only in the following limited circumstances:

• Authentication Provider (Keycloak): Your login credentials are processed by our self-hosted Keycloak identity server at auth.bydhiva.com. No credentials are sent to third-party identity platforms.
• Legal Obligations: We may disclose information if required by applicable law, court order, or governmental regulation.

The App contains no third-party analytics, advertising SDKs, or tracking libraries.

🗓️8. Data Retention

On-device data is retained as long as the App is installed on your device. Uninstalling the App removes locally cached data.

Server-side data (orders, inventory, menu) is retained for as long as your organisation's account is active. Upon account termination, data is deleted in accordance with our data retention policy. Contact us at privacy@bydhiva.com to request data deletion.

👶9. Children's Privacy

The Stores App is a business tool intended for use by adults (18 years of age or older) in a commercial context. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us immediately at privacy@bydhiva.com and we will delete it promptly.

⚖️10. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Delete your personal data ("right to be forgotten")
• Object to or restrict certain processing activities
• Data portability — receive your data in a structured, machine-readable format

To exercise any of these rights, please contact us at privacy@bydhiva.com. We will respond within 30 days.

🔄11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For significant changes, we will notify users through the App or via email. Continued use of the App after changes constitutes acceptance of the updated policy.

📬12. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us:

• Email: privacy@bydhiva.com
• Website: https://bydhiva.com