1. Introduction
Welcome to Toushir POS ("the App", "we", "our", "us"). This Privacy Policy explains how we collect, use, store, and protect your information when you use our point-of-sale mobile application.
By using the App, you agree to the collection and use of information in accordance with this policy. If you do not agree with any part of this policy, please do not use the App.
2. Who We Are
Toushir POS is a mobile point-of-sale application designed for retail and business operators. The App is intended for use by authorized business personnel only and is not directed at the general public or children under the age of 13.
Contact: For any privacy-related questions, contact us at: contact@toushir.com
3. Information We Collect
3.1 Account & Authentication Information
- Username and password — collected at login to authenticate users against our OAuth2 server. Passwords are hashed locally using a secure cryptographic function before storage. Access tokens and refresh tokens are stored in encrypted storage on the device (AES-256 encryption).
- User ID and Licence ID — identifiers assigned by the backend to link accounts to their business licence.
- Last active timestamp — recorded to track session activity.
3.2 Business & Store Information
- Store name, address, website, contact information — retrieved from the server and cached locally on the device for offline operation.
- Manager name, store type, subscription status — stored locally to support app functionality.
- Store logo and images (file references only, not the images themselves) — stored as server-side file IDs.
3.3 Product & Inventory Data
- Product names, prices, barcodes, categories, stock levels — synced from the server and stored in a local on-device Realm database for offline POS operation.
- Stock journal entries — local records of stock changes.
3.4 Transaction & Session Data
- POS session records — includes transaction items, quantities, prices, totals, session status (open/closed), and timestamps. Stored locally and synced to the server.
- Scanned product records — products scanned during a session, including quantity and price at time of scan.
3.5 Device Information
- Device model, OS version, app version — collected for support and compatibility purposes.
- Network connectivity status — used to determine online/offline mode.
3.6 Camera
The App uses the device camera exclusively for barcode scanning (scanning product barcodes during checkout). No photos or videos are captured, stored, or transmitted. Camera access is never used for any purpose other than barcode recognition.
3.7 Location
Approximate and fine location — used only in connection with Bluetooth device discovery for connecting to Bluetooth receipt printers. Location is not stored, logged, or transmitted to any server.
3.8 Bluetooth
Bluetooth permissions are used exclusively to discover and connect to Bluetooth receipt printers. No Bluetooth data is collected or transmitted beyond what is necessary to establish a printer connection.
3.9 Analytics & Advertising (Meta / Facebook SDK)
The App integrates the Facebook SDK for business analytics. The SDK automatically collects standard app events including app installs, app launches, and app activations on devices where the App is installed.
- Advertising ID (AD_ID) — used by the Facebook SDK on Android 13+ devices for attribution and analytics. You may opt out in your Android device settings under Google > Ads > Opt out of Ads Personalization.
- No personally identifiable information (PII) is sent to Meta/Facebook. Only anonymized event data and aggregate business metrics are transmitted.
- Meta's data practices are governed by Meta's Privacy Policy.
3.10 Push Notifications
The App displays local in-app notifications (e.g., sync alerts, printer status). No notification tokens are collected or shared with third parties.
3.11 In-App Updates
The App checks for available updates via the Google Play In-App Updates API. No personal data is involved in this process.
4. How We Use Your Information
- Authenticate users and maintain secure login sessions
- Operate the POS system — process sales, manage sessions, scan barcodes
- Sync data — keep products, stock, and session data up to date with the server
- Enable offline operation — cache business data locally so the app works without internet
- Connect to peripherals — pair with Bluetooth receipt printers
- Provide analytics — understand app usage to improve performance and business outcomes (via Meta SDK)
- Display notifications — inform users of sync status, errors, and printer events
- Support and debugging — use device information to diagnose and fix issues
5. Data Storage & Security
On-Device Storage
All data is stored locally using Realm (an encrypted mobile database). Sensitive authentication tokens are stored in Encrypted Storage (hardware-backed AES encryption where available).
Server-Side Storage
Data is synchronized with our secure backend servers. All server communication uses HTTPS. The app is deployed in a controlled business environment.
Security Measures
- Passwords are hashed before storage — plain-text passwords are never stored
- Authentication tokens are stored in encrypted storage, not plain storage
- JWT access tokens have limited validity; refresh tokens are used to renew sessions securely
- Local data is protected with an embedded encryption key
6. Data Sharing & Third Parties
We do not sell your personal data to any third party.
| Third Party | Purpose | Privacy Policy |
|---|---|---|
| Meta (Facebook) | Business analytics events | Meta Privacy Policy |
| Google Play | In-app update checks | Google Privacy Policy |
| Our servers | App data sync, authentication | Governed by this policy |
7. Data Retention
- Local device data: Retained as long as the app is installed and the user account is active. Uninstalling the app removes all local data.
- Server data: Retained as long as the business account is active. Contact us to request deletion of server-side data.
- Session/transaction data: Retained for accounting and audit purposes as required by your business needs.
8. Children's Privacy
The App is intended for use by business operators and employees only. We do not knowingly collect personal information from anyone under the age of 13. The App is not directed at children and should not be used by minors.
9. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate personal data
- Delete your personal data ("right to be forgotten")
- Restrict processing of your data
- Opt out of analytics/advertising tracking
To exercise any of these rights, contact us at contact@toushir.com.
Advertising ID opt-out on Android:
Android 12+: Settings → Google → Ads → Delete advertising ID
Android 11 and below: Settings → Google → Ads → Opt out of Ads Personalization
10. Permissions Summary
| Permission | Why It's Used |
|---|---|
INTERNET | Sync data with the server, authentication |
CAMERA | Barcode scanning only (no photo capture) |
BLUETOOTH / BLUETOOTH_ADMIN | Connect to Bluetooth receipt printers |
BLUETOOTH_SCAN / BLUETOOTH_CONNECT | Discover and pair with Bluetooth printers (Android 12+) |
ACCESS_FINE_LOCATION | Required by Android for Bluetooth device scanning |
ACCESS_COARSE_LOCATION | Required by Android for Bluetooth device scanning |
AD_ID | Facebook SDK analytics (Android 13+) |
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. Continued use of the App after changes constitutes acceptance of the updated policy.
We recommend reviewing this policy periodically.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us:
