Privacy Policy

1. Information We Collect

We collect the following categories of information:

1.1. Information You Provide Directly

When you register and use the Application, you provide us with:

• Account Information — Email address, password, and authentication credentials (or third-party login tokens via Google Sign-In or Apple Sign-In).
• Business Information — Business name, business address, business phone number, business category, and currency preference.
• Product Data — Product names, descriptions, prices, stock quantities, barcodes, and product images (captured via camera or selected from your gallery).
• Store Data — Store names, addresses, store logos (captured via camera or selected from your gallery), and Bluetooth printer configurations.
• Transaction Records — Sales transactions, order details, payment methods, and receipt data.
• Customer Records — Customer names and contact information that you choose to store for your business.
• Expense Records — Business expense descriptions, amounts, and categories.
• Promotion Data — Discount and promotion configurations you create.
• AI Chat Messages — Messages you send to the AI Business Assistant within the Application.

1.2. Information Collected Automatically

When you use the Application, we may automatically collect:

• Device Information — Device type, operating system version, and unique device identifiers.
• Network Information — Internet Protocol (IP) address and network connection type.
• Usage Data — Pages visited within the Application, time and date of visits, time spent on features, and general interaction patterns.
• Sync Metadata — Timestamps and status of data synchronization between your device and the cloud.

1.3. Information We Do NOT Collect

• Location Data — The Application does not collect, track, or store your geographic location. The Application requests location permission on Android solely because the Android operating system requires it for Bluetooth device scanning (to discover and connect to thermal receipt printers). Your location is never recorded, transmitted, or used for any other purpose.
• Contacts — The Application does not access your device contacts.
• Microphone/Audio — The Application does not record audio.
• Background Location — The Application does not track your location in the background.

2. How We Use Your Information

We use the collected information for the following purposes:

• Providing the Service — To operate the POS system, process transactions, manage inventory, and deliver all core Application features.
• Account Management — To create and manage your user account, authenticate your identity, and maintain your session.
• Cloud Synchronization — To sync your business data across devices and provide backup functionality via Supabase cloud services.
• AI Business Assistant — To send your business data (sales summaries, product performance, revenue data) to third-party AI services (OpenRouter / DeepSeek) to generate business insights, analytics, and recommendations. Only the data necessary for generating a response is transmitted.
• WhatsApp Receipt Delivery — To send digital receipts to your customers via WhatsApp when you choose to use this feature (via WAHA API).
• Receipt Printing — To format and send receipt data to your connected Bluetooth thermal printer.
• Reports & Analytics — To generate business reports, charts, and performance analytics within the Application.
• Communication — To send you important service notifications, required notices, and updates about the Application.
• Improvement — To analyze usage patterns and improve the Application's functionality, performance, and user experience.

3. Device Permissions

The Application requests the following device permissions and uses them exclusively as described:

4. Data Storage & Security

• 4.1. Local Storage — The Application stores your business data locally on your device using an SQLite database. This enables offline functionality for core POS operations.
• 4.2. Cloud Storage — Your data is synchronized to Supabase cloud servers for backup, multi-device access, and real-time synchronization. Supabase uses industry-standard encryption and security practices.
• 4.3. Authentication — User authentication is handled by Supabase Auth with support for email/password, Google Sign-In, and Apple Sign-In. Authentication uses PKCE (Proof Key for Code Exchange) flow for enhanced security. Passwords are never stored in plain text.
• 4.4. Data Transmission — All data transmitted between the Application and cloud services is encrypted using HTTPS/TLS protocols.
• 4.5. Image Storage — Product images and store logos are stored as compressed base64-encoded data within the database. Images are compressed to minimize storage usage.
• 4.6. AI Data Processing — When you use the AI Business Assistant, relevant business data (sales summaries, product performance metrics) is transmitted to OpenRouter's API servers for processing. This data is used solely to generate your requested insights and is subject to OpenRouter's privacy policy.
• 4.7. While we implement reasonable security measures to protect your information, no method of electronic storage or transmission over the Internet is 100% secure. We cannot guarantee absolute security.

5. Third-Party Services

The Application integrates with the following third-party services, each with their own Privacy Policy:

• Google Play Services — Android app distribution and services
• Supabase — Authentication, cloud database, and data synchronization
• Google Sign-In — Social authentication on Android and iOS
• Apple Sign-In — Social authentication on iOS
• OpenRouter — AI model routing for the business assistant (DeepSeek model)
• WAHA API — WhatsApp messaging integration for digital receipt delivery

What data is shared with third parties:

We do not sell, trade, or rent your personal information to third parties for marketing purposes.

6. Disclosure of Information

The Service Provider may disclose your information in the following circumstances:

• Legal Requirements — As required by law, such as to comply with a subpoena, court order, or similar legal process.
• Safety & Protection — When we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
• Service Providers — With trusted third-party service providers who work on our behalf, do not have independent use of the information we disclose to them, and have agreed to adhere to the rules set forth in this Privacy Policy.

7. AI Business Assistant & Data Processing

• 7.1. The Application includes an AI-powered business assistant ("Copos AI") that provides business analytics, sales insights, and operational recommendations.
• 7.2. When you use the AI assistant, the following data may be sent to third-party AI service providers (OpenRouter / DeepSeek):
  • Business name and category
  • Sales summaries and revenue data
  • Product performance metrics
  • Store performance comparisons
  • Your chat messages and questions
• 7.3. This data is transmitted via encrypted HTTPS connections and is used solely to generate your requested business insights.
• 7.4. The AI assistant has token usage limits per session. Token usage is tracked to manage service costs and ensure fair usage.
• 7.5. AI-generated responses are for informational purposes only. We do not guarantee the accuracy of AI-generated content.

8. Data Retention

• 8.1. We retain your data for as long as your account is active and you continue to use the Application.
• 8.2. If you wish to delete your account and all associated data, please contact us at raflifn@leci-pos.com. We will process your request within a reasonable timeframe (typically within 30 days).
• 8.3. Upon account deletion, your data will be removed from our cloud servers. Note that local data on your device will remain until you uninstall the Application.
• 8.4. We may retain certain anonymized, aggregated data for analytical purposes even after account deletion, as this data cannot be used to identify you.

9. Opt-Out Rights

• 9.1. Uninstall — You can stop all local data collection by uninstalling the Application from your device using the standard uninstall process.
• 9.2. Account Deletion — You can request complete deletion of your cloud-stored data by contacting us at raflifn@leci-pos.com.
• 9.3. Permissions — You can revoke individual device permissions (camera, Bluetooth, gallery) at any time through your device's settings. Note that revoking certain permissions may limit Application functionality.
• 9.4. AI Assistant — You can choose not to use the AI Business Assistant feature. No business data will be sent to AI service providers unless you actively use this feature.
• 9.5. WhatsApp Integration — WhatsApp receipt sharing is entirely optional. No customer data is sent to WAHA API unless you explicitly choose to send a receipt via WhatsApp.

10. Children's Privacy

• 10.1. The Application is designed for business use and is not directed at children under the age of 13.
• 10.2. We do not knowingly collect personally identifiable information from children under 13 years of age.
• 10.3. If we discover that a child under 13 has provided personal information, we will immediately delete it from our servers.
• 10.4. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at raflifn@leci-pos.com so we can take appropriate action.

11. Security

We are committed to safeguarding the confidentiality of your information. We implement the following security measures:

• Encryption in Transit — All data transmitted between the Application and our servers uses HTTPS/TLS encryption.
• Secure Authentication — PKCE-based authentication flow, secure password hashing, and OAuth 2.0 for social sign-in.
• Access Control — Row-Level Security (RLS) policies on our database ensure users can only access their own business data.
• Sensitive Data Protection — API keys and sensitive configuration values are stored securely in the database and are never hardcoded in the Application.

Despite our efforts, no security system is impenetrable. We cannot guarantee the absolute security of your information.

12. International Data Transfers

Your data may be processed and stored on servers located outside your country of residence (including servers operated by Supabase and OpenRouter). By using the Application, you consent to the transfer of your information to these servers, which may be in jurisdictions with different data protection laws than your own.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this Privacy Policy periodically. Continued use of the Application after changes are posted constitutes your acceptance of the revised Privacy Policy. For material changes, we will make reasonable efforts to notify you via the Application or email.

14. Your Consent

By using the Application, you consent to the collection, use, and processing of your information as described in this Privacy Policy.

15. Contact Us

If you have any questions regarding privacy while using the Application, or have questions about our data practices, please contact us at:

Email: raflifn@leci-pos.com

Website: https://leci-pos.com