1.Introduction
Welcome to BizoraPOS, a product of Santisoft ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you have a positive experience when using our point-of-sale software and related services (collectively, the "Services").
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, desktop software, website, and related services. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Services.
BizoraPOS is designed as a local-first product. By default, core business records you enter in the app are stored locally on your device. Cloud sync and backup features are optional. You decide whether to enable sync to our servers for multi-device access, backup, and recovery features.
We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Last Updated" date of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates.
2.Information We Collect
The information we collect depends on how you use BizoraPOS and whether you choose to enable cloud-connected features. Some information stays only on your device unless you turn on sync, backups, or another server-based feature.
Information You Provide
When you use our Services, you may provide us with:
- Account Information: Name, email address, phone number, password, and business name when you create an account
- Business Information: Business name, address, tax identification numbers (such as TIN for EBM compliance), and business category
- Transaction Data: Sales records, inventory data, customer information you enter, product catalogs, and payment records
- Payment Information: Billing address, mobile money numbers, and payment method details (processed securely through our payment providers)
- Communications: Messages you send to us, support requests, and feedback you provide
If you keep sync disabled, business records such as sales, inventory, customers, expenses, and reports may remain stored only on your device, subject to how the app is configured on that device.
Information Collected Automatically
When you use our Services, we automatically collect:
- Device Information: Device type, operating system, unique device identifiers, and mobile network information
- Usage Information: Features you use, actions you take, time spent on different screens, and error logs
- Location Information: General location based on IP address (we do not collect precise GPS location without your consent)
- Log Data: IP address, browser type, access times, and referring website addresses
Information from Third Parties
We may receive information from:
- Authentication Providers: When you sign in with Google or Apple, we receive your name and email from these services
- Payment Processors: Transaction confirmation and payment status from MTN MoMo, Airtel Money, or other payment providers
- Tax Authorities: Confirmation of EBM registration status from Rwanda Revenue Authority (where applicable)
3.How We Use Your Information
We use the information we collect to:
Provide and Improve Our Services
- Create and manage your account
- Process your transactions and payments
- Sync your data across devices when you choose to enable sync
- Generate business reports and analytics
- Provide AI-powered business insights
- Enable offline functionality and data backup
Communicate With You
- Send service-related notices and updates
- Respond to your comments and questions
- Provide customer support
- Send promotional communications (with your consent)
Ensure Security and Compliance
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations (including tax reporting where required)
- Enforce our terms of service
- Protect the rights and safety of our users
We do not use your business data for unrelated commercial purposes without your permission. Where we process synced data on our servers, we do so to provide the features you requested, such as account access, synchronization, backup, support, security, compliance, and product functionality.
Legal Basis for Processing (GDPR)
If you are in the European Economic Area (EEA), our legal bases for processing include:
- Contract: Processing necessary to provide our Services to you
- Legitimate Interests: Improving our Services, preventing fraud, and marketing (where permitted)
- Consent: Where you have given explicit consent for specific processing
- Legal Obligation: Compliance with applicable laws
4.Information Sharing and Disclosure
We do not sell, rent, or trade your personal information. We may share your information in the following circumstances:
Your business data remains your property. We do not give third parties the right to use it for their own marketing or unrelated purposes without your permission.
Service Providers
We share information with third-party service providers who perform services on our behalf:
- Payment Processors: MTN MoMo, Airtel Money, and other payment providers to process your payments
- Cloud Hosting: To store your data securely
- Email Services: Resend for transactional emails
- Analytics: To understand how our Services are used
These providers are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
Legal Requirements
We may disclose information if required to do so by law or in response to:
- Valid legal processes (court orders, subpoenas)
- Requests from government authorities
- Tax reporting obligations (such as EBM reporting to Rwanda Revenue Authority)
Business Transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.
With Your Consent
We may share your information with third parties when you give us explicit consent to do so.
5.Data Retention
We retain your personal information for as long as necessary to provide you with our Services and as described in this Privacy Policy.
Retention Periods
- Account Data: Retained while your account is active and for up to 90 days after account deletion
- Transaction Data: Retained for 7 years to comply with tax and accounting requirements
- Usage Data: Retained for up to 2 years for analytics and service improvement
- Support Communications: Retained for up to 3 years to resolve disputes and improve support
Deletion
When you delete your account, we will delete or anonymize your personal information within 90 days, except where we need to retain it for legal compliance (such as tax records).
6.Biometric Data
BizoraPOS offers optional biometric authentication (fingerprint, face recognition) to protect access to the app. This feature uses your device's built-in biometric hardware and operating system APIs (Android BiometricPrompt / iOS LocalAuthentication).
How Biometric Data Is Handled
- On-device only: All biometric matching is performed entirely on your device by the operating system. BizoraPOS never reads, stores, or transmits your raw biometric data (fingerprint templates, facial geometry, or similar data).
- No server transmission: Biometric data never leaves your device and is never uploaded to our servers under any circumstances.
- OS-managed storage: Biometric templates are stored in your device's secure hardware enclave (e.g., Android Keystore, Apple Secure Enclave) and are inaccessible to the app.
- Authentication result only: BizoraPOS receives only a pass/fail result from the operating system — never the underlying biometric data.
Google Play Data Safety Disclosure
In compliance with Google Play's Data Safety requirements: BizoraPOS does not collect biometric data. Biometric authentication is handled exclusively by the device operating system and its secure hardware. No biometric data is collected, stored, or shared by this app.
Disabling Biometric Authentication
Biometric authentication is optional. You can enable or disable it at any time from within the app under Settings → Security → Biometric Login. Disabling biometric authentication does not affect your account or data in any way.
7.Data Security
We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.
Security Measures
- Encryption: Data is encrypted in transit (TLS/HTTPS) and at rest
- Access Controls: Strict access controls and authentication for our systems
- Secure Infrastructure: Our servers are hosted in secure data centers with physical security measures
- Regular Audits: We regularly review and update our security practices
- Employee Training: Our team is trained on data protection best practices
If you choose to sync data to our servers, we apply security controls designed to protect that synced data against unauthorized access, disclosure, alteration, and destruction. No system can be guaranteed 100% secure, but we work to maintain safeguards appropriate to the sensitivity of the data we process.
Your Responsibilities
You are responsible for maintaining the confidentiality of your account credentials and for any activities that occur under your account. Please use a strong, unique password and do not share your login information.
Security Incidents
In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law.
8.Your Rights
Depending on your location, you may have certain rights regarding your personal information. We are committed to helping you exercise these rights.
We want you to remain in control of your data. In many cases, you can decide whether data stays only on your device or is synced to our servers by enabling or disabling sync features in the app.
Rights for All Users
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate or incomplete information
- Deletion: Request deletion of your personal information
- Export: Export your data in a portable format
- Sync Control: Choose whether eligible business data is synced to our servers or kept locally on your device
Additional Rights (GDPR - EEA Residents)
- Object to Processing: Object to processing based on legitimate interests
- Restrict Processing: Request restriction of processing in certain circumstances
- Withdraw Consent: Withdraw consent where processing is based on consent
- Lodge a Complaint: Lodge a complaint with a supervisory authority
How to Exercise Your Rights
To exercise your rights, you can:
- Use the account settings in our application
- Email us at privacy@bizorapos.com
- Contact us through our contact form
We will respond to your request within 30 days. We may need to verify your identity before processing your request.
9.Local Storage, Sync, and Data Ownership
BizoraPOS is built to work offline first. By default, the core operating data you create in the app is intended to be stored locally on your device so you can keep working without an internet connection.
Your Choice to Enable Sync
You may choose to enable cloud sync or related online features. If you do, the relevant data is transmitted to and stored on our servers so we can provide synchronization, backup, recovery, multi-device access, account continuity, and related service functions.
Your Data Stays Yours
Your business data, customer records, transaction history, and other content remain your property. Enabling sync does not transfer ownership of your data to us.
Our Limited Role
When synced data is stored on our servers, we act only as needed to operate, secure, maintain, support, and improve the Services, comply with law, and carry out other uses described in this Privacy Policy. We do not access or use your synced business data beyond those purposes without your permission unless required by law.
11.Children's Privacy
Our Services are designed for businesses and are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16.
If you are a parent or guardian and you believe your child has provided us with personal information, please contact us at privacy@bizorapos.com. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information.
12.International Data Transfers
If you use website, support, payment, analytics, or cloud sync features, your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws than your country.
When we transfer personal information internationally, we take appropriate safeguards to ensure your information remains protected, including:
- Using standard contractual clauses approved by relevant authorities
- Ensuring our service providers maintain adequate security measures
- Complying with applicable data transfer regulations
Our primary data storage is located in secure data centers, with backups distributed globally for reliability.
13.Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes, we will:
- Update the "Last Updated" date at the top of this page
- Notify you via email or in-app notification for significant changes
- Give you the opportunity to review changes before they take effect
Your continued use of our Services after the effective date of the revised Privacy Policy constitutes your acceptance of the changes.
14.Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Email: privacy@bizorapos.com
- General Support: support@bizorapos.com
- Contact Form: bizorapos.com/contact
Santisoft
BizoraPOS
Kigali, Rwanda
We will respond to your inquiry within 30 days.
Questions about this policy?
If you have any questions about this policy, please contact us.
You can print this page for your records using your browser's print function.