CM SmartPOS Privacy Policy

1. Information We Collect

Information you enter into the App

• Business setup details, such as business name, address, tax settings, branch settings, and branding settings.
• POS and business records, such as products, categories, inventory, transactions, receipts, shifts, promotions, reports, audit logs, and voided receipts.
• Local staff account details, such as user name, optional email, role, position, and hashed PIN for local sign-in.
• Optional transaction fields, such as official receipt numbers, payment reference numbers, notes, and discount ID numbers when entered by you.

Cloud account and sync information

• Email address and password when you create or sign in to an optional cloud account using Firebase Authentication.
• Cloud-synced data stored in Firebase Firestore, such as products, transactions, promotions, entitlement state, and branch-scoped sync records linked to your Firebase account.

Purchase and subscription information

• Purchase status and product identifiers needed to activate, restore, or manage subscriptions and premium access.
• Payment processing is handled by Google Play. The App does not collect full payment card numbers.

Ads-related information

• If ads are enabled for your tier, Google AdMob may process identifiers and device information, including advertising-related identifiers, in accordance with Google's policies.

Camera, photos, and generated files

• The App may access your camera if you choose to take a product photo.
• The App may access your gallery or photo picker if you choose a product image or branding logo.
• The App can generate CSV, JSON, and PDF files on your device when you export data or reports.

2. How We Use Information

• To provide POS, inventory, reporting, receipt, printing, export, and compliance features.
• To authenticate cloud accounts and enable optional cloud sync and multi-device access.
• To process subscriptions, restore purchases, and manage entitlements.
• To display ads to non-premium users.
• To let you attach product images or branding logos.
• To support accounting, tax, audit, and regulatory workflows when you use the App for business operations.

3. How Information Is Stored

• Most core app records are stored locally on your device using the App's local database and preferences.
• Product images and branding logos selected in the App are stored locally on the device.
• If you use cloud features, selected records are stored in Firebase services linked to your account.
• Subscriptions and purchases are processed through Google Play Billing.

4. When We Share Information

We do not sell your personal information.

We may share information with service providers only as needed to operate the App:

• Google Firebase Authentication for optional cloud account management.
• Google Firebase Firestore for optional cloud-synced data storage.
• Google Play Billing for in-app purchases and subscriptions.
• Google AdMob for ads shown in the free tier.
• Android sharing and printing flows when you choose to export, print, or share data.

We may also disclose information when required by law, to protect rights and security, or in connection with a business transfer subject to applicable law.

5. Permissions and Access

• Internet access for Firebase, billing, ads, and network printing.
• Billing access for Google Play subscriptions and purchases.
• Camera access only when you choose to capture a product image.
• Photo or media access only when you choose to select a product image or branding logo.

Based on the current implementation, the App does not claim access to contacts, call logs, SMS, precise location, microphone, or health data.

6. Printing, Exports, and Sharing

• Receipts and reports may be converted into printable or shareable files.
• Exports can include business transaction data, staff identifiers, receipt numbers, tax information, or audit information depending on the export selected.
• Files are shared only when you initiate the share action.
• Network printing may send receipt data to the printer address you configure.

7. Data Retention

• Local records remain on your device until deleted by you, overwritten through normal use, or removed by app uninstall or data clearing.
• Cloud data remains linked to your cloud account until deleted by you or by us in accordance with operational or legal requirements.
• Exported or shared files may remain in the destination you choose.

You are responsible for retaining records for any period required by your local business, tax, or regulatory obligations.

8. Security

• Local user PINs are stored as hashes rather than plain text.
• Cloud access depends on authenticated Firebase accounts.

No method of storage or transmission is completely secure, and absolute security cannot be guaranteed.

9. Children's Privacy

The App is designed for business use and is not directed to children under 13.

10. International Processing

Third-party services used by the App, including Google services, may process data on servers located in multiple countries.

11. Your Choices

• Use the App offline without enabling cloud sync.
• Avoid cloud account creation if you do not need cloud features.
• Decline to use camera or gallery-based image features.
• Remove locally stored records or images within the App where supported.
• Contact us to request deletion of cloud-account-related data that we control.
• Manage certain advertising preferences through your device or Google settings where available.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any revised version will be posted with a new effective date.

13. Google Play Compliance Notes

• Use the hosted HTTPS URL of this HTML file in Google Play Console.
• Make sure your Data safety answers match the SDKs and behavior in the shipped build.
• If you add analytics, crash reporting, location, microphone, contacts, or new sensitive permissions, update this policy before release.