Pitis POS (“we”, “our”, “the app”) is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.
1. Information We Collect
1.1 Data You Enter
When you use Pitis POS, you enter business and operational data such as:
- Business name, Tax Identification Number (TIN), SSM number, MSIC code, and address
- Product names, prices, and categories
- Sales transactions, payment records, and stock movements
- Staff names, roles, and PIN credentials (stored as hashed values)
All of this data is stored locally on your device only. It is not transmitted to any server during normal operation.
1.2 Device Permissions
Pitis POS requests the following device permissions:
- Bluetooth: Used solely to connect to and communicate with Bluetooth thermal printers and cash drawers. We do not collect or transmit Bluetooth data.
- Camera: Used solely for barcode scanning when adding products to a sale. We do not capture, store, or transmit camera images.
1.3 Cloud Backup (Optional)
Pitis POS includes an optional encrypted cloud backup feature powered by Supabase, available under Settings → Cloud Backup. When you enable it:
- Your completed sales records are automatically synced to secure cloud servers whenever your device is online.
- The feature is off by default. You must explicitly enable it in Settings.
- Data is used solely for backup and device recovery purposes.
- We do not sell, share, or analyse your backup data for any purpose.
2. How We Use Your Information
We use your information only to:
- Operate the POS features of the app (sales, stock, reports, receipts)
- Restore your data to a new device (if cloud backup is enabled)
- Contact you about billing when the paid plan is introduced (email only, with advance notice)
We do not use your data for advertising, profiling, or any purpose beyond operating the app.
3. Data Sharing
We do not sell, rent, or share your personal data with third parties, except:
- Supabase (cloud backup): Acts as a data processor under our instructions. Data is encrypted in transit and at rest.
- Legal requirements: We may disclose data if required by Malaysian law or a valid court order.
4. Data Retention
- Local data: Remains on your device until you uninstall the app or reset your data from Settings.
- Cloud backup data: Retained for as long as your account is active. You may delete your backup data at any time from Settings.
5. Data Security
We take reasonable measures to protect your data:
- Local SQLite database is stored in the app's protected sandbox (iOS Data Protection).
- Staff PINs are stored as SHA-256 hashes — never in plain text.
- Cloud backup data is transmitted over HTTPS and encrypted at rest.
6. Children's Privacy
Pitis POS is intended for business use by adults. We do not knowingly collect personal data from children under 13.
7. Your Rights
You have the right to:
- Access all data you have entered into the app (it's on your device).
- Delete your local data at any time by resetting the app or uninstalling it.
- Request deletion of cloud backup data by contacting us at hello@pitis.app.
8. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via the app or by email. Continued use of the app after changes constitutes acceptance of the updated policy.
9. Contact Us
If you have questions about this Privacy Policy or how your data is handled, please contact:
Pitis POS
Email: hello@pitis.app
Website: pitis.app