VelocityPOS Privacy Policy

Privacy Policy

This Privacy Policy explains how VelocityPOS (a Point of Sale app built with Flutter and Firebase) collects, uses, stores, and shares information when you use the app.

Effective date: 2026-03-30
Last updated: 2026-03-30
Quick summary: VelocityPOS is designed for retail business operations (billing, inventory, customers, reports) with offline-first storage and cloud sync. The app may process business data you enter (products, customers, sales) and account information for login (email/password or Google Sign-In).

1) Overview

VelocityPOS (“we”, “our”, “us”) is a Point of Sale (POS) application that helps retailers manage sales, inventory, customers, receipts, and reports. The app supports offline use with local storage and may synchronize data to the cloud (for example, using Firebase services).

Note: This document is a general privacy policy template tailored to VelocityPOS features. You should review it with a legal professional and ensure it matches your exact implementation (what you collect, where you store it, and which third-party services you enable).

2) Who this policy applies to

This policy applies to anyone who installs or uses VelocityPOS, including:

  • Business owners/administrators who configure the app and manage users.
  • Managers and staff who create sales, manage inventory, and handle customers.
  • Customers of the business whose data is entered into the POS by the business (for example, name, phone, purchase history).

3) Information we collect

3.1 Account and authentication data

When you sign in to VelocityPOS, we may collect or process:

  • Email address and password (for email/password login). Passwords should be stored/handled securely by the authentication provider.
  • Google account information (for Google Sign-In), such as your Google profile name and profile photo (if available) and email address.
  • Session tokens or similar credentials to keep you logged in (e.g., “Remember Me”).

3.2 Business data you enter in the app

VelocityPOS is a POS system, so it may store data that you (or your staff) enter, including:

  • Product data (name, category, barcode/SKU, pricing, stock quantities, tax rates, supplier info, optional image URLs).
  • Customer data (name, phone number, email address, address, notes, loyalty points, credit limit, purchase history).
  • Sales and transaction data (items sold, totals, taxes, discounts, payment method, timestamps, invoice numbers, receipts).
  • Inventory activity (stock adjustments, low-stock thresholds, stock movement logs).
  • Settings and preferences (business profile, receipt settings, tax configuration, theme/language, notification preferences).

3.3 Device and app data

Depending on your configuration and enabled features, the app may collect:

  • Device information (such as device model, operating system version) to help with debugging and compatibility.
  • App performance data (crash logs, diagnostics) if you enable analytics/crash reporting services.
  • Approximate timestamps of actions (e.g., logins, sales creation, sync events) for audit and operational purposes.

3.4 Images and media

VelocityPOS may display product images by loading them from image URLs entered in the app. The app may request those URLs over the internet to display the images. If you use receipt sharing (WhatsApp/Email/SMS) or export features (PDF/CSV/Excel), the app may generate files and store them on your device.

Important for businesses: If you enter your customers’ personal data (like phone/email/address), you are responsible for providing appropriate notice to your customers and ensuring you have a lawful basis to collect and use their data.

4) How we use information

We use information to:

  • Provide POS functionality (billing, inventory, customer management, receipts, reports).
  • Authenticate users and enforce role-based access (Admin/Manager/Staff).
  • Sync data across devices and restore data when you log in on a new phone (if cloud sync is enabled).
  • Enable offline-first operation by storing data locally and later synchronizing when internet is available.
  • Improve reliability (troubleshoot bugs, respond to support requests, prevent misuse and fraud).
  • Comply with legal obligations where applicable (tax records, accounting, lawful requests).

If your users are in regions where privacy laws require a legal basis (e.g., GDPR), you may rely on one or more of the following:

  • Contract/Service delivery: to provide the POS service you requested.
  • Legitimate interests: to keep the service secure and functioning.
  • Consent: where you choose to enable optional analytics/marketing features.
  • Legal obligations: to comply with accounting/tax and regulatory requirements.

6) When we share information

We do not sell personal information. We may share data only in the following cases:

6.1 Service providers (processors)

VelocityPOS may use third-party services to operate, such as:

  • Firebase Authentication for login and account security.
  • Firebase Firestore (or similar) for cloud database and synchronization.
  • Cloud storage (if enabled) for backups or storing certain files.

These providers process data on our behalf to deliver the app’s features, subject to their own terms and security measures.

6.2 Legal compliance and protection

We may disclose information if required by law, regulation, legal process, or enforceable governmental request, or when we believe disclosure is necessary to protect the rights, property, or safety of users, the public, or our service.

6.3 Business data visibility inside your organization

If your business uses multiple staff accounts, admins and managers may be able to view operational data based on role permissions (for example, sales history, customer records, inventory).

7) How we store and secure data

7.1 Offline-first local storage (on device)

VelocityPOS supports offline operation by storing data locally on your device (for example, using SQLite). This may include your products, customers, sales, and settings.

7.2 Cloud synchronization

If cloud sync is enabled, the app synchronizes your business data to the cloud so it can be restored on new devices and kept consistent across devices. Sync typically happens when an internet connection is available.

7.3 Security measures

We use reasonable administrative, technical, and organizational measures designed to protect data, such as:

  • Access control via authentication and role-based permissions.
  • Secure transport (HTTPS/TLS) when communicating with cloud services.
  • Session management features (timeout, logout, token refresh).
  • Best-effort secure local storage (device security also matters).
Your responsibility: Protect your device with a strong screen lock, do not share admin credentials, and use secure passwords. If the device is rooted/jailbroken or infected with malware, local POS data could be exposed.

8) Data retention

We keep data for as long as needed to provide the service and for legitimate business purposes such as accounting, auditing, dispute resolution, and compliance with legal requirements.

  • Account data is retained while your account is active and as needed for security and compliance.
  • Business records (sales, invoices) may need to be retained longer for tax/accounting requirements depending on your country.
  • Local device data remains on the device until you clear app storage, uninstall the app, or delete records in the app.

9) Your rights and choices

9.1 Access, update, and delete (inside the app)

VelocityPOS allows businesses to view, edit, and delete many types of business data (products, customers, sales) depending on user role permissions.

9.2 Account actions

  • You can update some account profile details depending on your authentication method.
  • You can reset your password using the “Forgot Password” feature (email/password accounts).
  • You can sign out at any time. If “Remember Me” is enabled, you may stay logged in until you log out or the session expires.

9.3 Deleting data

Data deletion may be possible through in-app tools. If your app uses cloud sync, deletion may also remove records from cloud storage (depending on implementation). Some records may be retained where required by law.

9.4 Marketing

VelocityPOS is primarily a utility/business app. If you add marketing communications in the future, you should provide opt-out mechanisms.

10) Children’s privacy

VelocityPOS is not intended for children under 13 (or the minimum age required by local law) and we do not knowingly collect personal information from children. If you believe a child has provided personal data, contact us to request deletion.

11) International data transfers

If you use cloud services (such as Firebase), your data may be processed in countries other than where you live. These transfers may be necessary to provide the app. Where required, we rely on appropriate safeguards provided by the service provider.

12) Third-party links and services

The app may include integrations or actions that involve third parties, for example:

  • Google Sign-In authentication
  • Opening product image URLs from the internet
  • Sharing receipts via WhatsApp/Email/SMS using other apps on your device

Third-party services have their own privacy policies. We recommend reviewing them.

13) Security best practices for POS businesses

  • Use unique accounts for each staff member; avoid sharing credentials.
  • Assign the least privilege needed (Staff vs Manager vs Admin).
  • Enable session timeouts and log out on shared devices.
  • Back up data securely and restrict access to exports (PDF/CSV/Excel).
  • Limit customer data collection to what you truly need.

14) Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will update the “Last updated” date at the top. Material changes may be communicated through the app or release notes.

15) Contact us

If you have questions, requests, or complaints about privacy, contact:

  • Developer: Gulfam Ali
  • GitHub: @gulfamali16
  • Email: [add your support email here]

Disclaimer: This page is provided for informational purposes and does not constitute legal advice. Your obligations depend on your jurisdiction, your business model, and which VelocityPOS features/services you enable.

Appendix: Typical data in VelocityPOS

This table helps you (and reviewers) understand what POS data may exist in the app. Adjust to match your code.

Category Examples Purpose Where stored
Authentication Email, Google Sign-In profile info, session tokens Account creation, login, security, role access Auth provider (e.g., Firebase Auth) + device session storage
Products Name, SKU/barcode, pricing, tax, stock, category, image URL Inventory and billing Local DB (offline) and optional cloud sync
Customers Name, phone, email, address, notes, loyalty points CRM, loyalty, receipts, analytics Local DB and optional cloud sync
Sales Invoices, items, totals, taxes, discounts, payment method, timestamps Billing, reporting, accounting Local DB and optional cloud sync
Receipts & exports PDF receipts, CSV/Excel reports Sharing, printing, recordkeeping Device storage; may be shared through third-party apps
Diagnostics (optional) Crash logs, performance metrics App stability and improvement Analytics/crash provider if enabled

If you don’t use analytics/crash tools, remove that row to keep the policy accurate.