Privacy Policy
Pentapolis POS ("PPOS") Effective Date: May 15, 2026 Last Updated: May 15, 2026
Pentapolis Team ("we," "us," or "our") operates the Pentapolis POS mobile application ("PPOS," "the App," or "the Application"). This Privacy Policy explains how we handle information when you use our Application and is intended to comply with Google Play Store policies, the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data-protection legislation.
By installing or using PPOS, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this policy, please do not use the Application.
Official Version: The authoritative and most current version of this Privacy Policy is published at: https://www.pt.com.ly/ppos/privacy_policies
1. Overview — Offline-First, Privacy-by-Design
PPOS is a native Android point-of-sale application built for small businesses. It is designed with an offline-first architecture: all business data is stored exclusively on your device in a local database and is fully functional without any internet connection. We do not operate backend servers, cloud databases, or data-processing infrastructure that collects, receives, or stores your business information. Your data stays on your device.
2. Information We Do Not Collect
We want to be explicit about what we do not do:
- We do not collect personal information, usage patterns, or behavioral data.
- We do not employ analytics, telemetry, or tracking SDKs of any kind.
- We do not integrate advertising SDKs or display advertisements.
- We do not use crash-reporting services that transmit data to external servers.
- We do not sell, rent, license, or share any user data with third parties.
- We do not process or access your data on any server operated by Pentapolis Team.
3. Data Stored Locally on Your Device
All data generated by your use of PPOS is stored exclusively on your device. We have no ability to access, read, or modify this data. The following categories of information are stored locally:
3.1 Business Data (Local Database)
| Data Category | Examples | Storage |
|---|---|---|
| Product information | Name, barcode, purchase price, selling price, category, images | Local SQLite database |
| Sales records | Invoice reference, total amount, cost, profit, date, customer name | Local SQLite database |
| Debt management | Debtor name, phone number, debt amounts, payment records | Local SQLite database |
| Financial reports | Aggregated from sales data at query time | Computed locally |
3.2 Application Settings (Local Storage)
| Setting | Purpose |
|---|---|
| Store name, address, contact information | Displayed on invoices and receipts |
| Currency and country selection | Formatting and localization |
| Language preference | Application UI language |
| Display preferences (colors, grid layout) | Visual customization |
| Tax rate and configuration | Automatic tax calculation |
| Printer settings (Bluetooth MAC address, paper size) | Thermal receipt printing |
3.3 Cached Account Information
When you sign in with Google, the following information is cached locally on your device for display purposes:
- Google account email address
- Firebase user identifier (UID)
- Profile photo URL
This information is obtained through Google's authentication flow and is stored only on your device. We do not transmit, process, or store this information on any Pentapolis Team server.
3.4 Local Files
- Product Images: Captured photos are stored locally in the app's private directory (
product_images/). - Crash Diagnostic Log: If the app encounters an unexpected error, a technical crash log is saved locally (
last_crash.txt). This log is displayed to you on the next app launch and is immediately deleted. It is never automatically transmitted to any server. You may voluntarily choose to copy and share it with us for troubleshooting purposes.
4. Google Sign-In and Firebase Authentication
PPOS requires a one-time Google Sign-In during the initial device setup. This authentication is used to:
- Verify your identity for device configuration.
- Authorize access to your personal Google Drive (if you choose to use the product image feature).
The authentication process is handled entirely by Google's secure infrastructure (Firebase Authentication and Google Play Services). We receive and cache only your email address, Firebase UID, and profile photo URL. We do not receive, store, or have access to your Google account password or authentication tokens.
You may sign out of the Application at any time via the "Logout" option in the navigation menu, which revokes the app's access to your Google account.
5. Google Drive Integration (Optional)
PPOS offers an optional integration with Google Drive for storing product images. This feature enables product images to be synchronized between multiple devices.
5.1 How It Works
- PPOS uses the restricted
DRIVE_FILEscope, which limits the app's access to only files and folders created by PPOS itself. The app cannot access your other Google Drive files. - Product images are uploaded to a dedicated folder structure in your personal Google Drive:
My Drive / PPOS / IMAGES /. - Upload occurs automatically in the background (via Android WorkManager) after a product image is captured or changed.
5.2 Image Permissions on Google Drive
To enable product image loading across multiple devices without requiring authentication on each device, uploaded images are assigned a public-read ("anyone with the link can view") permission on Google Drive. This means:
- Anyone with the direct file link can view the uploaded product image.
- The images are not indexed by search engines (file discovery is disabled).
- No other data (sales, invoices, debts, settings) is uploaded to Google Drive — only product images.
5.3 Your Control
- This feature is activated only when you sign in with Google and capture product images.
- You may revoke PPOS's access to your Google Drive at any time from your Google Account permissions page.
- Revoking access does not delete previously uploaded images. You may delete them manually from your Google Drive.
6. Permissions Explained
PPOS requests certain device permissions that are strictly necessary for its core functionality. No permission is used for tracking, profiling, or data collection:
| Permission | Why It Is Needed |
|---|---|
| Camera | Scanning product barcodes (via CameraX and ML Kit) and capturing product images. |
| Microphone (Record Audio) | Voice input for product search using the device's speech recognition. |
| Bluetooth (Connect & Scan) | Discovering and connecting to Bluetooth thermal receipt printers. |
| Fine Location | Required by the Android operating system for Bluetooth device scanning. No location data is ever collected, stored, or transmitted. |
| Internet | Connecting to Google Drive for product image upload/download, Firebase Authentication for sign-in, and opening external web links. |
| Network State | Checking internet availability before attempting network operations. |
All hardware features (camera, Bluetooth) are declared as optional in our app manifest, meaning the app can still be installed and used on devices that lack these hardware capabilities.
7. Data Synchronization Between Devices
PPOS supports synchronization between two devices (Device A and Device B) to share sales data and product information. This synchronization works as follows:
- The database file (
.db) is exported and shared directly between devices using any file-sharing method chosen by the user (e.g., WhatsApp, file manager, Bluetooth file transfer). - No data passes through any Pentapolis Team server. The transfer is peer-to-peer between your own devices.
- The receiving device imports the database file locally.
8. Third-Party Services
PPOS relies on the following third-party services for core functionality:
| Service | Provider | Purpose | Provider's Privacy Policy |
|---|---|---|---|
| Firebase Authentication | Google LLC | User sign-in | Google Privacy Policy |
| Google Play Services Auth | Google LLC | Google Sign-In | Google Privacy Policy |
| Google Drive API | Google LLC | Product image storage | Google Privacy Policy |
| ML Kit Barcode Scanning | Google LLC | On-device barcode detection | Google Privacy Policy |
Important: ML Kit Barcode Scanning runs entirely on-device and does not transmit any data to external servers.
No third-party advertising, analytics, tracking, or telemetry services are used in this Application.
9. WhatsApp Integration
PPOS includes a feature that allows you to send debt reminder messages to debtors via WhatsApp. When you use this feature:
- The app constructs a pre-formatted message containing the debtor's name, outstanding amount, and your store name.
- The app opens WhatsApp using a standard Android intent. The message is sent through WhatsApp's infrastructure, not through PPOS.
- PPOS does not access your WhatsApp contacts, messages, or any other WhatsApp data.
- This feature is entirely optional and user-initiated.
10. External Links
PPOS contains links to external websites and services that open in your device's default web browser:
- Privacy Policy: https://www.pt.com.ly/ppos/privacy_policies
- App Support: https://www.pt.com.ly/ppos/app_support
- Tutorial Videos: YouTube
- Rate App: Google Play Store
These links are opened via standard Android intents. PPOS does not embed a WebView and does not track or monitor your browsing activity in any way.
11. Data Security
We implement the following security measures within the Application:
- Biometric/PIN Lock: The app requires device authentication (fingerprint, face, or PIN) on launch and after 15 minutes of inactivity.
- Encrypted Communication: All network communication with Google services uses HTTPS/TLS encryption.
- Local Storage Isolation: The app's database and files are stored in Android's private app directory, inaccessible to other applications.
- No Credential Storage: The app does not store passwords, authentication tokens, or sensitive credentials. All authentication is delegated to the Android system's secure APIs and Google's infrastructure.
- Session Management: Authentication sessions expire after 15 minutes of inactivity, requiring re-authentication.
12. Data Retention and Deletion
12.1 Local Data
All data is retained locally on your device until you choose to delete it. You have full control:
- Delete individual records: Remove products, sales, debtors, or debt entries from within the app.
- Reset the application: Use the reset function in Settings to clear all data.
- Uninstall the application: Uninstalling PPOS removes all locally stored data, including the database, images, and preferences.
12.2 Google Drive Data
Product images uploaded to your Google Drive remain in your Drive until you manually delete them. Uninstalling PPOS or revoking its access does not automatically delete images already stored in your Google Drive. You can delete the PPOS folder from your Google Drive at any time.
12.3 Firebase Authentication Data
Your Firebase authentication record (email and UID) is retained by Google in accordance with their data retention policies. You may delete your Google account data through your Google Account settings.
13. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your data:
- Right to Access: All your data is stored locally on your device and is accessible to you at all times through the app's interface.
- Right to Deletion: You may delete all data by resetting the app, clearing app data, or uninstalling the application.
- Right to Data Portability: You may export your database file at any time via the app's backup function.
- Right to Revoke Consent: You may revoke Google Drive access through your Google Account permissions. You may sign out of the app at any time.
- Right to Object: Since we do not process your data on our servers, there is no server-side processing to object to.
For residents of the European Economic Area (EEA), these rights are provided under the General Data Protection Regulation (GDPR). For residents of California, USA, these rights are provided under the California Consumer Privacy Act (CCPA).
14. Children's Privacy
PPOS is a business point-of-sale tool designed for use by business owners and operators. It is not directed at children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect information from children. If you believe a child has provided data through the app, please contact us and we will take steps to address the situation.
15. Voluntary Support & Monetization
PPOS is 100% free to use with no advertisements, in-app purchases, subscriptions, or hidden fees. The app's navigation menu contains an "App Support" link that opens our website (https://www.pt.com.ly/ppos/app_support). This page provides information about voluntary contributions to support the continued development of PPOS. These contributions:
- Are entirely voluntary and carry no obligation.
- Do not involve any in-app payment processing or data handling.
- Do not collect any personal or financial information from within the PPOS application.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in the Application, legal requirements, or our practices. When we make changes:
- We will update the "Last Updated" date at the top of this document.
- We will publish the revised policy at the official URL: https://www.pt.com.ly/ppos/privacy_policies.
- For material changes, we will make reasonable efforts to notify users (e.g., through an in-app notice or on our website).
We encourage you to review this Privacy Policy periodically.
17. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or the PPOS application, please contact us:
Pentapolis Team Website: https://www.pt.com.ly Email: info@pt.com.ly
© 2026 Pentapolis Team. All rights reserved. PPOS is a proprietary, closed-source product. This Privacy Policy applies exclusively to the Pentapolis POS mobile application.