1. Introduction
Welcome to Chutki POS ("the App"), a
point-of-sale application developed and published by
New Wiz Tech ("we", "us",
or "our").
This Privacy Policy explains what information we collect, how we use and
protect it, with whom we share it, and the rights you have over your data.
By downloading, installing, or using the App you agree to the practices
described in this policy. If you do not agree, please uninstall the App.
Key principle: Chutki POS is designed as a
locally-first application. All transactional and business data
(sales, purchases, inventory, customers) is stored exclusively on your
device in an SQLite database. Cloud features are strictly opt-in and
limited to backup and license verification. We do not sell your data, use
it for advertising, or share it with third parties beyond what is described
in this policy.
2. App Versions: Free & Pro
Chutki POS is available in two versions:
-
FREE – Downloaded at no cost from the
Google Play Store. Fully functional for small businesses with the usage
limits described below.
-
PRO – Unlocked via an in-app purchase on
Google Play or by activating a license key issued by New Wiz Tech.
Removes all usage limits and unlocks additional features.
Upgrading to Pro does not change what data is collected or how it is used.
Both versions are governed by this same Privacy Policy.
2.1 Feature & Limit Comparison
| Feature / Limit |
FREE |
PRO |
| Daily Sales (invoices) |
Up to 10 per day |
Unlimited |
| Daily Purchases |
Up to 5 per day |
Unlimited |
| Customers |
Up to 100 |
Unlimited |
| Credit Clients |
Up to 10 |
Unlimited |
| Vendors |
Up to 10 |
Unlimited |
| Staff / User Accounts |
Admin only |
Unlimited staff accounts |
| Biometric Login (Fingerprint) |
Not available |
Available |
| Automatic Cloud Backup (Google Drive) |
Not available |
Scheduled + manual backup |
| Manual Cloud Backup (Google Drive) |
Available |
Available |
| Dashboard & Cart Style Customization |
Not available |
Available |
| All Core POS Features (Sales, Purchases, Inventory, Reports, Expenses) |
Available |
Available |
| SMS Receipts to Customers |
Available |
Available |
| Barcode & QR Scanning |
Available |
Available |
| Receipt Printing (PDF / Bluetooth) |
Available |
Available |
| Multi-Language Support |
Available |
Available |
Daily limit note (Free version): Daily counters reset at
midnight on the device's local clock. A sale that is deleted still counts
toward the daily limit to prevent limit circumvention.
3. Information We Collect
3.1 Information You Provide Directly
- Business Information – Business name, contact person, phone numbers, address, city, province, postal code, country, business type, tax registration number, and business logo.
- User Account Credentials – Username and password for in-app authentication (stored locally in hashed form; never transmitted to our servers).
- Transaction Data – Sales records, purchase orders, sales returns, purchase returns, expense records, product catalogue, vendor and customer details, and receipt information.
- Customer Information – Customer name, mobile number, address, and postal code (entered by you for your own customers; stored only on your device).
3.2 Information Collected Automatically
- Device Identifier (UUID) – A randomly generated, installation-specific UUID stored locally and used solely as a Firestore document key for cloud backup and license verification. It is not linked to your hardware IMEI, advertising ID, or any other device identifier.
- Device Name & Android Version – Collected for display in the business-sync record (e.g., "Samsung Galaxy A52 — Android 13") to help you identify which device performed the last cloud sync.
- Network Status – The App reads your Wi-Fi and internet connection state to determine whether cloud features and local-network (server/client) features are available. We do not collect your IP address, MAC address, or any other network identifier.
-
App Analytics (Firebase Analytics) – The App uses Firebase Analytics (by Google LLC) to collect anonymised usage data. This helps us understand how the App is used and improve future versions. Collected automatically:
- Screen views and navigation flow
- Session duration and frequency of use
- Device type, OS version, and App version
- Country/region (coarse, derived from IP by Google; IP is not retained by Firebase Analytics)
- First-open and selected in-app events (e.g., completing a sale, restoring a backup)
- A random Firebase-assigned Analytics Instance ID (not linked to your name or business data)
- Crash Reports (Firebase Crashlytics) – If the App crashes, an anonymised report is sent automatically. Reports include the stack trace, device model, OS version, and App version. No personal data, transaction records, or business information is included.
3.3 Information Collected Through Optional Features
- Google Account (Google Drive Backup) – If you enable Google Drive backup, the App requests read/write access to a dedicated folder in your Google Drive via OAuth 2.0. We only access files created by the App itself.
- Camera & Barcode Scan Data – The camera is used exclusively for scanning QR codes and barcodes. Camera frames are processed on-device in real time and are never stored, transmitted, or shared.
- Photos / Media – The App may access device storage to let you select a business logo image. Chosen images are stored locally and, if cloud sync is enabled, uploaded to your private Firebase Storage bucket.
- SMS (Sending Only) – The App can send receipt SMS messages and account-recovery credentials from your device to your customers or staff, using your device's own SIM card. The SEND_SMS permission is used exclusively for outgoing messages. The App does not read, intercept, monitor, or store any incoming SMS messages.
- Biometric Data (Pro only) – If you enable biometric login, authentication is handled entirely by the Android BiometricPrompt API. No biometric data is ever transmitted to us or stored outside the secure Android Keystore.
4. How We Use Your Information
- App Functionality – To provide all core POS features including sales, inventory, purchasing, reporting, and receipt printing.
- Cloud Backup – To back up your SQLite database to your own Google Drive account (if enabled) so you can restore data on a new device.
- Business Profile Sync – To store a copy of your business profile (name, contact details, logo) in Firebase Firestore so it is accessible from multiple devices and for identification purposes.
- License Verification – To verify whether your device holds an active Pro licence (via Firebase Firestore) or an active in-app subscription (via Google Play Billing).
- SMS Notifications – To send sale receipts or account-recovery SMS messages to customers and staff directly through your device SIM, when you initiate this action.
- Scheduled Notifications (Pro) – To send local device notifications as reminders before a scheduled backup runs. No push notification servers or third-party notification services are used.
- Analytics & App Improvement – Firebase Analytics collects anonymised usage events to help us understand which features are used, identify usability issues, and guide future development. Firebase Crashlytics collects anonymised crash reports to help us fix bugs quickly. Neither service is used for advertising or user profiling.
5. Permissions Explained
The table below lists every Android permission the App declares, its purpose, and whether it is required or optional.
| Permission |
Purpose |
Required? |
| CAMERA |
Scan product barcodes & QR codes. Not used for photos or location inference. |
Required for scanning |
| WRITE_EXTERNAL_STORAGE (API ≤ 29) |
Save backup files and exported reports on devices running Android 9 and below. |
Optional (older devices) |
READ_MEDIA_IMAGES READ_MEDIA_AUDIO |
Access media files on Android 13+ for logo selection and sound alerts. |
Optional |
| SEND_SMS |
Send receipt/invoice SMS messages to customers, and send account-recovery credentials to staff. Outgoing only — the App never reads incoming messages. |
Optional |
ACCESS_WIFI_STATE CHANGE_WIFI_STATE ACCESS_NETWORK_STATE |
Detect network availability for cloud sync; enable local-network server/client mode between devices on the same Wi-Fi. |
Required for networking |
| INTERNET |
Firebase Firestore sync, Firebase Analytics, Firebase Crashlytics, Google Drive backup, and license verification. |
Required for cloud features |
| VIBRATE |
Vibration feedback on successful barcode scan. |
Optional |
| RECEIVE_BOOT_COMPLETED |
Re-register scheduled backup tasks after device restart (Pro only). |
Required for auto-backup (Pro) |
FOREGROUND_SERVICE FOREGROUND_SERVICE_DATA_SYNC |
Run the cloud backup as a visible foreground service on Android 14+ (Pro only). |
Required for auto-backup (Pro) |
| POST_NOTIFICATIONS |
Show local reminder notifications before a scheduled backup runs (Pro only). |
Optional |
| WAKE_LOCK |
Keep the device awake during an active backup transfer to prevent incomplete uploads. |
Required for auto-backup |
| SCHEDULE_EXACT_ALARM |
Schedule a precise pre-backup reminder notification (Pro only). |
Optional |
| REQUEST_IGNORE_BATTERY_OPTIMIZATIONS |
Prompt the user to exempt the App from battery optimisation so scheduled backups run reliably on MIUI/OneUI devices (Pro only, user-controlled). |
Optional (user-controlled) |
USE_BIOMETRIC USE_FINGERPRINT |
Authenticate via device fingerprint sensor for app login (Pro only). Processing occurs entirely on-device via Android Keystore. |
Optional (Pro only) |
6. Data Collected for Analytics & Support
We use two Firebase services for analytics and technical support. Neither service accesses your business records, customer data, or transaction history.
6.1 Firebase Analytics
Firebase Analytics collects the following data automatically:
- Screen names visited and navigation sequences
- Session duration, frequency, and engagement metrics
- Device model, screen resolution, OS version, and App version
- Approximate country/region (Google derives this from IP; the IP address itself is not retained by Firebase Analytics)
- First-open event and selected in-app events (e.g., sale completed, backup started, restore completed)
- A random Firebase-assigned Analytics Instance ID (resets when the App is uninstalled or App data is cleared; not linked to your identity)
This data is used exclusively to improve the App. It is never used for targeted advertising or sold to third parties.
You can reset or delete your Analytics Instance ID by clearing the App's data in Android Settings → Apps → Chutki POS → Clear Data.
6.2 Firebase Crashlytics
If the App experiences an unhandled exception or crash, Crashlytics automatically sends a report containing:
- Stack trace and exception details
- Device model and OS version
- App version and build number
- Timestamp of the crash
- Whether the App was in the foreground or background
No personal data, transaction records, customer names, or business information is included in crash reports. Reports are used solely to identify and fix software bugs.
What we do NOT collect: We do not collect your name, email
address, phone number, real-time location, advertising identifiers (GAID),
payment card details, or any content of your sales, purchases, or customer
records for analytics purposes.
7. Data Storage & Security
7.1 Local Storage
All business transactions, product data, and customer records are stored in
an SQLite database on your device. The database is stored in an app-specific
directory (private to the App's sandbox on Android 10+) or in a curated
app-accessible location you select during setup. No special system-level
storage permissions are required on modern Android versions.
7.2 Cloud Storage (Firebase)
Your business profile (name, contact, address, logo) is synced to a
Firebase Firestore database hosted in the
chutki-pos-by-new-wiz-tech Google Cloud project in the
us-central1 region. Access to Firestore is protected by
Firebase Security Rules. Your data is keyed by your device's installation
UUID and is not accessible to other users or installations.
Business logo images are stored in Firebase Cloud Storage under
business_logos/{deviceId}/. Only authenticated app instances
with your device UUID can read or overwrite this path.
7.3 Google Drive Backup
If enabled, the App uses the Google Drive API to write backup archives to a
dedicated folder in your Google Drive account. New Wiz Tech
employees cannot access your Google Drive; only you control the backup files.
7.4 Security Measures
- All data transmitted to Firebase and Google Drive is encrypted in transit using TLS 1.2 or higher.
- Firebase Security Rules restrict Firestore and Storage access to document paths matching the requesting device's UUID.
- Passwords are never stored in plain text; they are processed using a one-way hashing algorithm before being written to the local database.
- Biometric credentials are processed exclusively within the Android Keystore (Pro feature); no biometric data leaves the device.
- Analytics and crash-report data is transmitted directly to Google's servers using the Firebase SDK and does not pass through New Wiz Tech servers.
8. Data Sharing & Third-Party Services
We do not sell, rent, or trade your personal information.
We do not share your data with advertisers. The App
integrates the following third-party services solely to deliver the
functionality described in this policy:
| Service |
Provider |
Purpose |
Data Shared |
| Firebase Firestore |
Google LLC |
Business profile cloud sync & license verification |
Business name, address, contact, device UUID |
| Firebase Storage |
Google LLC |
Business logo hosting |
Logo image file, device UUID |
| Firebase Analytics |
Google LLC |
Anonymised usage analytics for app improvement |
Screen events, session data, device model, OS version, app version, Analytics Instance ID |
| Firebase Crashlytics |
Google LLC |
Anonymised crash reporting for bug fixing |
Stack trace, device model, OS version, app version, crash timestamp |
| Google Drive API |
Google LLC |
Database backup & restore |
Encrypted database backup archive |
| Google Sign-In / OAuth 2.0 |
Google LLC |
Authenticate Google Drive access |
Google account email (used for OAuth token only; not stored by New Wiz Tech) |
| Google Play Billing |
Google LLC |
Process in-app purchase for Pro upgrade |
Purchase token and subscription status (managed by Google Play; payment details are never seen by New Wiz Tech) |
Google's privacy practices are governed by the
Google Privacy Policy.
SMS: When you use the SMS receipt or password-recovery
feature, messages are sent through the Android telephony system using your
own SIM card and mobile carrier. The recipient's phone number and the
message content are transmitted via your carrier's network. New Wiz Tech
does not have access to these messages, their content, or the recipient's
phone number.
9. Data Retention
- Local data – Retained on your device until you manually delete it or uninstall the App.
- Firebase Firestore / Storage data – Retained until you delete the corresponding record within the App or contact us to request deletion.
- Google Drive backups – Stored in your Google Drive account and subject to your own Drive storage settings. You may delete them at any time through the Google Drive app.
- Firebase Analytics data – Retained by Google for up to 14 months by default, in accordance with Google's Firebase Analytics data retention policy. You may reset your Analytics Instance ID at any time by clearing the App's data in Android Settings.
- Firebase Crashlytics data – Crash reports are retained by Google for up to 90 days.
- SMS messages – Not retained by the App. They exist only in your device's standard SMS inbox and your carrier's logs.
10. Children's Privacy
Chutki POS is a business productivity application intended for use by
individuals who are at least 13 years of age (or the age
of digital consent in their jurisdiction). We do not knowingly collect
personal information from children under 13. If you believe a child has
provided us with information, please contact us immediately at
info@newiztech.com so we can delete it.
11. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access – Request a copy of the personal data we hold about you in our cloud systems.
- Correction – Request correction of inaccurate data.
- Deletion – Request deletion of your personal data from Firebase Firestore and Storage.
- Data Portability – Export your local database at any time using the App's built-in backup feature.
- Opt out of Analytics – Enable “Limit ad tracking” (or “Opt out of Ads Personalization”) in your Android device settings, which Firebase Analytics respects. You can also clear the App's data in Android Settings to reset the Analytics Instance ID.
- Withdraw Consent – Disable cloud sync, Google Drive backup, SMS features, biometric login, or notifications at any time in the App's Settings screen.
- Revoke Google Access – You may revoke the App's Google Drive access at any time via
Google Account Permissions.
To exercise any of these rights, contact us using the details in Section 13. We will respond within 30 days.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in
the App, applicable law, or our practices. When we make material changes,
we will update the “Last Updated” date at the top of this page and, where
appropriate, notify you through an in-app notice.
Your continued use of the App after any changes constitutes acceptance of the revised policy. We encourage you to review this page periodically.
13. Governing Law
This Privacy Policy is governed by the laws of the
Islamic Republic of Pakistan. Any disputes shall be
subject to the exclusive jurisdiction of the courts of Pakistan. If you
are located in a jurisdiction with additional consumer data-protection
rights (e.g., the European Economic Area, United Kingdom, or California),
we will honour those rights to the extent required by applicable law.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us: