Your Data is Safe With Us

1. Our Promise — We Never Sell Your Data

2. Data We Collect

• Business Information: Business name, NTN, STRN, address, phone, email — required for FBR compliance
• Invoice & Financial Data: Sales/purchase invoices, buyer/supplier details, tax calculations, HS codes, FBR responses
• Location Data (Optional): GPS coordinates when creating invoices, receipts, refunds, and POS transactions — used to enable fraud prevention, misuse detection, stolen-device geofencing, cashier accountability, refund integrity, AML signals, field-sales verification, provincial tax jurisdiction verification, and audit defense. You can disable this anytime in Settings → Privacy.
• Camera Data (Barcode Only): Used only to scan product barcodes for inventory/POS. No photos or videos captured or stored.
• Device Data: Device type, OS version, app version, connectivity status. No advertising IDs or tracking.

3. How We Use Your Data

• FBR Compliance: Submitting digital invoices to FBR as required by Pakistani tax law
• Business Operations: Invoice management, buyer records, catalog, POS, tax calculations
• Security: Location tagging for fraud detection, audit trails, device fingerprinting for unauthorized access

4. Who We Share Data With

5. Data Storage & Security

• Hosted on Amazon Web Services (AWS), encrypted in transit (TLS 1.2+) and at rest
• JWT authentication with HS256 signing, Super Admin PIN verification
• Local data encrypted with device-specific keys (iOS Keychain / Android EncryptedSharedPreferences)
• Role-based access control with 8 permission levels
• 11 security headers (Helmet): HSTS, X-Frame-Options, CSP, CORS, etc.
• Input sanitization, SQL injection prevention (Prisma ORM), rate limiting
• All local data wiped on logout or account deletion

6. Data Retention

• Active Accounts: Data retained while your account is active
• Deleted Accounts: Personal data deleted after 30-day grace period
• FBR Records: Retained for 7 years as required by Sales Tax Act, 1990 (Section 24) and Income Tax Ordinance 2001 (Section 174)
• Account Deletion: You can cancel within 30 days to reactivate

7. Your Rights

• Access: View all your data through the app at any time
• Correction: Update your business profile in Settings
• Deletion: Request account deletion (30-day grace period, FBR data retained per law)
• Portability: Export invoices as PDF
• Opt-out: Disable location collection, deny camera access — core invoicing still works

8. Permissions Explained

1. Service Description

Riyazee provides FBR Digital Invoice compliance, business management, inventory, and POS features for registered Pakistani businesses.

2. User Responsibilities

• Provide accurate business registration information (NTN, STRN)
• Ensure invoice data accuracy before FBR submission
• Maintain confidentiality of login credentials and SA PIN
• Comply with all applicable Pakistani tax laws and FBR regulations
• Not attempt to reverse-engineer, modify, or exploit the application

3. Subscriptions & Payments

Subscriptions are purchased exclusively via Apple App Store or Google Play Store. Billing is managed by the respective store. Web dashboard access matches your mobile plan tier. No payment information is stored by Riyazee.

4. Limitation of Liability

Riyazee is provided on an "as-is" basis. The developer is not liable for FBR penalties from user data errors, service interruptions, or data loss beyond commercially reasonable measures. Total liability shall not exceed subscription fees paid in the preceding 12 months.

5. Governing Law

These terms are governed by the laws of Pakistan. Disputes shall be resolved in the courts of Islamabad.