Privacy Policy

Last Updated: April 10, 2026

Your Data is Safe With Us

We NEVER sell, share, or monetize your data. Your business information is used solely for FBR e-invoicing compliance. Period.

🔒

No Data Selling

Your data is never sold, rented, or shared with advertisers or third parties.

🔐

End-to-End Encryption

TLS 1.2+ in transit, encrypted at rest. Your data is protected at every layer.

🏳

FBR Compliance Only

Invoice data goes to FBR as legally required. Nothing else leaves our servers.

1. Our Promise — We Never Sell Your Data

Riyazee will NEVER sell, rent, trade, or monetize your business data, personal information, or any data collected through this platform to any third party — for any purpose, at any time. This is an unconditional commitment.

2. Data We Collect

  • Business Information: Business name, NTN, STRN, address, phone, email — required for FBR compliance
  • Invoice & Financial Data: Sales/purchase invoices, buyer/supplier details, tax calculations, HS codes, FBR responses
  • Location Data (Optional): GPS coordinates when creating invoices, receipts, refunds, and POS transactions — used for fraud prevention, misuse detection, stolen-device geofencing, cashier accountability, and audit defense. You can disable this anytime in Settings → Privacy.
  • Camera Data (Barcode Only): Used only to scan product barcodes. No photos or videos captured or stored.
  • Device Data: Device type, OS version, app version, connectivity status. No advertising IDs or tracking.

3. How We Use Your Data

  • FBR Compliance: Submitting digital invoices to FBR as required by Pakistani tax law
  • Business Operations: Invoice management, buyer records, catalog, POS, tax calculations
  • Security: Location tagging for fraud detection, audit trails, device fingerprinting for unauthorized access

4. Who We Share Data With

  • FBR Only: Invoice data submitted to Federal Board of Revenue as legally required
  • No Advertisers: We do not share data with any advertising network
  • No Analytics Firms: We do not share data with third-party analytics services
  • No Data Brokers: We do not sell data to data brokers or aggregators
  • No Partner Sharing: We do not share data with business partners

5. Data Storage & Security

  • Hosted on Amazon Web Services (AWS), encrypted in transit (TLS 1.2+) and at rest
  • JWT authentication with secure signing, Super Admin PIN verification
  • Local data encrypted with device-specific keys
  • Role-based access control with 8 permission levels
  • Input sanitization, SQL injection prevention, rate limiting
  • All local data wiped on logout or account deletion

6. Data Retention

  • Active Accounts: Data retained while your account is active
  • Deleted Accounts: Personal data deleted after 30-day grace period
  • FBR Records: Retained for 7 years as required by Sales Tax Act, 1990 (Section 24)
  • Account Deletion: You can cancel within 30 days to reactivate

7. Your Rights

  • Access: View all your data through the app at any time
  • Correction: Update your business profile in Settings
  • Deletion: Request account deletion (30-day grace period, FBR data retained per law)
  • Portability: Export invoices as PDF
  • Opt-out: Disable location collection, deny camera access — core invoicing still works

For privacy inquiries, data access requests, or account deletion:

support@riyazee.com