Privacy Policy
Table of Contents
1. Introduction
FasTrax (“we,” “our,” or “us”) operates the FTx POS Merchant App (the “App”), a mobile merchant management solution available on the Google Play Store. The App is a business-to-business (B2B) product designed exclusively for licensed business clients. It is not a consumer-facing application and does not offer public sign-up or self-registration.
Access to the App is granted exclusively through a license agreement between FasTrax and the business entity (“Client”). All user accounts and device credentials are provisioned by us or by the Client’s administrator as part of the onboarding process.
This Privacy Policy describes how we collect, use, store, and protect information when you use our App. By installing or using the App under a valid license, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the App.
2. Information We Collect
2.1 Business & Operational Data
The App is designed for business use and processes the following operational data:
- Inventory details including items, quantities, SKU numbers, and pricing
- Cycle count and inventory audit records
- Order and invoice information
- Remote sales transactions and records
- Employee information and access permissions
- Store location details
- Label management and printing data
- Lottery reconciliation records
- Dashboard and business analytics data
- E-commerce fulfillment data
2.2 Device & Technical Information
We automatically collect certain device and technical information:
- Device identifier (UUID), model, and manufacturer
- Operating system type and version
- IP address and network connectivity status
- App version and build number
- Scanner device type and hardware information
2.3 Authentication & License Data
The App does not collect personal sign-up information from end users. All access is provisioned through our B2B licensing process. We collect:
- Login credentials provisioned by the Client’s administrator (securely transmitted)
- Employee access tokens and permissions assigned by the Client
- License keys and activation tokens issued to the Client
- Device registration information linked to the Client’s license
2.4 Usage & Analytics Data
We collect anonymized usage analytics to understand how the App is used and to improve its features. This includes screen views, feature usage patterns, and interaction events.
2.5 Crash & Performance Data
When errors or crashes occur, we collect diagnostic data including stack traces, breadcrumb trails of user interactions leading to the error, and performance metrics. Sensitive data such as passwords, authorization tokens, and API keys are automatically scrubbed before transmission.
3. How We Use Your Information
| Purpose | Description |
|---|---|
| Core Functionality | Managing inventory, processing orders, cycle counting, invoice verification, and remote sales operations |
| Authentication | Verifying user identity, managing employee access and permissions, and license validation |
| Data Synchronization | Syncing data between devices via cloud services and peer-to-peer connections for offline capabilities |
| Analytics | Understanding feature usage, improving App performance, and enhancing user experience |
| Error Diagnosis | Identifying and resolving bugs, crashes, and performance issues via crash reporting |
| Feature Configuration | Delivering remote configuration and feature flags to customize the App experience |
| E-commerce Fulfillment | Managing and processing online order fulfillment through the integrated WebView module |
4. Data Storage & Security
4.1 Local Storage
Business and operational data is primarily stored locally on your device in a SQLite database. Application preferences, authentication tokens, and configuration settings are stored using platform-secure shared preferences.
4.2 Cloud Storage
Data is synchronized with our cloud infrastructure hosted on Amazon Web Services (AWS) via a secure message queuing system. All communications are encrypted in transit using TLS.
4.3 Security Measures
- Sensitive data (passwords, tokens, API keys, authorization headers) is automatically scrubbed from crash reports
- Bearer token-based authentication for all API communications
- Encrypted data transmission for all cloud communications
- Circuit breaker patterns and rate limiting for resilient network operations
- Rate-limited structured logging with a 5 GB/month cap on diagnostic data
5. Third-Party Services
The App integrates with the following third-party services, each governed by their own privacy policies:
| Service | Provider | Purpose |
|---|---|---|
| Firebase Analytics | Google LLC | Usage analytics, feature tracking, and user engagement metrics |
| Firebase Remote Config | Google LLC | Remote feature flag and configuration management |
| Sentry | Functional Software, Inc. | Crash reporting, error tracking, performance monitoring, and profiling |
| AWS Services | Amazon Web Services | Cloud backend infrastructure, API services, and data synchronization |
We encourage you to review the privacy policies of these third-party services. We do not control and are not responsible for their privacy practices.
6. App Permissions
The App requests the following device permissions. Each permission is used solely for the stated purpose:
| Permission | Purpose |
|---|---|
| Internet & Network Access | Communicating with cloud servers for data synchronization, license validation, and analytics |
| Camera | Barcode and product scanning for inventory management, cycle counting, and order processing |
| Location (Fine & Coarse) | Identifying store location for transaction records and local network device discovery |
| Bluetooth | Connecting to external barcode scanners (Honeywell, Unitech, Zebra) and peripheral devices |
| Storage (Read & Write) | Storing database files, log files, and exported reports |
| Phone State | Reading device identifiers for device registration and licensing purposes |
| Foreground Service | Maintaining data synchronization and background processing while the App is in use |
| Boot Completed | Automatically restarting sync services after device reboot to ensure continuous operation |
7. Data Retention
- Business & operational data: Retained locally on the device and in our cloud infrastructure for as long as your account is active and as required by applicable laws.
- Analytics data: Retained in aggregate form for up to 14 months by Firebase Analytics.
- Crash & diagnostic data: Retained for up to 90 days for debugging and performance analysis.
- Authentication data: Retained for as long as the associated account or license remains active.
- Device information: Retained for as long as the device is registered with our system.
Upon license termination or at the Client’s request, we will delete or anonymize associated data within 30 days, except where retention is required by law.
8. Data Sharing & Disclosure
We do not sell your personal information to third parties. We may share data in the following limited circumstances:
- Service Providers: With trusted third-party service providers (listed in Section 5) who assist us in operating and improving the App, under strict contractual obligations.
- Legal Requirements: When required by law, regulation, legal process, or governmental request.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.
- Peer-to-Peer Sync: Business data may be shared between authorized devices on the same local network for offline synchronization.
- E-commerce Platform: Order and fulfillment data is exchanged with the FTx Commerce platform for order processing.
9. Children’s Privacy
The App is a B2B, license-based product designed exclusively for authorized business clients and their employees. It is not intended for general consumer use or for use by individuals under the age of 18. The App does not offer public sign-up and does not target or knowingly collect personal information from children. If we discover that a child under 18 has been granted access to the App, we will work with the Client to promptly revoke access and delete any associated data.
10. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your personal data, subject to legal retention requirements.
- Portability: Request a portable copy of your data in a commonly used format.
- Restriction: Request restriction of processing of your personal data.
- Objection: Object to the processing of your personal data for certain purposes.
- Opt-Out of Analytics: You may disable analytics data collection by contacting us.
To exercise any of these rights, please contact us using the information provided in Section 13.
11. International Data Transfers
Your data may be transferred to and processed in countries other than your own, including the United States, where our cloud infrastructure is hosted. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the “Effective Date” at the top of this policy and, where appropriate, through in-app notifications. Your continued use of the App after such changes constitutes acceptance of the updated policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us: