Privacy Policy
Table of Contents
1. Introduction
FasTrax (“we,” “our,” or “us”) operates the FTx POS application (the “App”), a cross-platform point-of-sale solution available on the Google Play Store and Microsoft Store. The App is a business-to-business (B2B) product designed exclusively for licensed business clients. It is not a consumer-facing application and does not offer public sign-up or self-registration.
Access to the App is granted exclusively through a license agreement between FasTrax and the business entity (“Client”). All user accounts and device credentials are provisioned by us or by the Client’s administrator as part of the onboarding process.
This Privacy Policy describes how we collect, use, store, and protect information when you use our App. By installing or using the App under a valid license, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the App.
2. Information We Collect
2.1 Business & Operational Data
The App is designed for business use and processes the following operational data:
- Sales transactions, cart items, amounts, discounts, and tax information
- Customer data linked to loyalty programs and house accounts
- Employee information, shift details, and reconciliation records
- Store and location information (store number, address)
- Inventory and product catalog data
- Cash drawer counts and reconciliation records
- Receipt and payment method details
2.2 Device & Technical Information
We automatically collect certain device and technical information to ensure the App functions properly and to diagnose issues:
- Device identifier, model, serial number, and device name
- Operating system type and version
- IP address and network connectivity status
- App version and build number
- Device timezone
- Computer name (on Windows devices)
2.3 Authentication & License Data
The App does not collect personal sign-up information from end users. All access is provisioned through our B2B licensing process. We collect:
- Employee PIN or biometric authentication events (Face ID, fingerprint) for secure login
- License keys and activation tokens issued to the Client
- Device registration information linked to the Client’s license
- Company code and secret key (used for device-to-license binding)
2.4 Crash & Performance Data
When errors or crashes occur, we collect diagnostic data including stack traces, breadcrumb trails of user interactions leading to the error, and performance metrics. Sensitive data such as passwords, authorization tokens, and API keys are automatically scrubbed before transmission.
3. How We Use Your Information
We use the collected information for the following purposes:
| Purpose | Description |
|---|---|
| Core Functionality | Processing sales transactions, managing inventory, and operating the point-of-sale system |
| Authentication | Verifying employee identity, managing access permissions, and license validation |
| Data Synchronization | Syncing data between devices via cloud services and peer-to-peer connections for offline capabilities |
| Error Diagnosis | Identifying and resolving bugs, crashes, and performance issues |
| Feature Configuration | Delivering remote configuration and feature flags to customize the App experience |
| Payment Processing | Facilitating card-based payment transactions through integrated payment terminals |
| Customer Management | Managing loyalty programs, house accounts, and customer records |
4. Data Storage & Security
4.1 Local Storage
Business and operational data is primarily stored locally on your device in an encrypted SQLite database. Application preferences and configuration settings are stored using platform-secure shared preferences.
4.2 Cloud Storage
Data is synchronized with our cloud infrastructure hosted on Amazon Web Services (AWS), which provides enterprise-grade security including encryption at rest and in transit.
4.3 Security Measures
- Sensitive data (passwords, tokens, API keys) is automatically scrubbed from crash reports
- Company secrets are cryptographically hashed (SHA-256) before inclusion in diagnostic reports
- Authentication tokens are securely managed and transmitted over encrypted connections
- Bearer token-based authentication for all API communications
- Biometric authentication support (Face ID, fingerprint) for enhanced device security
5. Third-Party Services
The App integrates with the following third-party services, each governed by their own privacy policies:
| Service | Provider | Purpose |
|---|---|---|
| Firebase | Google LLC | Remote configuration and feature flag management |
| Sentry | Functional Software, Inc. | Crash reporting, error tracking, and performance monitoring |
| AWS Services | Amazon Web Services | Cloud backend infrastructure, API services, and data synchronization |
| Nearpay | Nearpay | NFC-based card payment terminal integration |
We encourage you to review the privacy policies of these third-party services. We do not control and are not responsible for their privacy practices.
6. App Permissions
The App requests the following device permissions. Each permission is used solely for the stated purpose:
| Permission | Purpose |
|---|---|
| Internet & Network Access | Communicating with cloud servers for data synchronization, payment processing, and license validation |
| Location (Fine & Coarse) | Identifying store location for transaction records and local network device discovery |
| Bluetooth | Connecting to peripheral devices such as receipt printers, barcode scanners, and payment terminals |
| Storage (Read & Write) | Storing database backups, log files, and exported reports |
| Foreground Service | Maintaining data synchronization and payment processing while the App is in use |
| Boot Completed | Automatically restarting sync services after device reboot to ensure continuous POS operation |
| USB Host | Connecting to USB peripherals such as card readers and fingerprint scanners |
| Biometrics (Digital Persona) | Secure employee authentication |
7. Data Retention
We retain your data as follows:
- Business & transaction data: Retained locally on the device and in our cloud infrastructure for as long as your account is active and as required by applicable laws and regulations.
- Crash & diagnostic data: Retained for up to 90 days for debugging and performance analysis.
- Authentication data: Retained for as long as the associated account or license remains active.
- Device information: Retained for as long as the device is registered with our system.
Upon license termination or at the Client’s request, we will delete or anonymize associated data within 30 days, except where retention is required by law.
8. Data Sharing & Disclosure
We do not sell your personal information to third parties. We may share data in the following limited circumstances:
- Service Providers: With trusted third-party service providers (listed in Section 5) who assist us in operating and improving the App, under strict contractual obligations.
- Payment Processors: Transaction data necessary for processing card payments is shared with payment terminal providers.
- Legal Requirements: When required by law, regulation, legal process, or governmental request.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.
- Peer-to-Peer Sync: Business data may be shared between authorized devices on the same local network for offline synchronization purposes.
9. Children’s Privacy
The App is a B2B, license-based product designed exclusively for authorized business clients and their employees. It is not intended for general consumer use or for use by individuals under the age of 18. The App does not offer public sign-up and does not target or knowingly collect personal information from children. If we discover that a child under 18 has been granted access to the App, we will work with the Client to promptly revoke access and delete any associated data.
10. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your personal data, subject to legal retention requirements.
- Portability: Request a portable copy of your data in a commonly used format.
- Restriction: Request restriction of processing of your personal data.
- Objection: Object to the processing of your personal data for certain purposes.
To exercise any of these rights, please contact us using the information provided in Section 13.
11. International Data Transfers
Your data may be transferred to and processed in countries other than your own, including the United States, where our cloud infrastructure is hosted. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the “Effective Date” at the top of this policy and, where appropriate, through in-app notifications. Your continued use of the App after such changes constitutes acceptance of the updated policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us: