Privacy policy
Last updated: 2026-05-31. Effective immediately. Operated by Bushveld Smart Technologies.
This policy explains what data Wearloop POS (the "app") collects, why we collect it, who can see it, and how to ask us to delete it. We've kept it short and specific. If anything is unclear, email support@bushveldtech.com and a human will reply.
Who we are
Wearloop is a product of Bushveld Smart Technologies. Wearloop is the data controller for personal data you give us as a shop owner, cashier, or firm admin. Your shop's customers are not Wearloop users — the app does not collect customer personal data (no names, phone numbers or emails of the people buying from you).
What we collect
From you, the user:
- Google account email + display name + profile photo (because sign-in is Google-only).
- Your role (shop owner / firm admin / cashier) and which shop(s) you're assigned to.
- Account status (active, blocked, deleted) and the timestamp of changes.
From your business operations:
- Firm details: name, country, currency, tax rate, address, phone, email, tax ID, logo, receipt header/footer.
- Products, categories, brands, suppliers and stock levels.
- Sales, refunds, payment methods used, discounts applied, stock movements, transfers, purchase orders.
- Cashier shift open/close times, declared cash, variances.
Automatically, for stability:
- Crash reports via Firebase Crashlytics (stack trace, device model, OS version — no PII).
- Anonymous product analytics (Firebase Analytics) — which screens get used, which features get tapped. We don't sell this and it doesn't leave Google.
What we DO NOT collect
- No location / GPS data. The app never reads
your device location. The legacy location permission on
Android 11 and below exists only because that OS used to
require it for Bluetooth printer scanning — modern Android
uses a different permission with the
neverForLocationflag. - No contacts, no microphone, no SMS.
- No customer personal data. Receipts contain product lines and totals, never the buyer's name or contact.
How we use it
- To run the till and keep your books straight (everything in the "business operations" bucket above).
- To enforce role-based access — cashiers only see what cashiers should see, owners see everything.
- To bill you for your subscription (per-shop monthly fee).
- To fix crashes and improve features (crash + analytics).
- To verify the app hasn't been tampered with (Google Play Integrity via Firebase App Check).
Who sees it
- You and your firm: your data is scoped to your firm's records. Other firms cannot see your data.
- Google Firebase: hosts the database
(Firestore), authentication (Firebase Auth), file storage
(Cloud Storage), and crash/analytics. Data is stored in
Google's
africa-south1region. - Bushveld Smart Technologies platform admins: named individuals at our company with audit-logged super-admin access. We only look at firm data on your request (support tickets) or to investigate suspected fraud.
- Nobody else. We don't sell data to ad networks or data brokers.
How long we keep it
- Active accounts: data is kept for as long as the firm is active.
- After you request deletion: personal data is anonymised within 7 days (see the account deletion page for the full procedure).
- Sales & tax records: kept for 7 years after the deletion request, with all personal identifiers replaced. Required by tax authorities across Southern Africa.
Your rights
- Access — email us and we'll send you a machine-readable export of your firm's data.
- Correction — most fields you can edit yourself in the app. For anything else, email support.
- Deletion — see the account deletion page.
- Portability — included in the access export.
- Complaint — to us first (support@bushveldtech.com), then to your local data-protection authority if unresolved (POPIA Information Regulator in South Africa; equivalent bodies in Zimbabwe, Zambia, etc.).
Security
- HTTPS everywhere. Sign-in via Google OAuth — we never see your Google password.
- Firestore security rules enforce per-firm and per-role access at the database layer (not just the app).
- Firebase App Check + Play Integrity verify each request comes from an unmodified Wearloop app on a genuine device.
- All employees with platform-admin access sign a confidentiality agreement and operate under audit logs.
Children
Wearloop is a business tool, not for children. We don't knowingly collect data from anyone under 18.
Changes
If we change this policy materially, we'll notify firm owners by email at least 14 days before the change takes effect. The "last updated" date at the top is the source of truth.
Contact
Email support@bushveldtech.com. Postal address available on request.