← Busara Digital

PRIVACY POLICY — SOKOFY

Last Updated: 21 March 2026

1. Introduction

Busara Digital (“Busara Digital”, “we”, “us”, or “our”) operates Sokofy, a simple Point-of-Sale (POS) and business management application designed to assist shopkeepers and business owners—such as retail shops, wholesale businesses, and service-based businesses—in managing day-to-day operations, including sales records, business summaries, and operational insights (the “Service”).

This Privacy Policy explains how we collect, use, store, protect, and disclose information when you use Sokofy through our mobile applications, associated web services, and related features.

Sokofy is currently intended for users in the United Republic of Tanzania. We may expand availability to other countries in the future. When required, this Privacy Policy will be updated to reflect applicable data protection laws and operational requirements.

By accessing or using Sokofy, you confirm that you have read, understood, and agreed to this Privacy Policy. If you do not agree, you must discontinue use of the Service.

This Privacy Policy should be read together with our Terms of Service.

2. Information We Collect

Sokofy is primarily offline-first. Most business data you create in the app is stored locally on your device. We collect and process limited information to provide authentication, security, support, and legally required operations.

2.1 Personal Information

When you create an account or use Sokofy, we may collect:

2.2 Local Business Data You Enter (Stored on Your Device)

Sokofy stores business data locally on your device, which may include:

This local data remains on your device unless you choose to export or share it (for example, by generating and sharing a PDF report).

Sokofy may also provide an in-app reset feature in Settings that allows you to delete local business data stored on that device and start your business records again from scratch. This reset is a local device action and does not itself delete your Sokofy account.

2.3 Authentication and Account Profile Data (Cloud)

Sokofy uses Firebase Authentication for sign-in (email/password and Google Sign-In). Sokofy also stores limited account profile fields in a cloud database (Cloud Firestore), such as:

2.4 Email OTP Verification Data (Cloud)

For certain security flows (such as email verification and password reset), Sokofy uses one-time verification codes (“OTP”) sent to your email address. To provide these flows, our backend may store limited OTP-related data, such as:

2.5 Support Requests and Feature Requests

If you submit a support request or feature request through the app, we receive the message you provide. To help troubleshoot, the app may also include basic technical details such as your app version, platform, and the screen you were on when you sent the request.

2.6 Photos (Profile/Background Images)

Sokofy may request permission to access your photos/media library only when you choose to pick a profile or background image. Selected images are stored on your device. Sokofy is not designed to upload your photos to Busara Digital servers as part of this feature.

2.7 App Lock and Biometrics (Optional)

Sokofy may offer an optional app lock feature that uses a PIN and (where supported) biometric unlock. The PIN is stored as a salted hash in secure storage on your device. Biometric authentication is performed by your device’s operating system; Busara Digital does not receive or store your biometric data.

2.8 Payments

Sokofy is currently provided free of charge and does not process payments or subscriptions.

2.9 Network and Technical Data

When cloud features are used (such as authentication, OTP verification, support submissions, or account deletion), network-related data (such as IP address) may be processed by our service providers as part of normal network operations.

3. How We Use Information

3.1 Service Operation

3.2 Authentication and Security

To authenticate users via email-based login and Google Sign-In. Authentication is handled through Firebase Authentication, which applies industry-standard security practices.

We also use OTP verification and related security controls to help protect accounts and prevent abuse.

3.3 Support and Communication

To respond to support requests via:

To troubleshoot issues and respond to feature requests.

3.4 Legal and Regulatory Compliance

4. Data Sharing and Disclosure

Sokofy does not sell, rent, or trade personal user data.

4.1 User-Controlled Sharing

Users may voluntarily export or share their own business data (for example, generating or sharing PDF reports). Such actions are fully controlled by the user.

4.2 Third-Party Services

We use trusted third-party services strictly for app functionality, including:

These services process data in accordance with their own privacy and security policies.

4.3 Legal Obligations

We may disclose information if required by law, regulation, court order, or lawful government request.

5. Data Storage, Backup, and Security

5.1 Local Data Storage

Business operation data is primarily stored locally on the user’s device using a local database in the app’s device storage. Deleting the app, clearing app storage, using the in-app local data reset feature, or deleting your account may permanently remove locally stored data.

The in-app local reset feature is designed to remove local business records for the active business on that device, including products, sales records, orders, expenses, inventory debts, inventory notes, local notifications, and certain tenant-level local settings used by the app. It is intended for situations where a user wants to clear business records and begin again.

This local reset does not, by itself, delete the user’s remote account. Certain user or device preferences may remain, such as sign-in state, language, theme, or app-lock configuration, unless removed through separate account deletion, app storage clearing, or device-level actions.

5.2 Cloud Services and Future Backup

User authentication and limited account profile fields are managed using Firebase services. Sokofy does not currently provide a general-purpose cloud backup or synchronization service for your local business data.

If optional cloud backup or synchronization features are introduced in the future, they will be clearly explained, optional (where applicable), and covered by an updated Privacy Policy.

5.3 Security Measures

We use reasonable administrative, technical, and organizational safeguards appropriate to the nature of the data. Authentication security is handled by Firebase Authentication. Sokofy may also provide optional app lock features on-device. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

6. Data Retention and Deletion

Local data: Your business data stored on your device is kept until you delete it, delete your account, use the in-app local reset feature, clear app storage, or uninstall the app.

Account profile data: Limited account profile fields stored in Cloud Firestore are retained while your account is active and may be deleted when you delete your account.

OTP data: OTP records are designed to expire after a short time (typically minutes) and may be deleted after completion of the verification flow.

Deleted-email cooldown: If you delete your account, we may retain a hashed record of your email address for a limited time (currently up to 7 days) to prevent abuse and to enforce a cooldown period before re-registration with the same email.

For step-by-step instructions on account deletion, see: How to Delete Your Sokofy Account.

7. Your Choices and Rights

Depending on your circumstances and applicable law, you may be able to:

The in-app local reset feature requires explicit user confirmation, including multiple confirmation steps, before it proceeds. Once data is deleted from the device, it cannot be recovered.

8. International Data Processing

Some cloud services we use may process and store data on servers located outside Tanzania. Where this applies, we rely on our service providers’ security and compliance measures.

9. Application Access and Updates

Sokofy is distributed exclusively through Google Play Store and Apple App Store. Updates may be released regularly to improve features, performance, and security.

10. Children’s Privacy

Sokofy is not intended for users under the age of 16. We do not knowingly collect personal information from children. If such data is identified, it will be deleted promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect new features or services, legal or regulatory requirements, and operational or security improvements.

Updates will be communicated through app store listings, in-app notices, or updated policy pages.

12. Contact Information

Developer: Busara Digital
Phone: +255 696 189 401
Email: sokofy.pos@gmail.com