Privacy Policy

Last updated: April 2026

1. Introduction

Welcome to HisabNiben. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and protect your information when you use our mobile application or website.

By using our application, you agree to the collection and use of information in accordance with this Privacy Policy. HisabNiben is a business management application designed for shop owners and small businesses to manage customer balances and transactions.

2. Data Collection Summary (Google Play Compliance)

The table below summarizes all data types we collect, whether it is required, and how it is used — as required by Google Play's Data Safety policy:

Data Type Collected? Shared? Purpose
Name Yes (Required) No Account identification, personalization
Email Address Optional No Account recovery, communication
Phone Number Yes (Required) No Authentication, SMS notifications to customers
Transaction Records Yes (Required) No Core app functionality – business management
Customer Balance (Baki) Yes (Required) No Core app functionality – credit tracking
Contacts (Optional) Optional No Import customer name & phone from device
Device Type & OS Yes (Auto) No Push notifications (OneSignal), crash reports
App Usage Stats Yes (Auto) No Analytics to improve app performance
IP Address Yes (Auto) No Security, authentication, Firebase logs
Payment Info No No Handled by Google Play / bKash / Nagad
SMS / Call Logs No No We do NOT access SMS or call logs
Location Data No No We do NOT collect or track location
Photos / Files No No We do NOT access photos or files

3. Data We Collect (Detailed)

We may collect, use, store, and transfer different kinds of personal data, including:

Identity Data

  • First name
  • Last name
  • Username or similar identifier

Contact Data

  • Email address (optional)
  • Phone number (required for authentication)

Financial Data

  • Transaction records (payment amounts, due amounts)
  • Customer balance information (baki)
  • Product and stock information
Important: We do NOT store bank account numbers, credit card numbers, debit card numbers, or any payment credentials. All payment processing is handled securely by Google Play Billing, bKash, or Nagad.

Technical Data

  • IP address (logged by Firebase automatically)
  • Device type and model
  • Operating system version
  • App version

Usage Data

Information about how you use our app and services. Analytics data is collected in aggregated and anonymous form to improve app performance and user experience.

4. Mobile App Permissions

Our Android application requires the following permissions:

  • INTERNET – for cloud synchronization with Firebase and authentication
  • ACCESS_NETWORK_STATE – to detect internet connectivity status before sync
  • RECEIVE_BOOT_COMPLETED – to restore push notifications after device restart
  • VIBRATE – for notification vibration alerts
  • POST_NOTIFICATIONS – to send push notifications via OneSignal (Android 13+)
  • READ_CONTACTS (Optional) – to import a customer's name and phone number from your device contacts when adding a new customer
We do NOT request or require: SMS read/send, Call log access, Camera, Microphone, Location (GPS), Storage/Photos, or any other sensitive permissions.

Contacts Permission Details

  • Purpose: Optional feature to quickly add customers by selecting from your phone contacts
  • Data Accessed: Only the specific contact you select; we do not scan or access your entire contact list
  • How It Works: The app temporarily reads that contact's name and phone number to fill the customer form
  • Storage: Selected contact information is stored as customer data in your HisabNiben account within Firebase; it is not saved back to your device contacts
  • User Control: You can always manually enter customer details instead of using contacts
  • No Background Access: We never access contacts without your explicit, deliberate action
We do NOT:
  • Upload your entire contacts list to our servers
  • Share contacts with third parties
  • Use contacts for marketing, advertising, or analytics
  • Access contacts in the background without your knowledge

5. How We Use Your Data

We use personal data to:

  • Register and authenticate your account
  • Provide and maintain the service (customer management, transactions, stock)
  • Send push notifications via OneSignal
  • Send optional SMS notifications to your customers via BulkSMSBD
  • Provide customer support
  • Improve app performance and fix bugs
  • Detect and prevent technical issues or fraud

6. Data Storage and Security

  • All data is transmitted over encrypted connections (SSL/TLS 1.2+) between your device and Firebase servers
  • Data is stored securely using Firebase Cloud Firestore with Firebase's built-in security features
  • We use industry-standard security measures including secure authentication, access control mechanisms, and server-side encryption
  • We do not sell or rent your personal data to any third party
  • Limited data may be shared with trusted service providers only for app functionality (authentication, notifications, cloud storage, SMS delivery)

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide our services.

  • When you delete your account, all associated data (customers, transactions, products, settings) is permanently deleted from Firebase within 30 days
  • Backup copies may persist for up to 30 days after deletion as part of Firebase's standard backup cycle
  • Some anonymized analytics data may be retained in aggregated form for performance analysis
  • Payment records (transaction IDs, receipts) may be retained for legal and audit purposes as required by applicable law

8. Your Rights

Depending on applicable laws, you may have the right to:

  • Request access to your personal data
  • Request correction of inaccurate personal data
  • Request deletion of your personal data and account
  • Object to processing of your personal data
  • Request transfer of your data in a portable format (data portability)
  • Withdraw consent at any time (e.g., revoke contacts permission)

To exercise any of these rights, please contact us at sojoldev30@gmail.com.

9. Third-Party Services

OneSignal

Used for push notifications

  • Data collected: Device type, OS version, push tokens, basic app usage stats
  • No location tracking
  • No advertising ID collection
OneSignal Privacy Policy

Firebase (Google)

Used for authentication, cloud database, crash reporting, analytics

  • Data collected: Device and performance data, crash diagnostics, usage statistics
  • Data is encrypted in transit (TLS) and at rest (AES-256)
Firebase Privacy Policy

BulkSMSBD

Used to send SMS notifications to your customers

  • Data processed: Customer phone numbers, message content, delivery status
  • SMS messages are generated by you (shop owner) through the app
  • Delivery logs may be stored temporarily for record-keeping
  • Message content is not stored permanently beyond delivery confirmation
BulkSMSBD Website

10. Payments

Google Play Billing

  • All premium app features are purchased through Google Play Billing
  • Available subscriptions: 1 Month, 2 Month, 1 Year, Lifetime
  • Google securely processes all payment information; we do not store card numbers, bank details, or payment credentials

SMS Service Payments (bKash / Nagad)

  • Optional service to purchase SMS credits for customer notifications
  • Payments are only for SMS delivery, not app subscriptions
  • Stored data: User ID, sender phone number, transaction ID, package details
  • Payments are generally non-refundable after successful delivery

11. Children's Privacy

  • Service is not intended for children under 13
  • We do not knowingly collect personal data from children under 13
  • Any data from children under 13 will be deleted immediately upon discovery

12. Refund Policy

  • Purchases via Google Play Billing follow Google Play's refund policies
  • SMS service purchases via manual payment (bKash/Nagad) are generally non-refundable after delivery
  • Users may contact support for technical issues or dispute resolution

13. Account Deletion

You have the right to delete your account and all associated data at any time. Here's how:

How to Delete Your Account

  1. Email us at sojoldev30@gmail.com with the subject line "Account Deletion Request"
  2. Include your registered phone number or email address for verification
  3. We will verify your identity within 48 hours
  4. All your data (customers, transactions, products, settings) will be permanently deleted from Firebase within 30 days
  5. You will receive a confirmation email once deletion is complete

Note: After deletion, data cannot be recovered. Please export or backup your data before requesting deletion. Some payment records may be retained for legal purposes as required by applicable law.

14. Changes to This Policy

This Privacy Policy may be updated from time to time to reflect changes in our practices or for legal reasons.

Any changes will be posted on this page with the updated "Last updated" date. We may also notify you through the app or via email for significant changes.

We encourage you to review this Privacy Policy periodically.

Contact Us

If you have any questions about this Privacy Policy, your data, or wish to exercise your rights, please contact us:

Email sojoldev30@gmail.com
Phone +880 1310997902