Privacy Policy

SwiftPOS Technologies ("SwiftPOS", "we", "our", or "us") is committed to protecting the privacy and security of your personal and business data. This Privacy Policy describes how we collect, use, store, and share information when you use the SwiftPOS platform, including our web application, APIs, and related services (collectively, the "Service").

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please discontinue use of the Service.

2.1 Account Information

When you register, we collect:

• Full name, email address, and phone number
• Business name, business category, and currency preference
• Staff and branch count for account configuration
• Password (stored as a one-way hash — never in plain text)
• Google account ID (if you register or log in via Google)

2.2 Business Data

As you use the Service, we store:

• Products, inventory levels, prices, and categories
• Sales transactions, invoices, and payment records
• Expense records and customer information you enter
• Staff profiles and branch configurations

2.3 Technical Data

• IP address and browser/device user-agent at registration
• Session identifiers and authentication tokens
• Activity logs (login events, major account changes)

2.4 Communication Data

• Email addresses used to send OTP codes, invoices, and receipts
• WhatsApp-linked messages if you use our WhatsApp receipts feature

We use the information we collect to:

• Create and manage your SwiftPOS account and merchant profile
• Process and display your sales, inventory, and financial reports
• Send authentication OTP codes to verify your identity
• Deliver invoices and receipts to your customers on your behalf
• Administer your subscription plan and billing
• Detect fraud, unauthorized access, and abuse of the platform
• Provide customer support and respond to inquiries
• Improve and develop new features of the Service
• Comply with legal obligations under Tanzanian law

We will never use your business transaction data for advertising or sell it to third parties for marketing purposes.

We do not sell your personal or business data. We may share data only in these limited circumstances:

4.1 Service Providers

We work with trusted third-party providers who help us operate the Service, such as email delivery services and cloud hosting providers. These providers are contractually bound to use your data only to perform services for us.

4.2 Payment Processing

If you subscribe to a paid plan, payment information is processed by our payment partner (Stripe). SwiftPOS does not store full card numbers on our servers.

4.3 Legal Requirements

We may disclose your data when required by law, court order, or legitimate government authority under Tanzanian jurisdiction.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you in advance.

Your data is stored on secured servers. We implement the following security measures:

• All passwords are hashed using bcrypt — they are never stored in plain text
• All data in transit is encrypted via HTTPS/TLS
• Two-factor authentication (OTP via email) is required for all logins
• Access tokens expire and are invalidated on logout
• Activity logs track sensitive account changes

While we take every reasonable precaution, no internet-based service can guarantee 100% security. You are responsible for keeping your login credentials confidential.

SwiftPOS uses session cookies to keep you logged in during your browser session. We use the following types of cookies:

• Session cookies — required for authentication; deleted when you close your browser or log out
• CSRF tokens — required to protect form submissions from cross-site request forgery attacks

We do not use advertising cookies or third-party tracking pixels. You may disable cookies in your browser settings, but this will prevent you from logging in.

You have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you
• Correction — update inaccurate or incomplete information via your profile settings
• Deletion — request deletion of your account and associated data
• Portability — request an export of your business data in a machine-readable format
• Restriction — request that we restrict processing of your data in certain circumstances

To exercise any of these rights, contact us at support@swiftpos.co.tz. We will respond within 30 days.

We retain your account data for as long as your account is active. After account deletion:

• Personal profile data is deleted within 30 days
• Transaction and financial records may be retained for up to 7 years as required by Tanzanian tax and financial regulations
• Activity logs are retained for up to 12 months for security purposes

SwiftPOS is a business management platform intended exclusively for adults. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that a minor has registered, we will delete that account promptly.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by displaying a prominent notice in the dashboard. The "Last Updated" date at the top of this page will always reflect the most recent revision.

Continued use of the Service after the effective date of changes constitutes your acceptance of the revised policy.

If you have questions, concerns, or requests regarding this Privacy Policy, please reach out: