Privacy Policy

Arriverr Business Management (package ID: com.arriverr.business_management) is a comprehensive, multi-platform Point-of-Sale and business operations application developed and published by Arriverr. The application is available on the following platforms:

This Privacy Policy governs the collection, processing, storage, and disclosure of information by the App across all supported platforms. It applies to business administrators who create and own a company account; sub-users (managers, cashiers, order bookers, viewers) added by the administrator; and all data entered into the system about third parties such as customers, suppliers, and employees.

The App supports multiple languages (English, Urdu, Arabic) and multiple currencies (PKR, SAR, USD, EUR, GBP, INR, AED, JPY, CNY, CAD, AUD), reflecting its international user base across Pakistan, Saudi Arabia, and other regions.

The following permissions are declared in AndroidManifest.xml and equivalent platform configurations. Each permission is used exclusively for the stated purpose.

* On Windows (MSIX), the equivalent capabilities declared are internetClient and privateNetworkClientServer, enabling internet and local network access.

The App does not request or use Location, Microphone, Contacts, Calendar, Bluetooth, SMS, Phone, Storage (READ/WRITE), Push Notifications, or any device permissions beyond those listed above.

All data collected by the App is business operational data explicitly entered by your organisation. We do not collect behavioural analytics, advertising identifiers, device fingerprints, or passive telemetry of any kind. The complete inventory of data stored in Cloud Firestore is:

Automatically collected via Firebase infrastructure: Firebase Auth internally manages session tokens and refresh tokens. Firestore logs request metadata for operational diagnostics — this is governed by Google Firebase's own privacy policy, not by this document.

Every piece of data collected serves a direct, specific operational purpose within the application. No data is used for any purpose outside of delivering the application's features to your organisation.

Authentication & Access Control: Email credentials authenticate users via Firebase Auth. User profiles and permission strings enforce role-based access to all screens and data operations in real time.

Point-of-Sale & Sales Operations: Customer data, product data, and pricing power the POS checkout, sale recording, receipt generation, stock level updates, and customer balance tracking.

Inventory Management: Product and batch data enable FIFO stock tracking, stock movement history, low-stock threshold alerting, and cost-of-goods calculations.

Financial Reporting: Transaction, expense, purchase, and sales data generate cash-flow reports, profit/loss analysis, customer/supplier ledgers, and employee payroll summaries — displayed exclusively within your company's account.

Document Generation (On-Device): The pdf and printing Flutter packages render A4 invoices and 58mm/80mm thermal receipts locally on your device from your business data. PDFs are generated in-memory and only printed/shared at your explicit direction — no PDFs are uploaded to any server.

Tax Filing (FBR / ZATCA): When enabled, invoice data is transmitted to government tax authority APIs on your behalf. Full details are in Sections 6 and 7.

QR Code Generation (On-Device): The qr_flutter package generates QR codes entirely on your device from ZATCA TLV-encoded data and FBR invoice references for embedding in receipts. No external QR service is contacted.

Order Management: The order-booking workflow uses booker identity, customer data, and area assignments to track field sales orders from submission through approval, dispatch, delivery, and conversion to sales records.

URL Launching: The url_launcher package may open external web links from the About or Contact Us screens. No application data is transmitted when opening a URL beyond the URL itself.

The App is built on Google Firebase (Google LLC). Your data is stored through two Firebase services:

Firebase Authentication (v5.3.1): Handles email/password sign-in, session token management, and secure credential storage. Passwords are never stored in plaintext. Firebase Auth applies modern cryptographic standards. When a user signs out, the session is invalidated and all subscriptions are cancelled.

Cloud Firestore (v5.4.4): A serverless NoSQL document database where all business data resides. Data is organised under a strict multi-tenant hierarchy isolating each business under its unique companyId:

Each business's data is isolated under a unique companyId (equal to the founding administrator's Firebase UID). Sub-users share the same company namespace but are restricted by application-level role-based access control.

By using the App you also agree to Google Firebase's Privacy Policy. All data in transit is encrypted with TLS; all data at rest is encrypted by Google Cloud AES-256 server-side encryption. Firebase may process data in US or other region data centres depending on your Firebase project configuration.

The App offers an optional integration with the Federal Board of Revenue (FBR) of Pakistan via the IMSP POS Integration API, enabling real-time electronic invoice submission as required by Pakistani tax law for registered POS merchants.

API Endpoints:
— Live: https://gw.fbr.gov.pk/imsp/v1/api/Live/PostData
— Sandbox: https://gw.fbr.gov.pk/imsp/v1/api/Sandbox/PostData

Data transmitted to FBR per invoice: Invoice number, POS ID, date/time (yyyyMMddHHmmss), buyer name (or "Walk-in Customer"), buyer type (B2C), payment mode (1=Cash / 2=Bank), line-item details (item code from product ID, item name, quantity, PCT code, tax rate, sale value, tax charged, discount, total amount), total bill amount, total sale value, total quantity, total tax charged, total discount, payable amount.

Credentials stored in Firestore (under your company settings document): FBR POS ID (integer), FBR User Token (Bearer authentication token), FBR NTN (National Tax Number), FBR STRN (Sales Tax Registration Number), Sandbox mode toggle.

FBR integration is disabled by default and entirely opt-in. The FBR API returns an Invoice Reference Number and a QR code string per successful submission. Both are saved to the sale record in Firestore and embedded into printed receipts and PDF invoices for consumer-facing tax compliance.

The App supports optional compliance with the Zakat, Tax and Customs Authority (ZATCA) e-invoicing mandate (Fatoora) of the Kingdom of Saudi Arabia.

Phase 1 — QR Code Generation (Fully On-Device): The App generates ZATCA-compliant QR codes locally on your device using a TLV (Tag-Length-Value) binary encoding per the ZATCA specification. The TLV payload is Base64-encoded using Dart standard libraries only:

Phase 2 (B2B Clearance) is not yet implemented. Future versions may add Phase 2 clearance API integration with ZATCA's Fatoora portal, at which point this policy will be updated. VAT number validation enforces the required 15-digit numeric format.

ZATCA integration is disabled by default. It applies only to VAT-registered businesses in the Kingdom of Saudi Arabia.

The App implements granular permission-based access control. Every user account holds a list of explicit permission strings in the format {module}:{action}. The system covers 24 modules and 4 actions (view, create, edit, delete) — totalling 96 possible permissions. Access to every screen and data operation is gated by these permissions, enforced in real time via a live Firestore profile stream.

Administrators can create custom roles with any combination of the 96 granular permissions tailored to their organisation. Role changes take effect immediately via real-time Firestore subscription.

On non-web platforms (Android, iOS, Windows, macOS, Linux), the App enables Firestore offline persistence with unlimited cache size. This stores a local copy of your Firestore data on the device so the application remains fully functional without an internet connection.

The local cache is stored within the App's sandboxed storage directory and is protected by the operating system's own security model (Android file-system sandbox, iOS app sandbox, Windows app container, etc.). Other applications on the device cannot access this cache.

The offline cache is cleared when the user signs out (subscriptions cancelled), when the application is uninstalled, or when the user manually clears app data through device settings. On the web platform, session-based caching applies for the browser session duration only.

Encryption in Transit: All communications between the App and Firebase servers or the FBR API occur over HTTPS (TLS 1.2+). The FBR API integration enforces a 30-second request timeout.

Encryption at Rest: Google Cloud Firestore encrypts all stored data with AES-256. Firebase Authentication credentials are stored in Google's secure backend, not in Firestore.

Android Build Security: Release builds use ProGuard/R8 code minification (isMinifyEnabled = true) and resource shrinking (isShrinkResources = true), significantly hardening against reverse engineering. The signing keystore is not committed to source control.

Session Isolation: On sign-out, the companyId is cleared from memory, all Firestore stream subscriptions are cancelled, and Firebase Auth tokens are invalidated. Re-access requires full re-authentication.

Real-Time Permission Enforcement: Permission changes applied by an administrator are reflected immediately through a live Firestore profile subscription — no app restart is required.

We do not sell, rent, trade, or broker your data to any third party under any circumstances. Data may only be disclosed in these strictly limited situations:

1. Within Your Organisation: Data is visible to sub-users within your company account, subject to their role permissions. You control who has what access.

2. Google Firebase (Infrastructure Processor): Your data is stored on Google Firebase infrastructure. Google acts as a data processor under Firebase's standard data processing addendum. Google does not use your App data to personalise Google products or serve advertisements.

3. FBR Government API — Pakistan Only, When Enabled: Invoice data is transmitted to gw.fbr.gov.pk only when FBR integration is enabled and a sale is completed. This fulfils your legal obligation as a registered POS merchant in Pakistan.

4. ZATCA — Phase 1 Fully On-Device: No ZATCA data is transmitted to any external server in the current version. QR generation is entirely local.

5. Legal Requirement: We may disclose data if compelled by applicable law, valid court order, or governmental authority. We will notify you of such requests where legally permitted.

Your data is retained for as long as your company account is active. Individual records persist until deleted through the App's interface or until the company account is removed.

In-App Record Deletion: Deleting any record (customer, product, transaction, etc.) removes the Firestore document immediately. Some deletions have cascading effects — for example, deleting a product also affects related stock item records.

Sub-User Account Removal: An admin can remove sub-user accounts from the Users management screen, deleting the Firestore userProfile document. The Firebase Auth record remains unless separately deleted via the Firebase console.

Full Company Account Deletion: To permanently delete your entire company account and all associated data, contact us at the address in Section 16. Upon verification of your administrator identity, we will complete data purge within 30 business days and confirm deletion in writing.

Local Device Cache: Uninstalling the App removes the local Firestore cache. You may also clear it via device app storage settings without uninstalling.

Depending on your jurisdiction, you hold the following rights over your personal data. We are committed to honoring all verified requests:

We will respond to all verified requests within 30 days. To exercise rights not available directly in the App, use the contact information in Section 16.

Arriverr Business Management is a professional business operations application designed exclusively for adults (18+). The App is not directed at individuals under 18 years of age, and we do not knowingly collect personal information from minors.

If you become aware that a person under the age of 18 has registered an account or that minor data has been entered without appropriate consent, please notify us immediately at the contact address in Section 16. We will take prompt action to remove such information from our systems.

We may revise this Privacy Policy from time to time to reflect changes in our application features, applicable laws, or operating practices. The "Last Updated" date in the masthead will always reflect the most recent revision.

For material changes that substantially affect your rights or how we process personal data, we will make reasonable efforts to notify you via an in-app notification, within the About/Settings screen, or via your registered email address.

Continued use of the application after any policy update constitutes your acceptance of the revised terms. If you do not accept the revised policy, please stop using the application and request account deletion per Section 12.

For any questions, concerns, data rights requests, or privacy complaints regarding Arriverr Business Management or this Privacy Policy, please reach out to our team through any of the channels below.

Developed & Published by

Arriverr

"Turn Your Ideas Into Reality"

You may also use the built-in Contact Us screen inside the App (accessible from the main navigation menu) to send a message directly via your device's email client or WhatsApp, without leaving the application.