This Privacy Policy explains how BazaarMint ("we", "us", "our") handles information when you use the BazaarMint POS application and website at bazaarmint.com (together, "the Service"). Please read it together with our Terms & Conditions. By using the Service you agree to the practices described here.
BazaarMint provides a point-of-sale and shop-management service for retailers, operated from Pakistan. This policy covers the web application at www.bazaarmint.com, the installable app (PWA) version of it, and the static pages of the website. It applies to shop owners who create an account, to employee users an owner creates, and — in a limited way described in section 5 — to the personal data of a shop's customers that an owner records in the app.
We use your information only to provide and operate the Service: to authenticate you, store and sync your Business Data across your devices, apply and manage your subscription, respond to support requests, and keep the Service secure and working. We do not use your data for advertising, we do not sell or rent it to anyone, and we do not run third-party analytics on it.
When an Owner records personal data about their own customers or employees (for example a customer's name, phone number or udhaar balance), the Owner acts as the controller of that data: the Owner decides what to record and why. BazaarMint processes that data only on the Owner's behalf, in order to provide the Service. The Owner is responsible for having the right to record that information and for handling it lawfully — for example, telling customers their khata is kept digitally if local rules require it, and removing records when no longer needed. If an End customer asks us directly about data a shop holds on them, we will refer them to the shop, since only the Owner controls that data.
Actions taken in a store — sales, returns, stock changes, payments, settings changes and similar — are recorded in an audit log together with who performed them (the Owner or a named employee). The Owner can view this log. If you use the Service as an employee, you should be aware that your in-app actions are attributed to you and visible to the store Owner. This is a deliberate accountability feature of a multi-user business tool.
The Service stores data on your device using browser storage (localStorage and IndexedDB) so the app can start fast and keep working offline. This includes a cached copy of your store's data, your session, and offline changes waiting to sync. We do not use advertising cookies or cross-site tracking. Data cached on a device stays there until you sign out fully, delete the account, or clear the browser/app storage — so be careful on shared or public devices: use the full "Sign out" option (not just Lock) before handing a device to someone outside your business.
Phone sign-in and phone-number verification use one-time SMS codes delivered via Google Firebase Authentication. PIN-reset links are sent by email via Resend, our transactional email provider, from noreply@bazaarmint.com. We send only service messages (verification codes, PIN resets, important account or service notices) — we do not send marketing messages to your customers, and we do not use your contact details for advertising.
Your data is stored on Google Firebase / Google Cloud infrastructure (Firestore database, Authentication, Cloud Storage and Cloud Functions). These servers may be located outside Pakistan — currently primarily in the United States (us-central1) — and are protected by Google's security measures. By using the Service you consent to your information being transferred to and stored on servers outside Pakistan as needed to operate the Service.
We do not sell your data — ever. We share information only: (a) with the service providers listed above, strictly to run the Service; (b) when required by law, regulation or a valid legal process; (c) where necessary to protect the rights, safety or property of BazaarMint, our users or the public (for example investigating fraud or abuse); and (d) if BazaarMint is involved in a merger, acquisition or sale of assets, in which case your data may transfer to the successor — we would notify you before your data becomes subject to a different privacy policy.
Access to your store is protected by your account sign-in (Google or phone OTP) plus a 6-digit PIN, and employee access by per-employee ID + PIN logins with repeated-failure lockouts. PINs are never stored in readable form — only as salted PBKDF2 hashes. Each store's data is isolated by server-side security rules so one account cannot read another's data. Data in transit is encrypted (HTTPS). That said, no method of transmission or storage is 100% secure, so we cannot guarantee absolute security; please keep your PIN and sign-in credentials confidential.
We retain your Business Data for as long as your account is active so your records and history remain available to you. If you factory-reset your store or delete your account, the corresponding data is removed from the live Service. Backups and exports that you create yourself (for example Excel exports or backup files) are stored wherever you save them and are your responsibility to protect and delete.
You can delete your account from Settings → Danger Zone (admin only, after re-verifying your identity). This removes your store's data from the Service and deletes the sign-in account itself, freeing your Google account or phone number for use elsewhere. Deletion is permanent and cannot be undone, so export your data first if you may need it. Some minimal residual records may persist in encrypted system backups for a limited period before being purged in the normal backup cycle.
The Service is a business tool and is not directed at children. It is not intended for use by anyone under 13, and accounts should be created only by adults authorised to act for a business. We do not knowingly collect personal data from children; if you believe a child has provided us data, contact us and we will delete it.
If a security breach affects your personal data or your store's data in a way that creates a real risk to you, we will notify affected Owners without undue delay using the contact details on the account (email or phone), describe what happened, and explain the steps we are taking — and any steps you should take — in response, to the extent required by applicable law.
The Service depends on third-party infrastructure (chiefly Google Cloud). Outages, data incidents or changes at those providers, as well as events beyond our reasonable control (natural disasters, power or internet failures, government actions), may temporarily affect availability or, in extreme cases, data. We choose reputable providers and design the app to tolerate interruptions (offline mode, on-device cache), but we cannot be responsible for failures of third-party infrastructure or events of force majeure.
We may update this policy from time to time. When we do, we will change the "Last updated" date above, and for material changes we will give notice in the app. Continued use of the Service after an update means you accept the revised policy. If you do not agree with a change, stop using the Service and delete your account.
This policy is governed by the laws of the Islamic Republic of Pakistan. Any disputes relating to it are subject to the jurisdiction of the courts of Pakistan, as set out in our Terms & Conditions.
Questions, requests or complaints about privacy: support@bazaarmint.com. We aim to respond promptly to all privacy enquiries.