- Who we are & what this policy covers
- Information you provide
- Information about your customers that shopkeepers enter
- Information collected automatically
- How we use information
- Legal bases for processing (GDPR)
- Sharing & service providers
- Payments & subscriptions
- Offline data on your device
- Data retention
- Your rights & choices
- Account deletion
- Security
- International transfers
- Children
- Changes to this policy
- Contact us
1. Who we are & what this policy covers
Wasoolo is a digital khata (credit ledger) app for small businesses. Shopkeepers use it to record udhaar, installment (qist) plans, products and stock, and to share invoices and statements. Customers can use a free companion view to see their own ledger, chat with the shop, and submit payment proof.
This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. It covers the Wasoolo app on iOS and Android and the wasoolo.com website.
Who is responsible: the data controller for Wasoolo is Wasoolo. You can reach us any time at help@wasoolo.com.
One important thing to understand up front: Wasoolo is a record-keeping tool. We are not a bank, not a lender, we do not give loans, and we do not move money. Payments happen outside the app, directly between the shop and the customer. The app only records those payments and lets customers submit proof (for example, a screenshot).
2. Information you provide
When you create an account and use Wasoolo, you may give us:
- Account details: your name, email address, and phone number.
- Optional profile fields: father name, national ID / CNIC number, address, city, date of birth, gender, and WhatsApp number. These are optional — the app works without them.
- Business details: business name, logo, address, and payment method details (like a bank account title and account number) that you choose to show on your invoices and receipts.
- Photos: product photos, bill photos, ID document photos, and payment screenshots that you or your customers upload.
- Chat messages: messages sent between the shop and the customer inside the app.
- Records you create: khatas, entries, installment plans, guarantor details, groups, notes, and anything else you type into the app.
You decide how much of the optional information to add. If you do not want to store an ID number or photo, simply leave those fields empty.
3. Information about your customers that shopkeepers enter
Wasoolo lets a shopkeeper keep records about their own customers: names, phone numbers, addresses, ID details, khata amounts, and guarantor details. Here is how responsibility works, in plain language:
- The shopkeeper is responsible for having the right to enter and keep this information. If you are a shopkeeper, only enter customer details you collected honestly for your business, and respect your customers' wishes about their data.
- Wasoolo processes these records only to provide the service — storing them, syncing them across the shopkeeper's devices, showing the customer their own ledger, sending reminders the shopkeeper triggers, and generating documents. We do not use customer records for anything else, and we never sell them.
- If you are a customer of a shop that uses Wasoolo and you want a record corrected or removed, the fastest path is to ask the shop directly, because the shop controls its own khata records. You can also contact us at help@wasoolo.com and we will help.
In legal terms: for these records the shopkeeper acts as the controller and Wasoolo acts as a processor on their behalf.
4. Information collected automatically
To make the app work reliably, we automatically collect a small amount of technical information:
- Device push token and device type / operating system — needed for sync and push notifications.
- App diagnostics and error logs — so we can find and fix crashes and sync problems.
- Subscription status and store transaction identifiers from Apple or Google — so we know which plan your account has.
- Coarse usage events — for example a last-active time, used to show presence and keep sync healthy.
- Advertising identifier (free plan only) — used by our advertising partner Google AdMob to show and measure ads. We request non-personalized ads. Removing ads (upgrading your plan, or a customer No-Ads plan) stops this. See section 7a.
Just as important is what we do not collect:
- No precise location tracking. The app does not track where you are, and we do not use location for ads.
- No behavioral ad profiling. On the free plan we show non-personalized ads via Google AdMob; we do not build an advertising profile of you. Paid plans and No-Ads remove ads entirely.
- No contact upload without your action. We do not read or upload your phone contacts in the background.
- We never sell your personal data.
5. How we use information
We use the information above to:
- Provide the service: keep your khatas, udhaar records, qist plans, stock, and documents working and synced across your devices.
- Sign you in securely: verify your email or phone, support Google and Apple sign-in, PIN lock, and two-factor authentication.
- Send notifications: payment reminders, chat messages, approval requests, and important account alerts — you can control these in the app's notification settings.
- Generate documents: invoices, receipts, and statements with your business branding.
- Manage subscriptions: check your plan with Apple or Google and apply the right features.
- Keep the service safe: prevent abuse, enforce our security rules, and verify dangerous actions (like account deletion) with an OTP code.
- Improve the app: use diagnostics and error logs to fix bugs and make Wasoolo faster.
- Meet legal obligations where the law requires us to keep or share certain records.
6. Legal bases for processing (GDPR)
If you are in a region where the GDPR or similar laws apply, our legal bases are:
- Contract: most processing is needed to provide the service you signed up for — storing your ledger, syncing it, and sending the notifications the service depends on.
- Legitimate interest: keeping the service secure, preventing abuse, and fixing bugs using diagnostics.
- Consent: optional things like adding optional profile fields, or push notifications where your device asks for permission. You can withdraw consent at any time.
- Legal obligation: where we must keep or disclose information to comply with the law.
7. Sharing & service providers
We do not sell personal data. Apart from showing non-personalized ads on the free plan (via Google — see section 7a below), we do not share your data with advertisers, and we never share your khata, customer, or business records for advertising. We share data with the service providers (processors) that run the app for us, each for a specific purpose:
| Provider | Purpose | Data involved |
|---|---|---|
| Supabase | Cloud database and authentication | Account details, khata and business records, chat messages, sync data |
| Cloudflare R2 | Photo and media storage | Product photos, bill photos, ID document photos, payment screenshots, logos |
| Firebase Cloud Messaging (Google) | Push notifications | Device push token, notification content |
| Apple App Store | Subscription billing on iOS | Subscription status and transaction identifiers (Apple handles all payment details) |
| Google Play | Subscription billing on Android | Subscription status and transaction identifiers (Google handles all payment details) |
| Transactional email provider | Sending OTP verification codes | Your email address and the one-time code |
| Sign in with Google / Sign in with Apple | Optional sign-in methods | The name and email your Google/Apple account shares when you choose that sign-in |
| Google AdMob | Showing ads on the free plan (non-personalized) | Advertising identifier and general device information — no khata, customer or business data |
These providers may only use your data to provide their service to us. We may also disclose information if the law genuinely requires it, or to protect the safety of our users and the service.
7a. Advertising (free plan)
On the free plan, Wasoolo shows ads supplied by Google AdMob. We request non-personalized ads, so the ads you see are not based on a profile of your personal interests. To serve and measure ads, Google may process your device's advertising identifier and general device information, as described in Google's advertising & measurement policies.
You control this in two ways: you can reset or limit your advertising ID in your device settings (Android: Settings → Google → Ads; iOS: Settings → Privacy & Security → Tracking / Apple Advertising), and you can remove ads entirely — shopkeepers by upgrading to a paid plan, and customers with a No-Ads plan. We never share your khata, customer, chat, or business records with any advertiser.
8. Payments & subscriptions
All paid plans are billed entirely by Apple (App Store) or Google (Google Play) as auto-renewing subscriptions. This means:
- Wasoolo never sees or stores your card number or banking credentials. Payment details stay with Apple or Google.
- We store only your entitlement (which plan you have) and store transaction identifiers so the right features stay unlocked.
- Prices are shown inside the app and in the store. You can cancel any time in your App Store or Google Play account settings. Deleting the app does not cancel a subscription.
- Refunds are handled by Apple or Google under their policies.
- Downgrading never deletes your existing data — plan limits only block adding new items.
9. Offline data on your device
Wasoolo is offline-first. The app keeps a local database on your device so you can keep working without internet, and it syncs your records to the cloud when a connection is available. This local copy stays on your device until you sign out, delete the app's data, or delete your account. If you use the optional PIN app lock, opening the app requires your PIN.
10. Data retention
- Active accounts: we keep your data while your account is active, so your khata history is there when you need it.
- Trash: deleted items go to Trash first, so mistakes can be undone. Trashed items are permanently purged after about 30 days.
- Plan-based history limits: some history retention limits vary by plan — details are shown inside the app.
- Backups: you can create your own backups from the app (local file, or a complete backup with photos). Backups you save on your own device or storage are under your control.
- Account deletion: when you delete your account, deletion is permanent and completed across our systems and backups within 30 days (see section 12).
11. Your rights & choices
You are in control of your data. With any account you can:
- Access and correct your information directly in the app (profile, business details, records).
- Export your data from the app (CSV/Excel exports, PDF statements, and full backups).
- Delete individual records, all your data, or your whole account (see section 12).
- Control notifications in the app's notification settings and your device settings.
If GDPR or UK GDPR applies to you, you also have the rights to: access a copy of your data, rectification, erasure, restriction of processing, data portability, objection to processing based on legitimate interest, and the right to withdraw consent at any time. You may also complain to your local data protection authority.
California (CCPA/CPRA) note: we do not sell personal information and do not share it for cross-context behavioral advertising. California residents may request access, correction, or deletion, and we will not discriminate against you for exercising these rights.
How to exercise any right: use the in-app tools, or email help@wasoolo.com from your account email. We will respond within a reasonable time and may verify your identity first to protect your account.
12. Account deletion
You can permanently delete your Wasoolo account and its data from inside the app:
- Open the app and go to More → Danger zone → Delete account.
- Confirm with the OTP code sent to your account email.
This permanently deletes your account and its data, including cloud data. There is also a separate "Delete all data" option in the same Danger zone if you want to erase your data but keep the account.
If you cannot access the app, email help@wasoolo.com from the email on your account and we will delete it for you. The page wasoolo.com/delete-account.html explains the full process.
Deletion is permanent and is completed within 30 days across our systems and backups. It cannot be undone, so consider exporting a backup first.
13. Security
We take security seriously and build it in from the start:
- Encryption in transit: all traffic between the app and our servers uses HTTPS/TLS.
- Row-level security, default-deny: the database refuses access unless a rule explicitly allows it, so one account can never read another account's records.
- Permission system: employee logins have fine-grained permissions, and sensitive actions can require owner approval.
- PIN lock and 2FA: optional PIN app lock and optional two-factor authentication with an authenticator app.
- OTP-verified dangerous actions: risky operations like deleting all data or deleting the account require an email OTP code.
An honest note: no method of storage or transmission is 100% secure. We work hard to protect your data, and we recommend you use a strong device passcode, the PIN lock, and 2FA.
14. International transfers
Wasoolo is operated from Pakistan and available worldwide. Our service providers host data on cloud infrastructure that may be located outside your country. Wherever your data is processed, this policy and the safeguards described in it apply, and we choose providers with strong security practices. Where laws like the GDPR apply, transfers rely on appropriate safeguards such as the providers' standard contractual protections.
15. Children
Wasoolo is a business tool and is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has created an account, contact us at help@wasoolo.com and we will delete it.
16. Changes to this policy
We may update this policy as the app grows or laws change. When we make a meaningful change, we will update the effective date at the top of this page and, for important changes, tell you inside the app or by email. Continuing to use Wasoolo after a change means you accept the updated policy.
17. Contact us
Questions, requests, or concerns about privacy? We are happy to help.
- Email: help@wasoolo.com
- Contact page: wasoolo.com/contact.html