Privacy Policy

Effective date: July 4, 2026 · Applies to the Wasoolo mobile app and wasoolo.com

1. Who we are & what this policy covers

Wasoolo is a digital khata (credit ledger) app for small businesses. Shopkeepers use it to record udhaar, installment (qist) plans, products and stock, and to share invoices and statements. Customers can use a free companion view to see their own ledger, chat with the shop, and submit payment proof.

This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. It covers the Wasoolo app on iOS and Android and the wasoolo.com website.

Who is responsible: the data controller for Wasoolo is Wasoolo. You can reach us any time at help@wasoolo.com.

One important thing to understand up front: Wasoolo is a record-keeping tool. We are not a bank, not a lender, we do not give loans, and we do not move money. Payments happen outside the app, directly between the shop and the customer. The app only records those payments and lets customers submit proof (for example, a screenshot).

2. Information you provide

When you create an account and use Wasoolo, you may give us:

You decide how much of the optional information to add. If you do not want to store an ID number or photo, simply leave those fields empty.

3. Information about your customers that shopkeepers enter

Wasoolo lets a shopkeeper keep records about their own customers: names, phone numbers, addresses, ID details, khata amounts, and guarantor details. Here is how responsibility works, in plain language:

In legal terms: for these records the shopkeeper acts as the controller and Wasoolo acts as a processor on their behalf.

4. Information collected automatically

To make the app work reliably, we automatically collect a small amount of technical information:

Just as important is what we do not collect:

5. How we use information

We use the information above to:

If you are in a region where the GDPR or similar laws apply, our legal bases are:

7. Sharing & service providers

We do not sell personal data. Apart from showing non-personalized ads on the free plan (via Google — see section 7a below), we do not share your data with advertisers, and we never share your khata, customer, or business records for advertising. We share data with the service providers (processors) that run the app for us, each for a specific purpose:

ProviderPurposeData involved
SupabaseCloud database and authenticationAccount details, khata and business records, chat messages, sync data
Cloudflare R2Photo and media storageProduct photos, bill photos, ID document photos, payment screenshots, logos
Firebase Cloud Messaging (Google)Push notificationsDevice push token, notification content
Apple App StoreSubscription billing on iOSSubscription status and transaction identifiers (Apple handles all payment details)
Google PlaySubscription billing on AndroidSubscription status and transaction identifiers (Google handles all payment details)
Transactional email providerSending OTP verification codesYour email address and the one-time code
Sign in with Google / Sign in with AppleOptional sign-in methodsThe name and email your Google/Apple account shares when you choose that sign-in
Google AdMobShowing ads on the free plan (non-personalized)Advertising identifier and general device information — no khata, customer or business data

These providers may only use your data to provide their service to us. We may also disclose information if the law genuinely requires it, or to protect the safety of our users and the service.

7a. Advertising (free plan)

On the free plan, Wasoolo shows ads supplied by Google AdMob. We request non-personalized ads, so the ads you see are not based on a profile of your personal interests. To serve and measure ads, Google may process your device's advertising identifier and general device information, as described in Google's advertising & measurement policies.

You control this in two ways: you can reset or limit your advertising ID in your device settings (Android: Settings → Google → Ads; iOS: Settings → Privacy & Security → Tracking / Apple Advertising), and you can remove ads entirely — shopkeepers by upgrading to a paid plan, and customers with a No-Ads plan. We never share your khata, customer, chat, or business records with any advertiser.

8. Payments & subscriptions

All paid plans are billed entirely by Apple (App Store) or Google (Google Play) as auto-renewing subscriptions. This means:

9. Offline data on your device

Wasoolo is offline-first. The app keeps a local database on your device so you can keep working without internet, and it syncs your records to the cloud when a connection is available. This local copy stays on your device until you sign out, delete the app's data, or delete your account. If you use the optional PIN app lock, opening the app requires your PIN.

10. Data retention

11. Your rights & choices

You are in control of your data. With any account you can:

If GDPR or UK GDPR applies to you, you also have the rights to: access a copy of your data, rectification, erasure, restriction of processing, data portability, objection to processing based on legitimate interest, and the right to withdraw consent at any time. You may also complain to your local data protection authority.

California (CCPA/CPRA) note: we do not sell personal information and do not share it for cross-context behavioral advertising. California residents may request access, correction, or deletion, and we will not discriminate against you for exercising these rights.

How to exercise any right: use the in-app tools, or email help@wasoolo.com from your account email. We will respond within a reasonable time and may verify your identity first to protect your account.

12. Account deletion

You can permanently delete your Wasoolo account and its data from inside the app:

  1. Open the app and go to More → Danger zone → Delete account.
  2. Confirm with the OTP code sent to your account email.

This permanently deletes your account and its data, including cloud data. There is also a separate "Delete all data" option in the same Danger zone if you want to erase your data but keep the account.

If you cannot access the app, email help@wasoolo.com from the email on your account and we will delete it for you. The page wasoolo.com/delete-account.html explains the full process.

Deletion is permanent and is completed within 30 days across our systems and backups. It cannot be undone, so consider exporting a backup first.

13. Security

We take security seriously and build it in from the start:

An honest note: no method of storage or transmission is 100% secure. We work hard to protect your data, and we recommend you use a strong device passcode, the PIN lock, and 2FA.

14. International transfers

Wasoolo is operated from Pakistan and available worldwide. Our service providers host data on cloud infrastructure that may be located outside your country. Wherever your data is processed, this policy and the safeguards described in it apply, and we choose providers with strong security practices. Where laws like the GDPR apply, transfers rely on appropriate safeguards such as the providers' standard contractual protections.

15. Children

Wasoolo is a business tool and is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has created an account, contact us at help@wasoolo.com and we will delete it.

16. Changes to this policy

We may update this policy as the app grows or laws change. When we make a meaningful change, we will update the effective date at the top of this page and, for important changes, tell you inside the app or by email. Continuing to use Wasoolo after a change means you accept the updated policy.

17. Contact us

Questions, requests, or concerns about privacy? We are happy to help.