Privacy Policy — Duka Smart

Introduction

Welcome to Duka Smart ("we", "our", or "us"). Duka Smart provides a shop management application and related services (the "Service"). This Privacy Policy explains what personal information we collect, how we use and share it, and the rights you have over your information.

Please read this policy carefully. By using our app or services you agree to the collection and use of information in accordance with this policy.

Contact & Controller

Controller: Duka Smart
Address: Sinza, Palestina
Email: Info@dukasmart.co.tz
If you have any questions about this Privacy Policy, or would like to exercise your rights, please contact us at the email above.

Data We Collect

We collect different types of data to provide and improve our Service. The table below summarizes categories of data we collect, why, and whether it is required:

Data Category	Examples	Purpose	Required?
Account Information	Full name, email address, phone number, business name	Create and manage your account, authentication, customer support	Yes
Payment & Billing	Billing address, transaction history	Process payments, refunds, invoices	No (offline payments)
Device & Usage Data	Device model, OS version, app usage logs, crash reports	App performance, diagnostics, improve features	Partially
Shop Data	Product lists, prices, inventory, sales records	Provide shop management functionality	Yes (for functionality)
Location Data	Approximate or precise device location (if enabled)	Optional features (e.g., location-based tax rules)	No (optional)
Analytics & Diagnostics	Usage metrics, event logs	Improve app, usage analytics	No (can be limited/opted out)
Cookies & Local Storage	Session tokens, preferences	Maintain sessions, preferences	No (but improves experience)

How We Use Your Data

We use data to:

Provide, operate, and maintain the Service;
Process transactions, billing and refunds;
Authenticate and secure accounts;
Improve and personalize the Service;
Send administrative and marketing communications (with opt-out where required);
Detect and prevent fraud or abuse.

Legal Bases for Processing (Where Applicable)

If you are in a jurisdiction that requires us to state legal bases (for example, the EU under GDPR), we rely on:

Processing necessary for the performance of a contract (e.g., account and shop management);
Processing necessary for compliance with legal obligations;
Processing based on legitimate interests (e.g., improving our Service, fraud prevention), balanced against your rights;
Consent, where required (e.g., optional analytics or marketing).

Sharing & Disclosure

We may share data in the following situations:

Service Providers: Third-party vendors who perform services for us (payment processors, hosting, analytics).
Legal Requirements: If required by law, court order, or to respond to lawful requests from public authorities.
Business Transfers: In connection with a merger, sale, or transfer of assets (we will notify users when possible).
With Your Consent: When you ask us to share or integrate your data with other services.

Third-Party Services & SDKs

We use third-party services such as payment processors (e.g., Stripe, PayPal), app analytics providers, and crash reporting tools. These third parties have their own privacy practices. We recommend reviewing their privacy policies before using our Service.

Examples of categories: payment processors, cloud hosting, analytics, email providers, and push notification services.

Analytics & Ads

We may use analytics tools to collect aggregate usage information. If we use advertising or remarketing, we will disclose the specifics and provide opt-out mechanisms where required by law.

Cookies & Local Storage

We (and our partners) may use cookies, web storage, and similar technologies to store information and preferences. You can control cookies through your browser or device settings. Disabling some cookies may affect app functionality.

Security

We take reasonable measures to protect personal information from loss, theft, misuse and unauthorized access, disclosure, alteration, and destruction. However, no method of transmission or storage is 100% secure — absolute security cannot be guaranteed.

Data Retention

We retain personal data as long as necessary to provide the Service, for legal obligations, resolve disputes, and enforce agreements. Specific retention periods depend on the type of data and the reason for retention.

Your Rights

Depending on your location, you may have rights including:

Access to the personal data we hold about you;
Rectification of inaccurate or incomplete data;
Deletion (right to be forgotten), subject to legal exceptions;
Restriction or objection to processing;
Data portability (where applicable);
Withdraw consent for processing where processing is based on consent.

To exercise these rights, contact us at [Contact Email]. We may ask for information to verify your identity before fulfilling requests.

Children’s Privacy

Our Service is not intended for children under 13 (or higher minimum age required by local law). We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will take steps to delete it.

International Transfers

Your information may be stored and processed in countries other than your own. We will take steps required by law to protect your data when transferred across borders (e.g., standard contractual clauses where applicable).

How to Opt-Out

If you want to opt out of analytics, marketing communications, or certain data processing, please:

Change your settings within the app (where available);
Follow unsubscribe instructions in marketing emails; or
Contact us at [Contact Email].

Changes to This Policy

We may update this policy from time to time. When we make material changes, we will update the "Effective date" at the top and, where appropriate, notify you (for example, via email or in-app notice).

Dispute Resolution & Governing Law

This policy is governed by the laws applicable to the location of the company (replace with your jurisdiction). For disputes, please contact us first so we can try to resolve the issue.

Additional Information for Google Play (App Privacy & Data Safety)

When you submit your app to Google Play, you must accurately complete the Play Console Data Safety section. Common data types to disclose include: Location, Personal identifiers (name, email), Financial information, Health & sensitive data (if any), Contacts, Photos & Media (if app accesses them), and Diagnostics (crash logs).

Play Console tip: Make sure the categories you declare in Google Play match the app's behavior (permissions, SDKs used). Misleading declarations can lead to rejection or policy enforcement.

Data Collection Summary (Quick Reference)

Data Type	Shared with 3rd Parties?	Used for
Account info (name, email)	Yes (auth, email)	Account, login, support
Payment & billing	Yes (payment processor)	Process payments
Device & logs	Yes (analytics, crash reporting)	Diagnostics & improve app
Shop data (inventory/sales)	No (unless you connect third-party integrations)	Provide shop management

How to Contact Us

If you have questions or requests regarding your data, contact:

Duka Smart
Email: Info@dukasmart.co.tz
Address: Sinza, Palestina