Privacy Policy

Effective & last updated: May 2026

Welcome to ShopPilot. This Privacy Policy explains what information we collect, how we use it, and the choices you have. It applies to the Android app and any related services operated by Black & White Studio ("we", "us", "our").

1. Who we are

ShopPilot is developed by Black & White Studio, Dhaka, Bangladesh. Contact: info@blacknwhitestudio.com · +880 1945 936934.

2. Information we collect

Information you provide

• Google account info — name, email, profile photo (for sign-in).
• Owner profile — name, phone number.
• Shop & branch info — shop name, branch addresses (stored locally).
• Business data — products, variations, brands, categories, inventory batches, customers, suppliers, sales, purchases, returns, loyalty, expenses and ledger entries — all stored on your device.

Information collected automatically

• Silent dashboard counters — device info, DB size, app version, usage stats. Used to compute remote configuration, promotions, feature flags and allowed-version checks. No customer, product, sales or ledger data is sent.

3. How we use information

• To operate POS, inventory, CRM, financial and reporting features.
• To authenticate you via Google Sign-In and maintain a JWT session.
• To enforce plan limits and feature flags returned remotely.
• To show optional promotions, dialogs and update notices.

4. Local-first storage

All product, inventory, customer, supplier, sales, purchase, return, expense, loyalty and ledger data is stored in a local Room database on your device. The backend never sees it. If you uninstall without backup, the data is permanently deleted.

5. Google Drive backup

Drive backup writes your database, images and settings to your own Google Drive account. We do not access or read backups. Restoration is fully under your control and supports device migration.

6. Backend APIs

ShopPilot's backend exposes three APIs:

• POST /auth/google — verifies Google token, returns JWT, profile-completion flag.
• POST /profile/update — stores owner profile (name, phone).
• POST /dashboard — silent sync of device info and usage counters; returns remote config, promotions and feature flags.

No business records leave your device.

7. Permissions

• Camera — to scan barcodes/QR and capture product images.
• Internet — for login, profile, dashboard config and Drive backup.
• Notifications — for stock, expiry, backup and remote-config alerts.
• Storage / share — to export PDF invoices and reports.
• Drive (AppData) — to write/read your private backup file.

8. Data sharing

We do not sell, rent or share your data. Data is shared only with Google (Auth, Drive) to operate the Service, and when required by law.

9. Security

• Local data lives in the app's private storage sandbox.
• JWT and refresh tokens live in encrypted DataStore.
• Backups travel over HTTPS to your Drive AppData folder.
• Device binding helps detect unauthorized session reuse.

10. Retention & deletion

• Local data — kept until you delete it or uninstall.
• Drive backups — kept in your Drive until you remove them.
• Backend account — kept until you request deletion via email.

11. Your rights

You may access, correct, delete or port your account data by emailing us. Local data is fully under your control via the app.

12. Children's privacy

ShopPilot is a business tool not directed to children under 13.

13. Changes & contact

We may update this Privacy Policy. Material changes will be communicated via an in-app notice. Email info@blacknwhitestudio.com or WhatsApp +880 1945 936934.