Privacy Policy

AmanaPOS is a point-of-sale system built for merchants in Sudan and the wider region. We know the information that flows through a POS — your sales, your prices, your customers, your takings — is the most sensitive part of running a business. This policy explains, in plain language, what we collect, why we collect it, how we protect it, and the control you keep over it.

This policy applies to the AmanaPOS mobile and desktop applications, the merchant dashboard, this website, and any related services that link to it (together, the “Services”). It does not apply to third-party services we integrate with, which are governed by their own policies.

AmanaPOS (“AmanaPOS”, “we”, “us”, or “our”) is the operator of the Services and is responsible for the personal data we handle about you as a merchant. We are based in Sudan and operate primarily under Sudanese law.

For any question about this policy or your data, you can reach our privacy team at privacy@amanapos.com. We aim to respond to every request within a reasonable period, and within 30 days for formal data requests.

We collect only the information needed to provide the Services, keep them secure, and meet our legal obligations. The categories below describe what we collect and where it comes from.

Account and business information

• Your name, phone number, and email address.
• Your business name, branch names, addresses, and business type.
• Login credentials and security settings (passwords are stored only as salted, hashed values — never in plain text).
• Roles and permissions you assign to your staff.

Sales and transaction data

• Products, prices, stock levels, and inventory movements you enter.
• Sales, refunds, discounts, receipts, and shift and till records.
• Reports and analytics generated from your activity.

Your customers’ data

If you use customer profiles or loyalty features, AmanaPOS stores the customer details you choose to record — such as a name, phone number, and purchase history. This data belongs to you; we process it on your behalf. See Section 11 for your responsibilities as the merchant.

Payment information

When you accept payments through Bankak or other integrated payment methods, the transaction is handled by that provider. We receive confirmation details such as amount, status, and a reference — enough to record the sale. We do not collect or store full bank credentials or card numbers.

Device and technical data

• Device model, operating system, app version, and language.
• IP address, approximate region, and connection status (online/offline).
• Diagnostic logs and crash reports that help us fix problems.

Cookies and local storage

On the website and dashboard we use essential cookies and local storage to keep you signed in, remember your language and theme, and keep the Services secure. We do not use advertising or cross-site tracking cookies.

We use the information we collect for the following purposes, and nothing incompatible with them:

• To provide and operate the Services — process sales, manage inventory, sync your data, and generate reports.
• To secure your account, detect fraud and abuse, and protect against unauthorised access.
• To provide support and respond to your requests.
• To improve and develop features, measure performance, and fix bugs.
• To send you important service messages — such as security alerts, billing notices, and changes to terms.
• To meet legal, tax, and regulatory obligations that apply to us.

We only process your information where we have a proper basis to do so. Depending on the situation, we rely on:

• Performance of our agreement with you — to deliver the Services you have signed up for.
• Your consent — for example, when you choose to enable an optional feature; you may withdraw consent at any time.
• Our legitimate interest in operating, securing, and improving the Services, balanced against your rights.
• Compliance with legal obligations — such as keeping financial and tax records for the period the law requires.

We do not sell your personal data. We share information only in the limited cases below, and only to the extent needed.

Service providers

We use trusted providers for hosting, data storage, messaging, and analytics. They may process data only on our instructions, under contracts that require them to protect it and use it for no other purpose.

Payment partners

When you take a payment through Bankak or another integrated method, we exchange the details needed to complete and reconcile that transaction with the payment provider. Their handling of your data is governed by their own policies.

Legal and regulatory disclosure

We may disclose information where required by law, court order, or a valid request from a competent authority, or where it is necessary to protect the rights, safety, and property of our users, the public, or AmanaPOS.

Business transfers

If AmanaPOS is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that deal. We will require the new owner to honour the commitments in this policy, and we will notify you of any material change.

AmanaPOS is built to keep selling even when the internet goes down. To do this, your recent sales and catalogue are stored securely on your own device so the app works offline.

When your device reconnects, this data is synced to our servers so it is backed up and available across your branches and devices. If you sign out or remove the app, locally cached data on that device is cleared. We recommend protecting every device with a screen lock and the app’s own login.

We keep data only as long as we need it for the purpose it was collected, or as long as the law requires — whichever is longer.

We take the security of your business seriously and apply industry-standard safeguards:

• Encryption of data in transit (TLS) and at rest.
• Access controls so staff can only see what their role allows.
• Hashed passwords, session protection, and monitoring for suspicious activity.
• Regular backups and a tested recovery process.

You stay in control of your information. At any time you can ask us to:

• Access the personal data we hold about you.
• Correct information that is inaccurate or incomplete.
• Export your data in a portable format.
• Delete your account and the personal data we are not legally required to keep.
• Object to or restrict certain processing, and withdraw consent you previously gave.

To make a request, email privacy@amanapos.com from the address on your account. We may need to verify your identity first. There is no charge for a reasonable request, and we will not penalise you for making one.

When you record information about your own customers in AmanaPOS, you decide what to collect and why — so you are responsible for that data, and we act on your behalf. By using the Services, you agree that:

• You will collect and use your customers’ data lawfully and fairly, and tell them how you use it.
• You have the right to enter any customer data you add to the system.
• You will respond to your own customers’ requests about their data.
• You will keep your staff accounts and access permissions up to date.

If a customer of yours contacts us directly about data you hold, we will refer them to you as the business responsible for it.

The Services are intended for businesses and the adults who run them. They are not directed at children, and we do not knowingly collect personal data from anyone under 18. If you believe a child has provided us data, contact us and we will delete it.

Your data is hosted with our infrastructure providers, which may store and process it in data centres inside or outside Sudan. Wherever it is processed, we require the same standard of protection described in this policy and put appropriate safeguards in place for any cross-border transfer.

The Services may link to or integrate with third-party tools — such as payment providers or messaging apps. We are not responsible for their privacy practices. We encourage you to read the privacy policy of any third-party service before you use it.

We may update this policy as the Services and the law change. When we make a material change, we will update the “effective” date at the top and, where appropriate, notify you in the app or by email before it takes effect. Continuing to use the Services after a change means you accept the updated policy.

If you have a question, a request, or a complaint about how we handle your data, contact our privacy team — we would rather hear from you directly first.

• Email: privacy@amanapos.com
• Or reach the support team through the Contact page on this site.

If you are not satisfied with our response, you have the right to raise the matter with the competent authority responsible for data protection in your jurisdiction.