logo

Privacy Policy

Last Updated: March 15, 2026

This Privacy Policy explains how dokanionline.com ("we", "our", or "us"), operated by DOKANI ONLINE LLC, collects, uses, and protects the personal information of users ("you", "your") who access our POS desktop application, mobile application, websites, and related services (collectively, the "Service").

1. Information We Collect

We collect the following types of information:

  • Account Information: When you register, we collect your name, email address, company name, and PIN code to create and manage your account.
  • Billing and Payment Data: For subscriptions and license purchases, payment details are securely processed through our trusted payment partners (Tap Payments, Telr). We do not store your full credit card or payment details on our servers.
  • Business Data: Data entered by you such as sales transactions, products, inventory, customer records (names, phone numbers, emails), supplier information, staff details, appointments, and service queue entries. This data is stored locally on your device and optionally synced to our cloud servers.
  • Staff and Employee Data: Names, roles, commission rates, and performance data for staff members you add to the system.
  • Device Information: We collect a device identifier (hardware fingerprint) for the purpose of device activation and license management. This identifier is derived from your device's hardware characteristics and is used solely to verify authorized devices.
  • Usage Data: We collect non-personal data such as device type, operating system, app version, and error logs to maintain performance and improve the Service.

2. Device Permissions (Mobile App)

Our mobile application may request the following device permissions:

  • Camera: Used for scanning barcodes and QR codes on products. Camera data is processed locally on your device and is not transmitted to our servers.
  • Bluetooth: Used to connect to thermal receipt printers. Bluetooth access is used solely for discovering and communicating with paired printing devices.
  • Location (approximate): Required by Android (versions 6–11) for Bluetooth device scanning. We do not track, store, or transmit your location data.

All permissions are optional — you can deny any permission and still use the core features of the app. Permissions can be changed at any time in your device settings.

3. How We Use Your Information

We use your information for the following purposes:

  • To provide, operate, and maintain the Service.
  • To personalize your experience and improve our product.
  • To process payments, manage subscriptions, and provide customer support.
  • To verify device activation and manage license entitlements.
  • To synchronize your business data across multiple devices (when enabled by you).
  • To notify you of updates, security alerts, and administrative messages.
  • To comply with legal obligations and prevent fraud or misuse.

4. Local-First Data Storage

The Service follows an offline-first architecture. Your business data (sales, products, customers, etc.) is primarily stored locally on your device in a database. Cloud synchronization is optional and only activated when you subscribe to a plan that includes online sync.

This means your data remains accessible even without an internet connection, and you maintain control over whether it is synced to the cloud.

5. Data Ownership and Control

You retain full ownership of all data you input or upload into the Service. We act solely as a data processor and will never sell or share your personal or customer data with any third party.

Upon account cancellation or expiration, you may export your data within 30 days. After that period, we may anonymize or delete your data from our cloud servers. Locally stored data on your device remains under your control.

You may request permanent deletion of your account and all associated cloud data at any time. To learn more or submit a deletion request, visit our Account Deletion page.

6. AI and Anonymized Data Usage

To improve system performance, insights, and AI-driven features, we may use aggregated and anonymized data internally. This data will never include personally identifiable information (PII) or any content that can identify you or your customers.

By using the Service, you consent to the internal, anonymized use of data for analytical and AI enhancement purposes.

7. Data Storage and Security

We use secure, encrypted data centers and industry-standard protocols (such as HTTPS, TLS, and AES encryption) to protect your data against unauthorized access, alteration, or destruction.

Local data on your device is stored in an SQLite database. Cloud data is hosted on secure infrastructure with row-level security policies. Access to personal data is restricted to authorized staff only, and we maintain audit logs and security measures to ensure compliance with applicable privacy laws.

8. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your experience, remember your preferences, and collect usage analytics. The desktop and mobile applications use local storage for preferences and settings.

You may choose to disable cookies in your browser settings, but this may limit certain features of the website. For more details, see our Cookie Policy.

9. Data Retention

We retain your data only as long as necessary to provide the Service. Below is a summary of retention periods by data type:

Data Deleted Immediately Upon Account Deletion

When you delete your account, the following data is permanently removed from our cloud servers:

  • Account profile (name, email, PIN)
  • Store settings and configuration
  • Products, services, and inventory records
  • Customer records (names, phone numbers, emails)
  • Supplier information
  • Sales transactions and order history
  • Staff records and commission data
  • Appointments and queue entries
  • Purchase orders
  • Uploaded images and files
  • Subscription and entitlement records
  • Device activations and sync history

Data Retained After Account Deletion

  • Local device data: Data stored locally on your device (SQLite database) is not affected by cloud account deletion. It persists until you uninstall the app or clear app data.
  • Anonymized crash reports: Error and crash data collected via Sentry is anonymized and retained for up to 90 days for stability and performance improvement. This data cannot be used to identify you.

Inactive and Trial Accounts

  • Trial or inactive accounts are retained for up to 12 months, then deleted or anonymized.
  • Backup data may persist securely for up to 30 days after deletion.

To request account deletion, visit our Account Deletion page or contact us at support@dokanionline.com.

10. Your Rights

Depending on your jurisdiction (e.g., under UAE PDPL, GDPR, or CCPA), you may have the right to:

  • Access, correct, or delete your personal data.
  • Request data portability.
  • Withdraw consent to data processing.
  • Request restriction of processing or object to automated decision-making.

To exercise any of these rights, please contact us at support@dokanionline.com. To delete your account and all associated data, visit our Account Deletion page.

11. Third-Party Services

We may use third-party tools for cloud hosting, authentication, or payment processing. These providers are bound by confidentiality and data protection agreements and may only process your data as necessary to provide their services:

  • Supabase: Cloud database hosting and authentication.
  • Tap Payments: Payment processing (UAE/MENA region).
  • Telr: Payment processing (UAE/MENA region).
  • Google: Authentication for cloud sync features.
  • Sentry: Crash reporting and error monitoring. Anonymized crash data is retained for up to 90 days.

12. Children's Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

13. International Data Transfers

Your data may be processed or stored on servers located outside your country of residence. We ensure such transfers comply with applicable data protection laws, including UAE PDPL and GDPR, using standard contractual clauses or equivalent safeguards.

14. Updates to This Policy

We may update this Privacy Policy from time to time. The revised version will be posted on this page with a new “Last Updated” date. We encourage you to review this page periodically for any changes.

15. Contact Us

If you have any questions or concerns about this Privacy Policy or your personal data, please contact us: