Privacy Policy

This Privacy Policy explains how Avymob Technologies Limited (“Avymob”, “we”, “us”), the company that builds and operates TillFlo, collects, uses, stores, and protects information when you use the Service. It applies to shop owners, staff (Managers and Cashiers), and anyone else who interacts with TillFlo on their behalf.

1. How TillFlo Is Built — Why It Matters for Your Privacy

TillFlo is built on the Internet Computer, a public blockchain network. Each shop runs on its own dedicated canister (an independent application container), and shop data — products, sales, staff, customers, stewards, and audit records — is stored on that canister rather than in a conventional database we operate. This means:

• You sign in using Internet Identity, a passwordless authentication system. We never see or store a password, and we do not require an email address to create an account.
• Authentication is based on cryptographic identities (“principals”) rather than personal credentials, which reduces the personal information we need to collect just to let you use the Service.
• Your shop data is stored on infrastructure dedicated to your shop — it is not pooled into a shared database alongside other businesses’ records.

2. Information We Collect

Information you provide

• Shop information: shop name, M-Pesa till/paybill details, business hours, commission settings, and similar configuration you enter when setting up or running your shop.
• Staff information: names and Internet Identity principals of Managers and Cashiers you add to your shop.
• Sales and product data: products and prices, transactions, payment methods, commission records, and related figures generated as you use the Service.
• Customer information: where you choose to use the customer directory, names, phone numbers, and addresses of your customers, entered by you or your staff.
• Receipt images: where the receipt feature is used, photos or scans of receipts you choose to attach to a sale.

Information collected automatically

• Identity principal: the cryptographic identifier generated by Internet Identity when you sign in, used to control access to your shop(s).
• Usage and audit data: a record of state-changing actions taken in your shop (for example, product changes, sales, staff changes), kept as an audit trail for your own accountability and security.
• Technical data: basic device and browser information needed to operate the web app, such as the type of device or browser you use.

3. Where Your Data Is Stored

• On-chain shop data: products, sales, staff, customers, stewards, settings, and audit records are stored on your shop’s dedicated canister on the Internet Computer, a public network operated by independent node providers around the world.
• Receipt images: stored separately in private cloud object storage (Amazon S3, hosted in the Cape Town region), accessible only via secure, time-limited links generated by our backend. Only a reference to the stored file (and a checksum used to verify its integrity) is kept in your shop’s on-chain records — the image itself is not stored on-chain.
• Payments: M-Pesa transactions are processed by Safaricom’s M-Pesa platform. We receive and record payment confirmations relevant to your sales and subscription but do not have access to your M-Pesa PIN or full account credentials.

4. How We Use Your Information

• To provide, operate, and maintain TillFlo — including processing sales, generating reports, and managing staff access.
• To process payments for setup fees and subscriptions, and to keep your shop’s infrastructure funded and running.
• To maintain audit trails that help you detect errors or misuse within your own shop.
• To communicate with you about your account, your shop, billing, or material changes to the Service.
• To maintain the security, integrity, and reliability of the Service, and to comply with our legal obligations.

We do not sell your data, your customers’ data, or your shop’s business information to third parties.

5. Who Can See Your Data

• Within your shop: access is governed by the roles you assign — Owners have full visibility, Managers and Cashiers see what their role permits (for example, cashiers do not see financial reports or commission details).
• Avymob Technologies Limited: as the operator of TillFlo, we may access shop data where reasonably necessary to provide support, investigate issues, or maintain the Service — including direct queries to canisters when troubleshooting requires it.
• Service providers: limited data is shared with the infrastructure and payment providers necessary to run the Service — for example, Amazon Web Services for receipt image storage, and Safaricom M-Pesa for payment processing. These providers only receive what is necessary to perform their function.
• Public network visibility: the Internet Computer is a public network. While shop data is partitioned per canister and access to your shop’s methods is controlled by your shop’s access rules, the existence and identifiers of canisters are generally visible on the network in the way that blockchain infrastructure is. We do not publish your business or customer data publicly.

6. Data Retention

We retain shop data for as long as your shop remains active, and as needed to comply with our legal and accounting obligations. Certain records — such as deleted-sale records and audit events — are retained as part of TillFlo’s audit-trail design, so that shop owners have a reliable history of changes made within their shop. If you stop using TillFlo, your shop’s on-chain data remains on its canister; if a shop’s infrastructure is decommissioned, associated data may become permanently inaccessible. We will act reasonably and give notice where practicable before any such action.

7. Your Choices and Rights

• You control what information you and your staff enter into TillFlo, including whether to use optional features such as the customer directory or receipt attachments.
• As a shop owner, you can manage staff access and review the audit trail for your shop directly within the app.
• Subject to applicable law (including the Kenya Data Protection Act, 2019), you may request information about, correction of, or deletion of personal data we hold about you. Where data is stored on-chain as part of your shop’s operation, some requests may be limited by the architecture described above — we will explain any such limitation and work with you on the best available option.
• To make a request, contact us at info@avymob.com.

8. Children’s Privacy

TillFlo is intended for business use by adults operating or working in a shop. It is not directed at children, and we do not knowingly collect personal data from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes to TillFlo, our service providers, or applicable law. We will post the updated policy on this page with a new “last updated” date, and where changes are material, we will take reasonable steps to let you know.

10. Contact Us

If you have questions about this Privacy Policy or how your data is handled, please contact us at info@avymob.com.