Privacy Policy
SmartERP Mobile Application — Powered by SmartChoice IQ
Last Updated: March 2026Introduction
Welcome to SmartERP, a comprehensive enterprise resource planning mobile application developed and maintained by SmartChoice IQ. SmartERP is built on the ERPNext / Frappe framework and is designed to digitally manage Sales, Inventory, Human Resources, Accounting, and Field Operations for businesses of all sizes.
We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have in relation to it.
Data We Collect
SmartERP collects the following categories of data to deliver a complete and secure enterprise experience:
App Permissions
SmartERP requests the following device permissions. All permissions are used solely for the stated purpose and are never accessed in the background unless explicitly noted:
| Permission | Purpose | Required |
|---|---|---|
| Location (Fine & Coarse) | GPS-based attendance check-in, sales route tracking on the map dashboard | Required |
| Camera | QR code scanning for attendance and inventory; photo capture for visit reports | Required |
| Bluetooth | Connecting to Bluetooth thermal printers for receipt and invoice printing | Optional |
| Microphone | Voice note recording in field visit reports | Optional |
| Notifications | Receiving real-time work order approvals, alerts, and system messages | Optional |
| Storage / Files | Saving generated PDF invoices and reports locally on the device | Optional |
How We Use Your Data
We use the data we collect solely for the following business purposes:
- To operate and improve core ERP features including Sales, Inventory, HR, Accounting, and Field Operations modules.
- To authenticate users and secure access to company data based on role-based permissions.
- To record attendance and departure via geo-validated QR check-in and check-out system.
- To track and display sales representative routes and visit history on the map dashboard.
- To document financial and commercial transactions linked to your company account.
- To print sales invoices, material requests, and receipts via connected Bluetooth thermal printers.
- To send push notifications for work requests, purchase order approvals, and system alerts.
- To enforce single-device binding security — ensuring each user account is tied to one authorized device.
- To diagnose technical issues and improve overall application performance and stability.
Data Sharing
We do not sell, rent, or trade your personal data to any third party. Data may only be shared in the following limited circumstances:
- With your employer (the company registered in the SmartERP system) strictly within the scope of your assigned role permissions.
- With infrastructure providers (e.g., DigitalOcean cloud hosting) under strict confidentiality and data processing agreements.
- With Google Maps API for displaying sales routes and location-based features — subject to Google’s own Privacy Policy.
- When legally required by court orders, government requests, or applicable law in the Republic of Iraq or other relevant jurisdictions.
- In emergency situations to protect the safety and security of users or third parties.
Data Storage & Security
- All company data is stored on dedicated ERPNext / Frappe server instances provisioned per client on DigitalOcean infrastructure.
- All communication between the SmartERP app and the server is encrypted via HTTPS / TLS 1.2+.
- Passwords are hashed using bcrypt and are never stored or transmitted in plain text.
- Session tokens (cookies) are signed and verified server-side. They expire after 24 hours of inactivity.
- QR-based attendance tokens are HMAC-signed and expire within a short time window to prevent replay attacks.
- Device binding (single-device security) uses a unique device fingerprint to prevent unauthorized access from unregistered devices.
- Business data is retained for the duration of the active service contract. Upon termination, data is archived for 90 days before permanent deletion.
- Local device storage (GetStorage) is used only to persist session credentials and user preferences — no sensitive business data is cached locally in plain text.
Your Rights
You have the following rights regarding your personal data:
- Right of Access: Request a copy of the personal data we hold about you at any time.
- Right to Rectification: Request correction of inaccurate or incomplete personal information.
- Right to Erasure: Request deletion of your account and associated personal data, subject to applicable legal retention requirements.
- Right to Restriction: Request that we limit processing of your data in certain circumstances.
- Right to Data Portability: Request your data in a machine-readable format.
- Right to Withdraw Consent: Revoke permission for location, camera, microphone, or Bluetooth access at any time via your device settings without penalty.
Notifications & Communications
SmartERP sends real-time push notifications and in-app alerts related to: leave and absence requests, purchase and sales order approvals, material request updates, inventory alerts, and critical system messages.
Notifications are delivered via the Socket.IO real-time server and device push notification channels. You may manage or completely disable notifications at any time through your device settings. We do not send marketing, promotional, or advertising messages.
Children’s Privacy
SmartERP is an enterprise business application intended exclusively for use by adults aged 18 years and older in a professional workplace setting. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that a minor has provided personal information, we will take immediate steps to delete that information from our systems.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please do not hesitate to contact us:
SmartChoice IQ — SmartERP Team
We respond to all privacy-related inquiries within 72 business hours.
✉️ privacy@smartchoice-iq.com