Privacy Policy

This Privacy Policy explains how CapTab ("we", "our", or "us") collects, uses, and safeguards information when you use the CapTab platform — including the admin panel, mobile applications, and any related services (collectively, the "Service"). CapTab is a pharmacy and organization management platform built for pharmacies, clinics, hospitals, and medical suppliers.

1. Information We Collect

1.1 Account Information

• Name, email address, phone number, national/ID number, and password (stored hashed).
• Profile photo, date of birth, address, and preferred language.
• Role within an organization (admin, manager, employee, customer, supplier, doctor).

1.2 Organization & Operational Data

• Pharmacy / clinic profile: name, branches, contact details, country, currency, tax ID, logo.
• Inventory and product catalog: products, active ingredients, dosage forms, stock levels, expiration dates, prices.
• Sales and orders: invoices, order items, payments, returns, customer purchases, supplier orders.
• Financial records: customer / supplier balances, expenses, employee salaries and transactions.
• Stocktaking sessions and product counts.

1.3 Customer & Supplier Profiles

• Customer nicknames, contact numbers, allergies, and purchase history (created by pharmacy staff to provide better service).
• Supplier commercial information: tax number, supply field, delivery and payment history.

1.4 Device & Technical Data

• Device model, operating system version, app version, and language settings.
• Log data: IP address, timestamps, error reports, and feature usage analytics.
• PowerSync identifiers used to keep your data synchronized between devices and the server.

2. How We Use Your Information

• To provide, operate, and maintain the Service.
• To authenticate users and authorize access based on role and organization.
• To synchronize offline changes once a device reconnects to the internet.
• To generate invoices, reports, and analytics for your organization.
• To send transactional notifications (password reset, account verification, account deletion confirmation).
• To diagnose, fix, and prevent technical issues, fraud, or abuse.
• To comply with applicable laws and respond to lawful requests.

3. Offline Mode & Data Synchronization

CapTab is designed to work offline. Operations performed without an internet connection are stored locally on your device and synchronized to our servers when connectivity is restored, using PowerSync as our sync infrastructure. We use signed JWT tokens and RSA keys to verify each device.

4. Sharing of Information

We do not sell your personal data. We only share information in the following limited cases:

• Within your organization: data is shared with users of the same pharmacy / clinic according to their assigned role.
• Service providers (sub-processors): hosting, cloud storage, sync infrastructure, email delivery, and analytics. These processors are bound by data-protection agreements and process data only on our instructions.
• Legal compliance: when required by law, court order, or to protect the rights, property, or safety of CapTab, our users, or the public.
• Business transfers: if CapTab is involved in a merger or acquisition, your data may be transferred subject to the same protections in this policy.

5. Data Storage & Security

• Passwords are stored using strong one-way hashing (bcrypt / Argon2).
• Communication between the app and our servers is encrypted using TLS (HTTPS).
• Access to production data is restricted to authorized personnel and audited.
• Local device databases are isolated per user account.

No system is 100% secure. While we work hard to protect your data, we cannot guarantee absolute security.

6. Data Retention

We retain personal data for as long as your account is active, plus a reasonable period afterwards to comply with legal obligations (e.g. tax and accounting records). Soft-deleted records may be permanently removed after a retention period defined per data category.

7. Your Rights

Subject to applicable law, you have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate or incomplete data.
• Request deletion of your account and associated personal data.
• Object to or restrict certain processing activities.
• Receive a portable copy of your data in a common machine-readable format.

You can request account deletion directly from the mobile app under Settings → Delete Account, or by contacting us using the details below.

8. Children's Privacy

CapTab is a professional tool intended for use by pharmacies, clinics, and medical staff. The Service is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

9. International Data Transfers

Your data may be processed in countries other than your country of residence. Where we transfer personal data internationally, we use appropriate safeguards in line with applicable data-protection laws.

10. Cookies & Local Storage

The web admin panel uses cookies and local storage strictly necessary for authentication and to remember your preferences (language, theme). We do not use cookies for advertising.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be communicated through the app or by email.

12. Contact Us

If you have questions, concerns, or requests regarding this policy, contact us at:

• Email: captabapp2025@gmail.com
• Website: https://captabapp.com