Privacy Policy

1. Introduction

Kulmis ("Kulmis," "we," "us," or "our") is a point-of-sale and inventory management platform developed by Kaabeup. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use:

• The Kulmis mobile application (iOS and Android)
• The Kulmis web application and admin dashboard
• Associated online storefront and API services

By creating an account or using our services, you agree to the practices described in this policy. If you do not agree, please do not use Kulmis.

2. Scope

This policy applies to information processed by Kulmis on behalf of business users ("you" or "your organization"). It also covers end-customer data that your organization enters into the system (such as customer names and phone numbers for invoicing or SMS notifications).

Kulmis is a business-to-business (B2B) tool intended for merchants, shop owners, and their authorized staff. It is not directed at consumers for personal, non-business use.

3. Information We Collect

We collect information in the following categories:

3.1 Account & Profile Information

• Full name, email address, and phone number
• Login credentials (passwords are stored in hashed form; we never store plain-text passwords)
• Profile photo (optional)
• Role, permissions, and warehouse assignments

3.2 Business & Operational Data

• Company name, address, logo, and branding settings
• Products, inventory, categories, brands, and pricing
• Sales, purchases, quotations, returns, and payment records
• Customer and supplier contact details you enter
• Expense records, reports, and financial summaries
• Warehouse and stock movement data

3.3 Device & Technical Information

• Device type, operating system, and app version
• IP address, browser type, and general usage logs
• Authentication tokens required to keep you signed in
• Crash reports and diagnostic data to improve stability

3.4 Camera & Media (with your permission)

With your explicit permission, the mobile app may access:

• Camera — to scan product barcodes and capture product images
• Photo library / storage — to upload product images, logos, and documents

We do not access your camera or media without your consent. You can revoke these permissions at any time in your device settings.

3.5 Payment Information

Payment card and mobile-money details are processed directly by third-party payment providers (such as Stripe, PayPal, or Waafi Pay). Kulmis does not store full payment card numbers on our servers. We may receive transaction IDs, payment status, and limited billing metadata.

3.6 Communications

• SMS messages sent through integrated SMS gateways (e.g., invoice alerts, order updates)
• Support correspondence when you contact us

3.7 Data Summary Table

4. How We Use Your Information

We use collected information to:

• Provide, operate, and maintain the Kulmis platform
• Authenticate users and enforce role-based access controls
• Process sales, inventory, and financial transactions
• Send transactional SMS notifications on your behalf
• Generate reports, analytics, and business insights
• Respond to support requests and communicate service updates
• Detect, prevent, and address fraud, abuse, or security issues
• Improve app performance, fix bugs, and develop new features
• Comply with legal obligations

We do not sell your personal information. We do not use your data for third-party advertising or cross-app tracking.

5. Legal Basis for Processing

Where applicable under data protection laws (such as GDPR), we process your data based on:

• Contract performance — to provide the services you signed up for
• Legitimate interests — to improve security, prevent fraud, and enhance our platform
• Consent — for optional features such as camera access or marketing communications
• Legal obligation — when required by applicable law

6. How We Share Information

We may share information only in the following circumstances:

6.1 Service Providers

We use trusted third parties to help operate Kulmis, including:

• Cloud hosting and database providers
• Payment processors (Stripe, PayPal, Waafi Pay)
• SMS gateway providers
• Email delivery services

These providers process data only on our instructions and under appropriate confidentiality agreements.

6.2 Within Your Organization

Data you enter is accessible to other authorized users in your company account according to their assigned roles and permissions.

6.3 Legal Requirements

We may disclose information if required by law, court order, or governmental request, or to protect the rights, safety, and property of Kaabeup, our users, or the public.

6.4 Business Transfers

If Kaabeup is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide services. Specifically:

• Account data — retained while your subscription or account is active
• Business records — retained according to your organization's needs and applicable tax/accounting laws
• Log data — typically retained for up to 12 months unless needed for security investigations
• Local device cache — stored on your device for offline use; you can clear it by uninstalling the app or clearing app data

Upon account deletion request, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

8. Data Security

We implement industry-standard safeguards to protect your information, including:

• HTTPS/TLS encryption for data in transit
• Hashed and salted password storage
• Role-based access control (RBAC) for staff permissions
• JWT-based API authentication with token expiration
• Regular backups and access monitoring

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. Please use a strong password and keep your login credentials confidential.

9. Your Rights & Choices

Depending on your location, you may have the following rights:

• Access — request a copy of the personal data we hold about you
• Correction — update inaccurate or incomplete information via your account settings or by contacting us
• Deletion — request deletion of your account and associated personal data
• Portability — request an export of your business data (available via in-app export features)
• Restriction — request that we limit processing of your data in certain circumstances
• Objection — object to processing based on legitimate interests
• Withdraw consent — where processing is based on consent (e.g., camera permissions)

To exercise any of these rights, email privacy@kaabeup.com or support@kaabeup.com. We will respond within 30 days.

You may also manage app permissions (camera, storage, notifications) directly in your device settings at any time.

10. Children's Privacy

Kulmis is not intended for use by anyone under the age of 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

11. International Data Transfers

Kulmis is operated from Somalia. Your data may be stored and processed on servers located outside your country of residence. Where required, we ensure appropriate safeguards are in place for cross-border data transfers.

12. Apple App Store Privacy Disclosure

In accordance with Apple's App Store Review Guidelines and App Privacy requirements, we disclose the following:

• Data linked to you: Contact info, identifiers, user content (business data), usage data, and diagnostics
• Data not linked to you: Aggregated, anonymized analytics used for service improvement
• Tracking: Kulmis does not track you across apps or websites owned by other companies for advertising purposes
• Third-party SDKs: Payment and SMS SDKs may collect limited data as described in their respective privacy policies

You can review and manage permissions (camera, notifications, etc.) in iOS Settings → Kulmis. To delete your account and associated data, contact privacy@kaabeup.com or support@kaabeup.com.

13. Google Play Store Data Safety Disclosure

In accordance with Google Play's User Data and Data Safety policies, we declare:

• Data collected: Name, email, phone number, photos, financial info (transaction metadata), app activity, and device identifiers
• Data shared: Limited data shared with payment processors and SMS providers solely to deliver requested services
• Data encrypted in transit: Yes (HTTPS/TLS)
• Data deletion available: Yes — users can request account and data deletion via privacy@kaabeup.com or support@kaabeup.com
• Committed to Play Families Policy: Kulmis is a business application not designed for children

Optional permissions (camera, storage) are requested at runtime and are not required for basic app functionality. You can deny or revoke these permissions in Android Settings → Apps → Kulmis → Permissions.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you via email or an in-app notice. Continued use of Kulmis after changes take effect constitutes acceptance of the revised policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: