Privacy Policy

Effective Date: 31 December 2025

Chrilan Technologies Limited ("ChrilanTech", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our website and our products including Lyt-ning POS, ZRA Smart Invoice, and Mobile Backoffice (collectively, the "Services"). This policy is designed to meet the privacy disclosure requirements of the Apple App Store, Google Play Store, and Microsoft Store.

Who We Are

Chrilan Technologies Limited
Njoka Road, Ring Road, Lusaka, 10101, Zambia
Phone: +260 95 8168829
Email: info@chrilantech.com

Scope

This policy applies to: (a) our public website at chrilantech.com and associated subpages; (b) our mobile and desktop applications distributed via the Apple App Store, Google Play, and Microsoft Store; and (c) backoffice and cloud services that support our applications.

Information We Collect

We may collect the following categories of information depending on how you use the Services:

• Account and Profile Data: name, business name, email, phone number, address, user IDs, and authentication data.
• Business and Transaction Data: product catalogs, orders, invoices, payments, tax information (e.g., ZRA invoice data), POS transactions, and related records you input into the Services.
• Device and Technical Data: device identifiers, operating system, app version, language, time zone, IP address, and diagnostic logs for performance and security.
• Usage Data: app interactions, feature usage, timestamps, and crash reports.
• Location Data (optional): if you grant permission, we may use approximate or precise location for features like store location tagging, fraud prevention, or region‑specific settings. Location access can be disabled in your device settings.
• Camera and Photos (optional): if you grant permission, used for barcode scanning and attaching receipts or product images. Images are processed to perform the requested function and stored only if you choose to save them.
• Contacts and Calendar (optional): only if you explicitly connect these to import business contacts or schedule activities; this access is optional and can be revoked.
• Cookies and Similar Technologies (website only): we may use essential cookies for site operation and session management. We do not use third‑party advertising cookies. Analytics, if enabled, are privacy‑friendly and non‑identifying.

How We Use Information

• Provide, operate, and secure the Services, including user authentication and account management.
• Process transactions, generate invoices (including ZRA Smart Invoice), and deliver business insights.
• Improve performance, troubleshoot issues, and develop new features.
• Comply with legal obligations and enforce terms, including tax compliance requirements.
• Communicate with you about service updates, security alerts, and support.
• With your consent, send optional marketing communications (you may opt out at any time).

Legal Bases for Processing (GDPR, where applicable)

• Performance of a contract (to provide the Services you request).
• Legitimate interests (to secure and improve our Services).
• Compliance with legal obligations (e.g., tax and accounting).
• Consent (for optional features such as marketing, location, camera, or contacts access).

Data Sharing and Disclosure

We do not sell your personal information. We may share information with:

• Service Providers: trusted vendors who process data on our behalf (e.g., hosting, analytics, payment, messaging) under contracts that require confidentiality and security.
• Integrations and Authorities: tax authorities such as Zambia Revenue Authority (ZRA) when required, and third‑party systems you connect at your direction.
• Legal and Safety: to comply with law, protect rights, prevent fraud, or respond to lawful requests.
• Business Transfers: in connection with a merger, acquisition, or asset sale with notice as required by law.

Data Retention

We retain information for as long as necessary to provide the Services, comply with legal obligations (including tax and audit requirements), resolve disputes, and enforce agreements. You may request deletion of your personal data where applicable; see “Your Rights”.

Security

We implement administrative, technical, and physical safeguards designed to protect information against unauthorized access, alteration, disclosure, or destruction. No method of transmission or storage is 100% secure; we continuously improve our controls.

Children’s Privacy

Our Services are not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If we learn we have, we will delete it.

International Data Transfers

Your information may be processed in countries other than where you reside. Where required, we implement appropriate safeguards to protect your data.

Your Rights

• Access, correction, update, or deletion of your personal information.
• Objection to or restriction of certain processing, and data portability where applicable.
• Withdrawal of consent for optional processing (e.g., marketing, location, camera, contacts).
• To exercise rights, contact us at info@chrilantech.com.

Permissions and Platform Disclosures

This section is provided to satisfy Apple App Store, Google Play, and Microsoft Store requirements.

• Location: Optional; used for store location tagging, fraud prevention, and region settings. Not shared for advertising.
• Camera/Photos: Optional; used for barcode scanning and attaching images to products or receipts. Stored only when you save.
• Microphone: Not collected unless a feature explicitly requires it; if used, it’s solely for voice input features with consent.
• Contacts/Calendar: Optional; used only when you choose to import contacts or schedule; data remains within your account.
• Device Identifiers and Diagnostics: Collected to improve app reliability and security; not used for advertising.
• Payment Information: Processed by PCI‑compliant providers when applicable; we do not store full card numbers on our servers.

Apple App Store Compliance

• We do not track users across apps and websites owned by other companies for advertising.
• Data is used for app functionality, analytics, and account management only.
• Optional permissions are requested just‑in‑time and may be changed in iOS Settings.

Google Play Compliance

• We disclose data collection and sharing in the Play Data Safety section consistent with this policy.
• We do not sell user data. We do not use data for personalized ads without consent.
• Users can request deletion of their account and associated data; see “Account Deletion”.

Microsoft Store Compliance

• We collect only what is necessary to deliver app functionality and improve reliability.
• Diagnostics are used for troubleshooting and quality improvement and are not shared for advertising purposes.

Account Deletion

You can request deletion of your account and associated personal data by emailing info@chrilantech.com from your registered email address. We will verify your identity and process the request subject to legal retention obligations (e.g., tax records).

Third‑Party Services

Our Services may integrate with third‑party services (e.g., tax authorities, payment gateways). Your use of these integrations is subject to the third party’s terms and privacy policies. We share only the data necessary to perform the requested function.

Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the effective date. Material changes will be communicated via the Services or by email where appropriate.

Contact Us

If you have questions about this Privacy Policy or our practices, contact us at info@chrilantech.com or the postal address listed above.