Privacy Policy

MISAC Intelligence Private Limited ("we," "our," or "us") operates the MISAC Mobile application and the MISAC ERP platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

1. Information We Collect

1.1 Information You Provide

• Account Information: Username, email address, and authentication credentials when you create an account or log in.
• Profile Information: Name, profile picture, and other details you choose to provide.
• Documents and Files: Documents, images, and files you scan, upload, or create within the App.
• Form Data: Information you enter into forms for data entry and submission.
• Business Data: Financial records, invoices, payroll data, and other business information entered into MISAC ERP.

1.2 Information Collected Automatically

• Device Information: Device type, operating system version, unique device identifiers, and mobile network information.
• Usage Data: App features used, time spent on the App, and interaction patterns.
• Error Reports: Crash logs and diagnostic information to improve App stability.

1.3 Information from Device Permissions

We request access to certain device features to provide our services:

Permission	Purpose	When Used
Camera	Scanning invoices, receipts, and business documents for OCR data extraction; capturing photos for vouchers and reports	Only when you initiate a scan or photo capture
Photo Library	Select existing images for documents and vouchers; save scanned outputs back to your library	Only when you access gallery or save
Contacts	Read your device contacts so you can quickly add vendors, customers, and parties to MISAC ERP without retyping. Contact data is processed on-device and only the entries you choose to import are uploaded.	Only when you open the contact picker or import a contact
Location (GPS - Fine and Coarse)	Verify attendance check-in from authorized work sites using geofencing, and stamp field reports with location metadata when you choose to.	Only when you mark attendance or attach location to a record
Microphone (iOS)	Record audio or video as part of a voucher attachment, where this feature is enabled	Only when you initiate a voice or video capture
Biometric (Face ID / Fingerprint)	Secure authentication on app open and for high-risk actions	Only when you enable biometric login in Settings
Notifications	Approval requests, deadline reminders, sync results, and security alerts	Based on your preferences in app and OS settings
Storage (Internal and Scoped)	Save scanned documents, downloaded reports, and cached data for offline access	When saving, downloading, or accessing files
Background Data Sync	Upload offline entries and download server updates while the app is in the background, including after device restart, so your data stays current	Periodically while you are signed in, when network is available
Internet / Network State	Sync data with our servers, detect connectivity, and switch between online and offline mode	For all online features and connectivity detection
Vibrate	Haptic feedback on notifications and confirmations	System-controlled, based on notification settings

1.4 App Tracking Transparency (iOS)

On iOS 14.5 and later, Apple's App Tracking Transparency framework requires apps to ask permission before tracking user activity across other companies' apps and websites. When you open MIS.AC on iOS for the first time, you may see a system prompt asking whether MIS.AC may track your activity.

• If you allow tracking, Firebase Analytics may use device-level identifiers to help us understand aggregated app usage patterns.
• If you deny tracking, the app continues to function fully. We still collect anonymized, aggregated usage data that is not tied to your identity.
• We do not share your data with third parties for cross-app advertising under any circumstances.
• You can change your choice at any time in iOS Settings > Privacy & Security > Tracking.

1.5 Background Activity

The app performs limited work in the background to keep your data synchronized and to receive notifications:

• Background data sync (workmanager): Uploads vouchers and documents you created offline once the device is back online. Downloads server-side updates so your dashboard is current when you open the app.
• Restart-on-boot: Background sync resumes after device restart so pending uploads are not lost.
• Push notifications: Firebase Cloud Messaging delivers approval requests and reminders even when the app is closed.
• Background activity is paused when battery saver is active and when you sign out of the app.

2. How We Use Your Information

We use the collected information to:

• Provide, operate, and maintain the App's functionality
• Authenticate your identity and secure your account
• Process and store your documents and data entries
• Sync your data across devices when logged in
• Send you notifications about your account and activities
• Improve and optimize the App's performance
• Provide customer support and respond to inquiries
• Detect, prevent, and address technical issues or security threats
• Comply with legal obligations under Nepal law

3. Third-Party Services

3.1 Firebase (Google)

We use Firebase services provided by Google for:

• Firebase Analytics: To understand App usage patterns and improve user experience. This collects anonymized usage data.
• Firebase Cloud Messaging: To deliver push notifications.
• Firebase Crashlytics: To identify and fix App crashes.

Firebase data practices are governed by Google's Privacy Policy.

3.2 No Advertising

We do not display advertisements in the App. We do not share your personal data with third parties for advertising purposes.

4. Data Storage and Security

4.1 Data Storage

• Local Storage: Some data is stored locally on your device for offline access, encrypted using industry-standard encryption.
• Cloud Storage: Your data is synced to our secure servers when connected to the internet.
• Credentials: Authentication credentials are stored using secure, encrypted storage (Keychain on iOS, EncryptedSharedPreferences on Android).

4.2 Security Measures

• All data transmission uses HTTPS/TLS encryption
• Biometric credentials are bound to your specific device
• Session tokens expire after 30 minutes of inactivity
• Biometric authentication data expires after 30 days
• We do not store your biometric data - only a secure reference

5. Data Retention

We retain your data as follows:

• Account Data: Retained while your account is active and for up to 90 days after deletion request.
• Documents and Files: Retained until you delete them or close your account.
• Usage Analytics: Aggregated and anonymized data may be retained indefinitely for analysis.
• Biometric Credentials: Automatically expire and are deleted after 30 days of non-use.

6. Your Rights and Choices

You have the following rights regarding your data:

6.1 Access and Portability

You can request a copy of your personal data by contacting us at the address below.

6.2 Correction

You can update your profile information directly in the App or by contacting us.

6.3 Account and Data Deletion

You can request deletion of your account and the personal data associated with it in three ways:

• Web (no app install needed): Submit a request through our dedicated Account & Data Deletion page.
• In-App: Open MIS.AC, then go to Profile > Settings > Delete Account.
• Email: Send a request from your registered email address to [email protected] with the subject "Account Deletion Request".

We verify each request before processing. Personal account data is deleted within 30 days of verification. Some records may be retained for legal compliance under Nepal law (Income Tax Act, Labour Act 2074, Company Act 2063). See the Account Deletion page for the full list of what is deleted and what is retained.

6.4 Opt-Out

• Push Notifications: Disable in your device's notification settings or in the app under Profile > Notifications.
• Biometric Login: Disable in App Settings > Security.
• Location: Disable in your device Settings > Apps > MIS.AC > Permissions, or in iOS Settings > Privacy > Location Services.
• Contacts: Disable in your device Settings > Apps > MIS.AC > Permissions, or in iOS Settings > Privacy > Contacts.
• iOS Tracking: Change in iOS Settings > Privacy & Security > Tracking.
• Analytics: Email [email protected] to opt out of identifiable analytics collection.

6A. Your Rights Under the GDPR (European Economic Area Users)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and equivalent UK law:

• Right of Access (Article 15): Request a copy of the personal data we hold about you.
• Right to Rectification (Article 16): Ask us to correct inaccurate or incomplete data.
• Right to Erasure (Article 17 - "Right to be Forgotten"): Request deletion of your personal data through our Account Deletion page.
• Right to Restriction of Processing (Article 18): Ask us to limit how we use your data while a query is investigated.
• Right to Data Portability (Article 20): Request a structured, machine-readable copy of your data.
• Right to Object (Article 21): Object to processing based on our legitimate interests, including analytics.
• Rights Related to Automated Decision-Making (Article 22): We do not make decisions about you using solely automated means without human review.
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time without affecting prior lawful processing.
• Right to Lodge a Complaint: You may file a complaint with your local data protection authority.

Legal basis for processing: We process your data under one or more of the following GDPR Article 6 bases - performance of a contract (operating MIS.AC for you and your organization), compliance with a legal obligation (Nepal tax and audit law), and our legitimate interests (security, fraud prevention, product improvement) balanced against your rights.

To exercise any GDPR right, email [email protected] with the subject "GDPR Request" and identify which right you are exercising. We respond within 30 days.

6B. Your Rights Under California Law (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) gives you the following rights:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the third parties we have shared it with.
• Right to Delete: Request deletion of your personal information through our Account Deletion page, subject to legal retention requirements.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt Out of Sale or Sharing: We do not sell your personal information and we do not share it for cross-context behavioral advertising. There is nothing to opt out of in this category.
• Right to Limit Use of Sensitive Personal Information: We use sensitive personal information (such as biometric authentication references and precise geolocation for attendance) only to provide the services you requested and for security purposes - not for inferring characteristics about you.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights. You will receive the same level of service and the same pricing.

To exercise any CCPA / CPRA right, email [email protected] with the subject "California Privacy Request". We respond within 45 days.

7. Children's Privacy

The App is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

8. International Data Transfers

Your data may be transferred to and processed in countries other than Nepal. We make sure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy in the App
• Updating the "Last Updated" date above
• Sending a notification for significant changes

Your continued use of the App after changes indicates acceptance of the updated Privacy Policy.

10. Contact Us