Privacy Policy - SAS Max for Android

1. Introduction

Snono Systems ("we", "our", or "us") operates the SAS Max application for Android (the "App"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Android app downloaded from the Google Play Store.

By installing and using SAS Max on your Android device, you agree to the collection and use of information in accordance with this policy.

Key Points: SAS Max is a business application for managing Service Access Systems. We prioritize your privacy and use industry-standard encryption to protect your data. All sensitive information is encrypted locally on your device.

2. Information We Collect

SAS Max for Android collects and processes the following types of information:

2.1 Account Information

License codes (for app activation)
Usernames and passwords (encrypted with AES-256-CBC)
Manager permissions and access control lists (ACL)
User profile data (name, contact information, business details)

2.2 Service Provider Information

Internet Service Provider (ISP) account credentials (encrypted)
ISP usage data, quotas, and billing information
Network Access Server (NAS) configurations
Dashboard analytics and operational metrics

2.3 Card Printing & Business Data

Card generation records (series, batches, print jobs)
Card template designs and configurations
Distribution records and audit trails
Thermal printer connection history (Bluetooth device names)

2.4 Device & Technical Information

Device model and manufacturer
Android OS version
App version and build number
Device language and locale settings
Screen resolution and density
Network connectivity status (WiFi, cellular)

2.5 Analytics & Performance Data (via Firebase)

Firebase Analytics: App usage patterns, screen views, feature interactions
Firebase Crashlytics: Crash reports, stack traces, error logs
Firebase Performance: App startup time, network request latency, screen rendering metrics
Anonymous usage statistics for app improvement

2.6 Network & Communication Data

API request logs (for troubleshooting, retained 30 days)
Server IP addresses (internal/external)
Session tokens (JWT, automatically expire)

3. Android Permissions & Usage

SAS Max requests the following Android permissions:

🌐 INTERNET (Required)

Purpose: Connect to SAS backend servers, ISP provider APIs, and synchronize data.

Data Access: API requests/responses, encrypted payloads.

📸 CAMERA (Optional)

Purpose: Scan QR codes for card verification and quick account activation.

Data Access: Camera feed (processed locally, not uploaded).

Package Used: mobile_scanner

📶 BLUETOOTH (Optional)

Purpose: Connect to thermal printers (BLE) for card printing.

Permissions: BLUETOOTH_SCAN, BLUETOOTH_CONNECT (Android 12+)

Data Access: Nearby Bluetooth device names (printers only).

Package Used: flutter_thermal_printer

📍 ACCESS_FINE_LOCATION (Optional, Android 11 and below)

Purpose: Required by Android for Bluetooth scanning (legacy requirement).

Data Access: Location is NOT accessed or stored. Permission only used for Bluetooth discovery.

Note: maxSdkVersion="30" - not requested on Android 12+

🔔 POST_NOTIFICATIONS (Optional, Android 13+)

Purpose: Send local notifications for card print job completion, low stock alerts, ISP quota warnings.

Data Access: None. Notifications are generated locally.

Package Used: flutter_local_notifications

⚡ WAKE_LOCK (Required)

Purpose: Keep background tasks running for job monitoring and notifications.

Data Access: None. Only prevents CPU sleep during background sync.

🔐 USE_BIOMETRIC (Optional)

Purpose: Quick login with fingerprint/face unlock.

Data Access: Biometric authentication (handled by Android, not stored by app).

Package Used: local_auth

🔌 USB Host (Optional)

Purpose: Connect to USB OTG thermal printers.

Data Access: USB device information (printer models).

📳 VIBRATE (Optional)

Purpose: Haptic feedback for shake-to-report bugs and UI interactions.

Package Used: sensors_plus

4. Google Services & Firebase Integration

4.1 Firebase Services (Google LLC)

SAS Max integrates with Firebase for analytics, crash reporting, and performance monitoring:

Firebase Analytics: Tracks screen views, button clicks, feature usage (anonymous)
Firebase Crashlytics: Collects crash logs with stack traces (no personal data)
Firebase Performance Monitoring: Measures app startup time, API latency, rendering speed

Data Shared with Firebase:

Anonymous device identifiers (Android Advertising ID, if enabled)
App instance ID (randomly generated)
Device model, OS version, app version
Country/region (derived from IP, not precise location)

Google's Privacy Policy: https://policies.google.com/privacy

Firebase Data Processing Terms: https://firebase.google.com/support/privacy

4.2 Google Maps API

Purpose: Display NAS device locations (if coordinates provided)
Data Access: Map tile requests (IP address, zoom level)
Google Maps Privacy: https://cloud.google.com/maps-platform/terms

4.3 Google Play Services

SAS Max relies on Google Play Services for core functionality (Firebase, push notifications, in-app updates). Google may collect device information, usage data, and analytics as described in the Google Privacy Policy.

5. How We Use Your Information

We use the collected information for the following purposes:

Authentication: Verify license codes, authenticate users, manage sessions
Service Delivery: Provide core features (user management, card printing, ISP monitoring, dashboard analytics)
Background Tasks: Monitor card print jobs, send notifications (via workmanager background service)
Thermal Printing: Connect to Bluetooth/USB printers, render card templates, track print jobs
ISP Management: Retrieve usage data from provider APIs (WE, Vodafone, etc.), send quota alerts
Analytics: Improve app performance, identify bugs, prioritize new features
Crash Reporting: Diagnose app crashes and fix bugs (Firebase Crashlytics)
Security: Detect unauthorized access, prevent fraud, audit actions
Support: Troubleshoot technical issues, provide customer assistance

6. Data Storage & Security

6.1 Local Storage (Android Device)

flutter_secure_storage: Credentials, API tokens, ISP passwords (AES-256-GCM encryption, Android Keystore)
SharedPreferences: Non-sensitive settings (theme, language, font size, recent searches)
SQLite (path_provider): Cached data, print templates, offline queue (max 50 items)
Workmanager: Background task schedules (job monitoring every 15 minutes)

6.2 Backend Storage (HTTPS + AES Encryption)

All API requests use HTTPS with TLS 1.2+
POST payloads encrypted with AES-256-CBC (CryptoJS-compatible format)
Passwords hashed with bcrypt (never stored plain text)
JWT tokens for session management (HS256, auto-expire)
Database backups encrypted at rest

6.3 Data Retention

Account Data: Retained while license is active, deleted within 30 days after account deletion
ISP Usage History: 90 days (configurable per account)
Print Audit Logs: 90 days
API Request Logs: 30 days (for troubleshooting)
Firebase Analytics: 60 days (Google's default retention)
Crashlytics Reports: 90 days

6.4 Network Security

Android Network Security Config enforces:

Cleartext traffic disabled (HTTPS only)
Certificate pinning for backend API (prevents man-in-the-middle attacks)
Base configuration: TLS 1.2+ required

7. Data Sharing & Third Parties

We do not sell, rent, or share your personal information with third parties for marketing purposes.

7.1 Service Providers

Google Firebase: Analytics, crash reporting, performance monitoring (see Section 4)
Google Maps: Map tiles for NAS location display

7.2 ISP Provider APIs

We connect to ISP provider APIs (e.g., WE Telecom Egypt, Vodafone) to retrieve usage data
Credentials transmitted directly to provider API (HTTPS), not shared with Snono Systems servers
Session tokens stored locally on device (encrypted)

7.3 Legal Compliance

We may disclose information if required by law:

Court orders or government requests
Legal proceedings or investigations
Protection of rights, safety, or property

7.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred. You will be notified via email and in-app notification.

8. Your Privacy Rights

8.1 Access & Correction

View your account data in Settings → Account Info
Update profile information, change passwords
Request full data export (JSON/CSV format) via englishh7366@gmail.com

8.2 Data Deletion

In-App: Settings → Account → Delete Account
Web Form: https://max.pro-service.link/delete-account
Deletion Process: Submit request → Email confirmation → 7-day grace period → Permanent deletion within 30 days
Request ID: You'll receive a tracking ID (format: DEL-XXXXX-XXXXX) to check deletion status at https://max.pro-service.link/delete-account/status/YOUR-REQUEST-ID
What Gets Deleted: Account credentials, personal information, ISP accounts, card templates, usage analytics (within 30 days)
What's Retained: Billing records (7 years, legal requirement), audit logs (90 days, security requirement) - all anonymized
Firebase Analytics: Auto-deleted after 60 days

8.3 Opt-Out Options

Analytics: Disable in Settings → Privacy → Analytics & Crash Reports
Notifications: Manage in Android Settings → Apps → SAS Max → Notifications
Biometric Login: Disable in Settings → Security → Biometric Authentication
Advertising ID: Reset or opt-out in Android Settings → Google → Ads

8.4 Permission Management

Revoke permissions anytime:

Android Settings → Apps → SAS Max → Permissions
Camera, Bluetooth, Notifications, Location can be toggled off
App will request permission again when needed

9. Children's Privacy

SAS Max is a business application intended for professional use only. We do not knowingly collect personal information from children under 13 (or 16 in the EU). If you believe a child has provided us with personal data, please contact us immediately at englishh7366@gmail.com, and we will delete it within 72 hours.

10. International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction (e.g., Egypt, EU, USA). We ensure compliance with applicable data protection laws:

GDPR (EU): Standard Contractual Clauses (SCCs) for data transfers
Egypt Data Protection Law: Compliance with Law No. 151/2020
Encryption in Transit: HTTPS/TLS 1.2+ for all cross-border transfers

11. Cookies & Tracking

SAS Max does not use browser cookies (native Android app). However, we use:

SharedPreferences: Local app settings (not shared with websites)
Firebase Analytics: Anonymous device identifiers (can be reset in Android settings)
Session Tokens: JWT tokens for API authentication (stored securely, auto-expire)

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted:

In-app notification (for significant changes)
Google Play Store app description update notes
This URL: https://max.pro-service.link/privacy-policy/android

Last Updated: February 15, 2026 (version 1.0.0)
Continued use after changes constitutes acceptance of the updated policy.

13. Contact Us

Snono Systems

Email: englishh7366@gmail.com

Website: https://max.pro-service.link

Privacy Policy URL: https://max.pro-service.link/privacy-policy/android

Data Protection Officer: Available upon request

Address: Egypt

For Android-specific privacy concerns or permission questions, contact us at the email above.

14. Consent & Acceptance

By installing and using SAS Max from the Google Play Store, you consent to:

Collection and processing of personal information as described in this policy
Use of Android device permissions (camera, Bluetooth, notifications, etc.)
Integration with Firebase services (analytics, crashlytics, performance monitoring)
Encrypted transmission of data to our backend servers via HTTPS
Local storage of credentials using Android Keystore encryption
Background tasks for job monitoring and notifications (workmanager)

You can withdraw consent anytime by uninstalling the app or disabling permissions in Android settings.