Privacy Policy

1. Introduction

Snono Systems ("we", "our", or "us") operates the SAS Max desktop application for Windows (the "App"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Windows desktop application available through the Microsoft Store.

By installing and using SAS Max for Windows, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

The Windows desktop version of SAS Max collects and processes the following types of information:

2.1 Account & Authentication Data

• License codes - for application activation and verification
• Usernames and passwords - encrypted using AES-256-CBC before storage
• Manager permissions and access control lists (ACL) - for role-based access control
• User profile data - name, contact information, and organizational details

2.2 Service Provider Information

• Internet Service Provider (ISP) account credentials - securely encrypted and stored locally
• ISP usage data, quotas, and billing information - retrieved from provider APIs
• Network Access Server (NAS) configurations - IP addresses, ports, and settings

2.3 Card Printing & Management Data

• Card generation records - series, batches, print jobs, and timestamps
• Template designs and configurations - saved locally and synced to cloud (optional)
• Distribution records - audit trail for card deliveries
• Printer connections - USB and network thermal printer configurations

2.4 Technical & Diagnostic Information

• Device information - Windows version (10/11), system architecture (x64/ARM64)
• Application logs and crash reports - via Firebase Crashlytics (anonymous)
• Performance metrics - app responsiveness and resource usage via Firebase Performance
• Usage analytics - anonymized feature usage via Firebase Analytics

2.5 Network & Connectivity Information

• IP addresses - for server connectivity (internal and external endpoints)
• API request logs - encrypted payloads for troubleshooting and security auditing
• File system paths - for local storage of templates and export files (user-selected directories only)

2.6 Windows-Specific Capabilities

• internetClient - Required for connecting to backend servers and ISP APIs
• privateNetworkClientServer - For accessing local network thermal printers and NAS devices
• File picker access - User-initiated file selection for exports and imports (no automatic scanning)
• Local notifications - Windows 10/11 toast notifications for alerts and job completion

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: Authenticate users, manage access permissions, and provide core functionality
• ISP Resource Management: Monitor usage, track quotas, send threshold alerts, and generate billing reports
• Card Printing Operations: Generate cards, track print jobs, manage templates, and maintain audit trails
• Analytics & Improvement: Identify bugs, optimize performance, and enhance user experience through anonymized usage data
• Customer Support: Troubleshoot technical issues, provide assistance, and respond to feedback
• Security & Fraud Prevention: Detect unauthorized access attempts, prevent abuse, and maintain system integrity
• Automatic Updates: Deliver app updates via Microsoft Store (MSIX package format)

4. Data Storage and Security

4.1 Local Storage (Your Windows Device)

• Encrypted credential storage - flutter_secure_storage uses Windows Credential Manager for secure password storage
• Application preferences - SharedPreferences stores non-sensitive settings in local AppData
• AES-256-CBC encryption - All sensitive data (passwords, ISP credentials, API tokens) encrypted before storage
• Template cache - Card templates stored locally with optional cloud sync
• Print queue - Temporary storage for pending print jobs (cleared after 7 days)

4.2 Backend Storage (Our Secure Servers)

• HTTPS with AES encryption - All data transmitted using encrypted payloads (CryptoJS-compatible format)
• Database security - MySQL databases with restricted access, encrypted connections, and regular backups
• Password hashing - Passwords are NEVER stored in plain text (bcrypt with 12 rounds)
• JWT authentication - Short-lived tokens with automatic refresh and secure invalidation

4.3 Data Retention

• Account data - Retained while your license is active; deleted within 30 days of account closure
• ISP usage history - Retained for 90 days (configurable by administrator)
• Print audit logs - Retained for 90 days for compliance and troubleshooting
• Crash reports - Anonymized crash data retained for 90 days
• Template backups - Cloud-synced templates retained for 1 year after last modification

4.4 Windows Security Integration

• Windows Credential Manager - Leverages OS-level secure storage for credentials
• MSIX sandboxing - Application runs in a sandboxed environment with limited file system access
• Code signing - Application signed by Microsoft Store for integrity verification

5. Data Sharing and Disclosure

We do not sell, rent, or share your personal information with third parties, except in the following limited cases:

5.1 Third-Party Service Providers

• Firebase (Google LLC) - Analytics, crash reporting, and performance monitoring
  • Data is anonymized and aggregated
  • No personally identifiable information (PII) is shared
  • Google's Privacy Policy: https://policies.google.com/privacy
• Microsoft Azure - Cloud hosting for backend servers (data residency: configurable per license)

5.2 Legal Requirements

• When required by law, court order, or government regulations
• To protect the rights, property, or safety of Snono Systems, our users, or the public
• To enforce our Terms of Service or investigate violations

5.3 Business Transfers

• In the event of a merger, acquisition, or sale of assets, you will be notified via email and in-app notification
• Your data will be transferred only under equivalent privacy protections

We NEVER share:

• Your passwords or ISP credentials with anyone (including our own staff)
• Card generation data with unauthorized parties
• User lists or contact information with third-party marketers

6. Your Rights

You have the following rights regarding your personal information:

6.1 Access & Portability

• Request a copy - Download your data in JSON or CSV format
• Export templates - Download all card templates as .sastemplate files
• Print audit export - Download print history and audit logs

6.2 Correction & Deletion

• Update information - Correct inaccurate account details in Settings
• Delete account - Request permanent deletion via https://max.pro-service.link/delete-account or contact englishh7366@gmail.com (7-day grace period, permanent deletion within 30 days)
• Clear local cache - Delete cached data from Windows Settings > Apps > SAS Max > Advanced Options > Reset

6.3 Opt-Out Options

• Disable analytics - Turn off Firebase Analytics in app Settings > Privacy
• Disable crash reporting - Opt out of Crashlytics in Privacy settings
• Disable notifications - Manage via Windows Settings > Notifications or in-app preferences

To exercise these rights, contact us at: englishh7366@gmail.com

7. Third-Party Services

SAS Max for Windows integrates with the following third-party services:

7.1 Firebase (Google LLC)

• Firebase Analytics: Anonymized usage analytics (e.g., feature usage, session duration)
• Firebase Crashlytics: Crash reports with stack traces (no PII)
• Firebase Performance: App responsiveness and network latency monitoring

Data collected by Firebase: Device model, OS version, app version, session duration, crash logs

Opt-out: Disable in Settings > Privacy > Analytics & Crash Reporting

Google's Privacy Policy: https://policies.google.com/privacy

7.2 ISP Provider APIs

• WE Telecom Egypt API - Usage data retrieval (credentials encrypted, never shared)
• Other ISP providers - Vodafone, Orange, Etisalat (manual entry mode available)
• Credentials are stored locally using Windows Credential Manager
• API requests are HTTPS-only with certificate pinning

7.3 Microsoft Store

• Application distributed via Microsoft Store (MSIX package format)
• Microsoft may collect usage data per their privacy policy
• Automatic updates managed by Windows Update

8. Children's Privacy

SAS Max is a business application intended for professional use only. It is designed for network administrators, ISP managers, and business operators. We do not knowingly collect personal information from children under 13.

If you believe a child has provided us with personal information, please contact us immediately at englishh7366@gmail.com, and we will delete such information within 48 hours.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure that such transfers comply with applicable data protection laws (including GDPR for EU users) and use the following safeguards:

• Encryption in transit - AES-256 encryption for all data transfers
• Standard contractual clauses - For transfers outside the EU/EEA
• Data residency options - Enterprise licenses can specify server locations

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Changes will be posted in the app, on our website, and in Microsoft Store update notes.

You will be notified of significant changes via:

• In-app notification - Displayed on next app launch
• Email - If you have provided an email address
• Microsoft Store update notes - Listed in version history
• Windows notification - Toast notification for critical privacy changes

Continued use of the app after changes constitutes acceptance of the updated policy. If you disagree with changes, you may uninstall the app and request account deletion.

11. Contact Us

For Windows-specific technical issues, please include your Windows version (Settings > System > About) and app version (Settings > About) when contacting support.

12. Consent

By installing and using SAS Max for Windows, you consent to:

• Collection and processing of your personal information as described in this policy
• Use of local storage (Windows Credential Manager, AppData) for app functionality
• Encrypted transmission of data to our backend servers via HTTPS
• Integration with Firebase services for analytics and crash reporting (opt-out available)
• Use of Windows notification system for alerts and job completion notifications
• File system access for user-initiated exports and imports (no automatic scanning)

You may withdraw consent at any time by uninstalling the app and requesting account deletion via englishh7366@gmail.com.