TariroM.← Portfolio
Effective · May 11, 2026·Version 1.2·12 sections

StockRoom
Privacy Policy

How the StockRoom mobile inventory app handles device, credential, and stock count data — written for the IT administrators and field staff who deploy and use it.

Developer
TariroM.
Contact
contact@tarirom.co.zw
Website
tarirom.co.zw

Section 01

Overview

StockRoom is a mobile inventory management application built for enterprise use. It is designed for authorized retail staff and field technicians who perform physical stock counts using IVEND Retail a connected retail management solution.

This Privacy Policy explains what data the App collects, how it is used, where it is stored, and your rights in relation to that data.

Section 02

Who this policy applies to

This policy applies to all users of the StockRoom mobile application on iOS and Android. The App is intended for use only by employees or contractors of organizations that have been licensed to use it.

It is not a consumer application and is not intended for use by the general public or by minors.

Section 03

Data we collect

Five categories of data are collected or stored, each scoped to a specific operational purpose.

3.1

Device information

To enforce device licensing and prevent unauthorized access, the App collects and transmits the following device details on startup:

  • Hardware identifier — a unique device ID (on iOS: a persisted UUID stored in the Keychain; on Android: the Android SSAID or a persisted UUID)
  • Device model — e.g. "iPhone 14 Pro", "Samsung Galaxy A52"
  • Operating system version — e.g. "iOS 17.4", "Android 13"
  • Emulator status — whether the app is running on a physical device or an emulator

This information is sent to a secure licensing server (Supabase) to verify that the device is authorized to use the App. It is not used for advertising or analytics.

3.2

User credentials

The App requires the following credentials to connect to your organization's iVend server:

  • API credentials — a username and password used by the App to communicate with the iVend API, entered by an administrator during setup.
  • Stocktake user credentials — a username and password entered by the individual technician at login.

API credentials (apiUserId and apiPassword) are stored in the device's hardware-backed secure enclave — Android Keystore on Android, iOS Keychain on iOS — using flutter_secure_storage. They are never written to unencrypted storage.

Devices running a version of the App prior to v3.0 are automatically migrated to secure storage on first launch after update.

3.3

Stock count data

During a stock take session, the App records and stores locally:

  • Product identifiers (ID, code, name, barcode)
  • Counted quantities
  • Unit of measure selections
  • Warehouse Information
  • Physical location identifiers (if your warehouse uses locations)
  • Timestamps for each count entry

This data is submitted to your organization's iVend server upon session completion. It is not transmitted to the developer or any external service.

3.4

Store / warehouse assignment

The App stores the identifier and name of the store or warehouse assigned to this device. This is used to filter the warehouse selection to the appropriate site and is part of the device licensing record on the licensing server.

3.5

Application logs

The App maintains diagnostic logs to support troubleshooting and bug reporting:

  • An in-memory buffer of up to 500 recent log lines
  • Daily rotating log files retained on-device for up to 30 days

Log content includes API request/response metadata, internal state transitions, and error messages. Logs do not capture user passwords or full stock count payloads.

Logs are only shared externally if a user explicitly initiates the "Share Bug Report" feature, which packages the log files and sends them via the device's native share sheet. No logs are automatically transmitted.

Section 04

Camera usage

The App requests access to the device camera exclusively for barcode scanning during stock take sessions. No photographs or video are taken, recorded, or stored.

Camera access is used in real time to decode product barcodes and is not retained after the scan is complete.

Section 05

How we use the data

Every category of data collected maps to a specific operational purpose. We do not use any collected data for advertising, analytics, profiling, or sale to third parties.

DataPurpose
Device hardware ID, model, OSLicense validation — confirming only authorized devices can access the App
Store IDLicense validation — confirming device is assigned to the correct store
API and user credentialsAuthenticating requests to your organization's iVend server
Stock count entriesCompiling and submitting inventory counts to iVend
Application logsDiagnosing technical issues when bug reports are filed

Section 06

Data storage and retention

On-device storage and remote retention details are described below.

On-device storage

  • API credentials (apiUserId, apiPassword) — Android Keystore / iOS Keychain (hardware-encrypted) — never written to unencrypted storage
  • Non-sensitive config (baseUrl, storeId, storeName) — SharedPreferences — until manually cleared or app uninstalled
  • User login session — SharedPreferences — until manual logout
  • Active session draft (stock count in progress) — SharedPreferences — until submitted or explicitly discarded
  • Device hardware ID — iOS Keychain / Android Keystore (via flutter_secure_storage) — persists across reinstalls
  • Licence gate cache (gate_cache_v1) — Android Keystore / iOS Keychain — cleared on revocation or expiry
  • Application log files — local file system — 30 days (rolling)

Remote storage (licensing server)

The following data is stored on the developer-operated Supabase licensing server:

  • Device hardware ID
  • Device model
  • Operating system version
  • Assigned store ID
  • First registration timestamp
  • Last seen timestamp
  • License status

This data is used solely to enforce device licensing. It is stored in a PostgreSQL database hosted by Supabase with row-level security enabled. It is not accessible to the public or to third parties.

Section 07

Data sharing

We do not sell, rent, or share your personal data with third parties for commercial purposes.

Data may be shared in the following limited circumstances:

  • Your organization's iVend server — Stock count submissions and authentication requests are sent to the iVend server configured by your organization's administrator.
  • Supabase (licensing server) — Device metadata is sent to the developer's Supabase instance for license validation only.
  • Bug report recipient — If you choose to share a bug report, log files are shared via the share sheet to a recipient of your choosing.

Section 08

Network security

All communication between StockRoom and the Supabase licensing server is encrypted over HTTPS.

Communication with the iVend Retail API server (/iVendAPI/iVendAPI.svc/WebAPI) uses the transport protocol configured by your organisation's iVend Retail environment. Where that environment uses HTTP rather than HTTPS, API credentials and request data are transmitted without transport-layer encryption. StockRoom does not control or modify the iVend Retail API transport layer.

This risk is operationally controlled when StockRoom is deployed within a properly isolated private network (LAN, VLAN, or VPN) with no external access. It is the responsibility of the client's IT administrator to ensure that the iVend Retail API server is not exposed via public IP addresses, port forwarding, or any internet-accessible network configuration.

Before deploying StockRoom, all client IT administrators are required to review and sign the Network Security Acknowledgement — StockRoom Deployment (v1.0), which sets out the specific network isolation requirements and the developer's limitations of liability in full. A copy of this document is provided to the licensed organisation's administrator at onboarding.

Section 09

Children's privacy

This App is intended exclusively for adult employees and contractors in enterprise settings. We do not knowingly collect data from or market to minors under the age of 18.

Section 10

Your rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about your device
  • Request deletion of your device's licensing record from our server
  • Opt out of continued device registration

To exercise any of these rights, contact us at contact@tarirom.co.zw. Please include your device's assigned store name and device model to help us locate your record.

Note that stock count data submitted to your organization's iVend server is controlled by your employer, not by us. For requests relating to that data, contact your organization's system administrator.

Section 11

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this document. Continued use of the App after an update constitutes acceptance of the revised policy.

If we make material changes that affect how we handle personal data, we will notify the licensed organization's administrator.

Section 12

Contact

If you have questions or concerns about this Privacy Policy or the data practices of StockRoom, please contact:

TariroM.

Emailcontact@tarirom.co.zwWebsitetarirom.co.zw

StockRoom is developed and maintained by TariroM., The iVend platform is a product of CitiXsys Technologies. StockRoom is an independent integration application and is not affiliated with or endorsed by CitiXsys Technologies.

← Back to portfolio

© 2026 TariroM. · v1.2