Kiosk It In Kiosk It In by Floating Sage
Floating Sage  /  Kiosk It In  /  Privacy

Privacy Policy

Last updated: 26 June 2026 · Effective date: 26 June 2026

1.Who we are

Kiosk It In is a point-of-sale, inventory, GST invoicing, and business management application. The app and this website are operated by Neha Yadav, an individual proprietor trading as “Floating Sage”, based in Mumbai, Maharashtra, India.

The app operates on your device, with your business data staying with you. This policy describes what data the app handles, where it is stored, and your rights under India’s Digital Personal Data Protection Act, 2023 (the “DPDP Act”).

2.What data we handle

The following categories of data are stored locally on your device:

  • Customer details — names, phone numbers, email addresses, and UPI VPA identifiers you choose to record.
  • Financial records — sales, invoices, GST amounts, payment methods, UPI transaction references.
  • Service and queue data — service types, walk-in queue entries, appointment times, and any customer notes you record.
  • Online booking data (from Kiosk Me In) — when a customer books you through our Kiosk Me In customer app, you receive their name and the contact needed for the booking, the requested service and time, the booking’s payment and refund status, confirmation that the customer checked in or attended, and any time- and location-stamped photo the customer submits as evidence when a refund is in question. You receive this so you can serve the customer and so payments and refunds are resolved fairly.
  • Staff and admin credentials — usernames and passwords. Passwords are stored securely and the plain password is never stored.
  • Business profile — business name, GSTIN, address, owner details that you enter during setup.
  • Inventory — product names, batch numbers, expiry dates, stock levels.
  • Device-local technical data — a device ID generated on first launch, app session tokens, and per-device sync state.

We do not collect advertising identifiers, contacts, or browsing history. Camera, microphone, and approximate location are used only for specific opt-in features (video appointments and setting your storefront’s map location) — see Sections 4 and 5.

3.Where your data is stored

Your business and customer data lives on your device and is kept encrypted.

Backup files you create are saved to destinations you choose (Google Drive, WhatsApp, an SD card, a connected computer, etc.) — we never see or access those files.

4.Data sharing with third parties

Kiosk It In does not sell or share your data with third parties for advertising, analytics, or profiling. The following narrow exceptions apply only when you explicitly use the relevant feature:

  • WhatsApp Business API (optional, opt-in). If you enable WhatsApp messaging from within the app, customer phone numbers and the invoice or message content you send are transmitted to Meta Platforms via the WhatsApp Business API. This is governed by Meta’s privacy policy. The feature is disabled by default.
  • SMS (optional). If you choose to send a customer notification by SMS, the message is composed by your device’s system SMS app and sent by your mobile carrier. The app does not read your existing SMS messages.
  • Sync between your devices. When you connect multiple of your own devices, your business data is shared between them privately. We do not see this data.
  • Extended sync & cloud services (Cloudflare). If you enable sync between devices that are not nearby, encrypted data may pass through a secure relay operated on Cloudflare. We also use Cloudflare to host the service and to store the limited account data needed for staff invites, multi-device setup, online appointment bookings, and account recovery (for example your business and staff identifiers, and — for an online booking — the customer’s name and contact, the booking’s payment and refund status, the customer’s attendance/check-in confirmation, and any refund-evidence photo they submit). The relay itself cannot read your end-to-end-encrypted business data.
  • Payments (Razorpay). If you accept prepaid bookings or charge for a video appointment, the payment is processed by Razorpay under its own privacy policy. We do not store full card details.
  • Video appointments (LiveKit). If you start an in-app video call, the live audio/video and in-call chat are carried over LiveKit as real-time transport. The call media is not recorded or stored on our servers.

5.Permissions the app uses

Internet
For the optional WhatsApp Business API feature, the optional extended-sync relay, and outbound HTTPS only.
Camera & microphone
Only during an in-app video appointment you start with a customer. Requested at the time of the call; never used in the background, and call media is not recorded or stored on our servers.
Location (approximate, when in use)
Only when you tap “use current location” to set your storefront’s map pin so customers can find you. Foreground only; not tracked in the background.
Access WiFi state & network state
To detect when your devices are nearby for multi-device sync.
Foreground service
To keep your devices in sync while the screen is off. A persistent notification is shown when sync is active. Read more.
Wake lock
To keep sync responsive while the device screen is off.
Read / write external storage (Android 12 and below only)
To create backup files on devices running Android 12 or older. Modern Android versions use scoped storage and do not require this permission.
Vibrate
For brief haptic feedback on button taps.

6.Data security

We take reasonable, industry-standard steps to protect the data on your device:

  • Your business data is encrypted at rest on your device.
  • Passwords are stored securely; we can verify them but never recover them in plain text.
  • Sensitive credentials you provide (such as third-party API tokens) are kept privately and never replicated across devices.
  • All internet traffic to and from the app is sent over encrypted connections.
  • Sync between your own devices is encrypted end to end.
  • Backup files are encrypted; a tampered file will not restore.

No system is perfectly secure. If you discover a security issue, please email privacy@kioskitin.com and we will respond.

7.Your rights under the DPDP Act 2023

Under India’s Digital Personal Data Protection Act, 2023, you have the right to:

  • Access a summary of personal data being processed about you.
  • Request correction or completion of inaccurate or incomplete personal data.
  • Request erasure of your personal data, subject to legal retention obligations.
  • Withdraw any consent you have given, at any time.
  • Nominate another person to exercise these rights in case of your death or incapacity.
  • Make a grievance — see Section 10.

Because all data is stored on your device, you exercise most of these rights directly within the app: edit a customer to correct it, delete a customer to erase their record, uninstall the app to wipe everything. For requests that need our assistance, contact the Grievance Officer below.

8.Data retention

Data is retained on your device until you delete it or uninstall the app. Floating Sage does not enforce automatic deletion. Backup files you have shared to external services are governed by those services’ retention policies.

Indian tax law may require you to retain financial records for a minimum period (commonly 6–8 years for GST records). The app does not delete on your behalf, so you remain in control.

9.Children’s privacy

Kiosk It In is a tool for businesses, intended for adults. We do not knowingly process personal data from children below 18 years of age as users of the app. Where you, as a business operator, record customer data of a minor, you are responsible for obtaining the consent of their parent or legal guardian as required under the DPDP Act.

10.Grievance Officer (DPDP Act §8(10))

For grievances regarding the processing of your personal data under this policy or the DPDP Act 2023, you may contact the Grievance Officer:

Grievance Officer
Neha Yadav (Founder, Floating Sage)
Email
privacy@kioskitin.com
Postal address
Mumbai, Maharashtra, India — full postal address available on request.
Response time
Acknowledgement within 7 working days; substantive response within 30 days, as required by the DPDP Act.

If you are not satisfied with the resolution, you may escalate to the Data Protection Board of India under §27 of the DPDP Act.

11.Data deletion

This section explains how to delete data created or stored by Kiosk It In.

Delete a single customer / record (within the app)

  • Open the customer or record in the app.
  • Tap the menu (…) → Delete.
  • Confirm. The record is removed from your device’s database immediately.
  • If multi-device sync is enabled, the deletion replicates to your other connected devices.

Delete all of your business data

  • Open the app → More → Manage Data → Wipe All Data.
  • Confirm with your admin PIN. The database, in-app backup files and the keys protecting them are all wiped.
  • Or simply uninstall the app — Android removes everything the app stored on the device.

Customer deletion request that you have received

If your customer (a data principal under the DPDP Act) asks you to erase their personal data from your records, you, the business, are the “Data Fiduciary” under the Act and are responsible for fulfilling the request. Use the single-record delete flow above. The app makes this easy by design.

Request our help with deletion

If you cannot access the device (for example, the device is lost, stolen, or broken), email privacy@kioskitin.com with a description of your situation. Note that we cannot delete data we never held — if your data was only ever on your device, the device itself holds the only copy. We can help you re-install on a new device and restore from any backup files you still hold, or guide you through a remote-wipe if your device supports it.

12.Changes to this policy

We may update this policy as the app evolves or as the law changes. Material changes will be reflected in the “Last updated” date at the top of this page and announced inside the app on the next launch following the change.

13.Contact

For privacy questions, data deletion requests, or grievances:

Email (privacy)
privacy@kioskitin.com
Email (general support)
support@kioskitin.com
Hosted policy URL
https://kioskitin.com/business/privacy
Data deletion URL
https://kioskitin.com/business/data-deletion