Wasla Solutions

Wasla POS — Privacy Policy

Last Updated: April 2026

Overview

This Privacy Policy describes how Wasla Solutions LTD ("Wasla", "we", "us") collects, uses, stores and discloses information through the Wasla POS mobile application (the "App") available on iOS and Android. Wasla POS is a business-to-business point-of-sale application used by merchants and their staff (cashiers) to process in-person orders, issue receipts, and operate loyalty programs at physical business locations.

This policy is specific to the Wasla POS App. Use of our website or other Wasla products is governed by our main Privacy Policy.

Who Uses the App

The App is intended for use by authorised staff of businesses that subscribe to Wasla. Accounts are created by the business owner or administrator through the Wasla admin panel. The App is not intended for use by consumers directly.

Information We Collect

1. Account & Authentication Data

When a cashier signs in, we process the login credentials, a session token, the tenant (business) identifier, the assigned branch, and the cashier's display name and role. These are required to authenticate the session and enforce access permissions.

2. Customer Information Entered by Cashiers

When a cashier creates an order or performs a loyalty lookup, the App may transmit to our servers:

  • Customer phone number — used to locate or create the customer record and to identify loyalty cards.
  • Customer name — when provided by the cashier.
  • Order details — items, quantities, prices, discounts, taxes, payments, and loyalty transactions associated with the order.

This data is stored in the business's workspace on Wasla servers and is controlled by the business, which acts as the data controller for its customers' information. Wasla acts as a processor on behalf of the business.

3. Device & Technical Data

We collect technical information required for the App to function, including a device identifier (stored locally via Apple/Google secure storage), operating system version, App version, and connectivity status. Diagnostic information such as crash logs may be collected to improve reliability.

4. Camera

The App requests access to the device camera solely to scan product barcodes during order entry. Camera frames are processed on the device and are not recorded, stored, or transmitted off the device.

5. Location

The App may request access to the device's location to associate an order or a branch check-in with the correct physical branch. Location is used only while the App is in use, is not tracked in the background, and is not shared with third parties.

6. Push Notifications

If enabled, the App registers a push notification token with Apple Push Notification service (APNs) or Firebase Cloud Messaging (FCM) so that we can deliver order, conversation, and operational notifications to the cashier.

7. Offline Storage

To allow the App to continue operating without an internet connection, a local database (SQLite) on the device stores a copy of the products catalogue, pending orders, and the active session. This data lives on the device and is synchronised with Wasla servers when connectivity returns. It is removed on logout or App uninstall.

How We Use Information

  • To authenticate cashiers and enforce access controls.
  • To create, process, and record orders and payments.
  • To operate loyalty programs configured by the business (points, stamps, cashback, gift cards, subscriptions, memberships, discounts).
  • To deliver operational notifications.
  • To diagnose issues, prevent fraud, and improve the App's reliability and security.
  • To comply with applicable law and tax regulations.

Third-Party Services

The App relies on the following third-party services strictly to provide its functionality:

  • Apple Push Notification Service / Firebase Cloud Messaging — delivering push notifications.
  • Pusher / Laravel Reverb — real-time order and conversation updates over secure WebSocket.
  • Expo — application runtime, updates, and crash reporting.
  • Payment processors — where the business has integrated card or digital wallet acceptance, payment data is handled by the processor. Wasla does not store full card numbers.

We do not sell personal data and do not share it with third parties for advertising purposes. The App does not contain third-party advertising SDKs.

Data Retention

Order and customer records are retained for as long as the business maintains an active Wasla subscription, or for the period required by applicable tax and commercial law (in the Kingdom of Saudi Arabia, this is typically up to ten years for tax records). On termination of a business's subscription, data is retained for a reasonable grace period and then deleted or anonymised, subject to legal retention obligations.

Your Rights

Cashiers who use the App may request access to, correction of, or deletion of their personal account information by contacting their business administrator or emailing [email protected].

Customers of a business that uses Wasla POS should direct privacy requests (access, correction, deletion) to that business, as it is the controller of its own customer data. Wasla will assist the business in responding to such requests.

Account deletion requests, including deletion of a cashier account, can be submitted through our Support page or by email to [email protected]. We will process the request and confirm within 30 days of receipt. Frequently asked questions about Wasla POS are answered at wasla.sa/pos/faq.

Children

Wasla POS is a business application and is not directed to children under 18. We do not knowingly collect personal information from children.

Security

All communication between the App and Wasla servers is encrypted in transit using TLS. Session tokens are stored using the device's secure keystore (Apple Keychain on iOS, Keystore on Android). Access to business data is restricted by role-based permissions.

International Transfers

Wasla servers are operated primarily from data centres serving the Kingdom of Saudi Arabia. Some third-party providers listed above may process data outside the Kingdom; in all cases we require appropriate safeguards consistent with applicable data protection law.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be highlighted in the App or on this page with a revised "Last Updated" date. Continued use of the App after changes take effect constitutes acceptance of the updated policy.

Contact

General inquiries: [email protected]
Privacy & data deletion: [email protected]
Address: Riyadh, Kingdom of Saudi Arabia
Phone: +966 554 606 368