Platform Documents

1. Introduction

This Privacy Policy describes how SmartPoint Solutions LLC ("we", "us", "our") collects, uses, and protects personal data in the SP ONE mobile application ("Application"). SP ONE is a customer-facing application used to track parcels, receive shipment notifications, select nearby pickup points (PVZ/PUP), and manage personal orders. The Application is distributed via Google Play.

By installing or using the Application, you confirm that you have read and agreed to this Privacy Policy. If you do not agree, please uninstall the Application and discontinue its use.

2. Legal Basis for Data Processing

• Performance of contract — order tracking, shipment notifications, account management.
• User consent — for optional permissions (location, notifications). May be withdrawn at any time via device settings.
• Legitimate interests — fraud prevention, security monitoring, service improvement.
• Legal obligation — applicable requirements of the Kyrgyz Republic, including the Digital Code (No. 178 of 31.07.2025) and the Law on Personal Information (No. 58 of 14.04.2008).

3. Information We Collect

We apply the principle of data minimization: we collect only data strictly necessary to operate the Application.

3.1 Data Provided by the User

• Phone number (required) — used for OTP-based authentication and as the primary account identifier.
• First name and last name (required) — used to create the SP account, display in the personal cabinet, and identify you when picking up parcels at a PVZ.
• E-mail (required) — used for transactional messages (welcome letter, account events) and as a fallback channel for one-time authentication codes.
• Referral source (optional) — free-form answer to "How did you hear about Smart Point?" used solely for internal product analytics. Skipping the field has no effect on the service.
• Order data — tracking numbers, statuses, weight/dimensions (when provided by carriers), pickup point of destination.
• Selected pickup point per cargo company — your preferred PVZ/PUP for each connected cargo, so partners know where to deliver your parcels.

3.2 Location Data (Optional)

The Application may request approximate location to render your position on the PVZ map and help you find the nearest pickup point. The Android permission used is ACCESS_COARSE_LOCATION (network-based, ~1–3 km accuracy). Precise GPS is not requested.

Location is read only while the Application is in the foreground, used in-session, and never stored on our servers or transmitted to third parties. Permission may be revoked at any time via Settings → Apps → SP ONE → Permissions. If denied, the map still works — you simply will not be shown on it.

3.3 Technical Data

• FCM push token (Firebase Cloud Messaging) — used exclusively to deliver push notifications to this specific device. The token is registered with our backend on login and deactivated on logout, so notifications stop reaching the device until you sign in again.
• Device model, operating system version, application version.
• IP address (server-side request logs, retained short-term for security).
• Crash and diagnostic data (Firebase Crashlytics) — stack traces, OS / device model and a non-PII user identifier (internal numeric client_id or partially masked phone). No message contents, no user-entered values, no exact phone number are ever sent to Crashlytics.
• Clipboard read (OTP autopaste only) — when the one-time-code (OTP) screen is open, the Application reads the clipboard once to detect a 4–6-digit code and offer a "Paste" hint. The clipboard content is processed only on-device, is never stored, and is never transmitted to our servers or third parties. On Android 12+ and iOS 14+ the operating system may show a system-level "App pasted from clipboard" indicator — this is expected.
• Background data refresh — the Application uses Android background-fetch to periodically refresh order and dashboard data. The background tasks call the same authenticated endpoints as the foreground app and do not collect any additional data.

3.4 Local Authentication Data (On-Device Only)

The Application offers an optional on-device app lock with a 4-digit PIN and / or biometric unlock (Face ID, Touch ID, Fingerprint or Iris, depending on device support). All data related to this lock is stored exclusively on your device:

• PIN code — never stored in plaintext. Only a salted SHA-256 hash is kept in the Android Keystore / iOS Keychain inside the application's private sandbox. The salt is also generated and stored locally per-installation. The PIN is never transmitted to our servers or any third party.
• Biometric authentication — the Application does NOT collect, see, store or transmit your biometric data (fingerprint, face geometry, etc.). Biometrics are handled exclusively by the operating system (Android BiometricPrompt / iOS LocalAuthentication). The Application only stores an opaque "unlock token" in Keystore / Keychain, protected by the device's biometric subsystem. We receive a simple yes/no answer from the OS — nothing else.
• Idle timeout, lock state, and the fact that lock is enabled — stored locally in the application's private storage (AsyncStorage). Not synced to any server.

Disabling the app lock or signing out of the account immediately clears the PIN hash, the biometric unlock token and the related settings on this device.

4. Device Permissions

The Application does NOT request camera, precise location, contacts, microphone, SMS, storage, or boot-completed permissions. Optional permissions are requested in-context and can be revoked at any time via device settings.

5. How We Use Data

• Order tracking, shipment status updates, and delivery notifications.
• Displaying nearby pickup points (PVZ/PUP) and your selected pickup point per cargo company.
• One-time code (OTP) authentication delivered via push notification, e-mail, or Telegram bot (when linked).
• Welcome and transactional e-mails (registration confirmation, account events).
• Security, fraud prevention, and abuse monitoring.
• Aggregated, non-identifying analytics for product improvement.

6. Data Sharing

• SmartPoint backend (SP Linker) — primary data controller-side processor: account management, order processing, delivery of notifications. Hosted under our control.
• Cargo partners and pickup points (PVZ) — receive: your SP-code, name, phone, selected pickup point, and the parcels associated with you. This is necessary for the cargo partner to register an inbound shipment to you and for the PVZ to identify you at pickup.
• Firebase / Google LLC — receives FCM push token, push payload metadata (Cloud Messaging) and crash reports (Crashlytics).
• Google LLC (Maps SDK for Android) — when you open the PVZ map, Google receives standard map-tile requests, including your IP address and the visible map region.
• External links — when you tap a website, WhatsApp, Telegram, Instagram, Google Play, or App Store link of a cargo partner, you leave the Application; the privacy policy of the destination service applies.
• Government and regulatory authorities — only when required by applicable law of the Kyrgyz Republic.

We do not sell personal data and do not share it for advertising.

7. Third-Party Services

Google LLC privacy policy: https://policies.google.com/privacy

8. Data Retention

9. Data Security

• HTTPS/TLS encryption for all data in transit between the Application and SmartPoint backend.
• OTP-based authentication with one-time codes; no passwords are stored on the device.
• The long-lived refresh token is stored in the Android Keystore / iOS Keychain (hardware-backed where available) and never leaves the device sandbox. The short-lived access token lives in the application's private storage and is rotated automatically.
• Optional app lock: PIN is stored only as a salted SHA-256 hash inside Android Keystore / iOS Keychain; biometric authentication is delegated to the operating system and the Application never sees actual biometric data.
• On logout the Application immediately clears: access and refresh tokens, FCM device registration on the server, PIN hash, biometric unlock token, locally cached order data and crash-report user identifier.
• Locally cached data (auth tokens, profile cache, FCM token) is stored within the application's private sandbox provided by Android / iOS, isolated from other applications.
• Role-based access controls on the backend.
• Continuous monitoring against unauthorized access and regular security assessments.

10. User Rights

As a data subject under Chapter 11 of the Digital Code of the Kyrgyz Republic and the Law "On Personal Information", you have the right to:

• Access — request a copy of personal data we hold about you (within 15 working days).
• Rectification — correct inaccurate data (within 10 working days). Most fields are editable directly in the in-app Account screen.
• Erasure — request deletion of your personal data (processed within 30 calendar days).
• Restriction of processing — within 15 working days.
• Portability — receive your data in a machine-readable format where technically feasible (within 30 calendar days).
• Withdraw consent — disable optional permissions (location, notifications) at any time via device settings; immediate effect.
• File a complaint — to the operator at support@smartpoint.kg or to the competent supervisory authority.

11. Account Deletion

You can stop being a client of any specific cargo company directly from the Application (cargo detail screen → "Перестать быть клиентом"). For full SP-account deletion (removal of all personal data including phone, name, e-mail, FCM token and historical orders) please contact support@smartpoint.kg from the e-mail registered in your account. Requests are processed within 30 calendar days. An in-app "Delete Account" action is planned for a future release.

12. Age and Children's Privacy

The Application is intended for individuals aged 18 or older. Persons aged 14 to 17 may use the Application only with the consent of their legal representative, in line with the Public Offer (Terms of Use). We do not knowingly collect personal data from individuals under 14. If we become aware that such data has been submitted, we will promptly delete it.

13. Advertising

The Application contains no advertisements and no advertising SDKs. We do not collect or use advertising identifiers (GAID/IDFA) and we do not perform marketing profiling.

14. International Data Transfers

Some third-party services (Firebase, Google Maps) are operated by Google LLC, whose servers may be located outside the Kyrgyz Republic. Such transfers are protected by standard technical and contractual safeguards provided by Google.

15. Google Play Compliance

• No background or precise location is collected.
• No advertising identifiers are collected or used.
• All optional permissions are requested in-context and clearly explained.
• Data collection is limited to the data strictly required for core functionality.
• Users can revoke consent for optional permissions and request account deletion at any time.

16. Changes to This Privacy Policy

When material changes are made we will update the Effective Date above and display an in-app notice before the new version takes effect. Where required by law we will request renewed consent.

Appendix: Data Safety Summary

Data Collected and Shared