Privacy Policy

This Privacy Policy describes how ThinkarHouse (“we”, “us”, “our”) collects, uses, and protects information when you use ThinkERP cloud ERP software, our websites, and our mobile applications (collectively, the “Services”).

ThinkarHouse operates ThinkERP. Our website is https://www.thinkarhouse.com. By using the Services, you agree to this policy. If you do not agree, please do not use the Services.

1. Who this policy applies to

The Services are used by different roles. This policy covers:

• Business users — company owners, managers, and staff who sign in to the web ERP or mobile admin/POS apps.
• Customers — individuals who use the ThinkERP customer mobile app to browse menus, scan table or store QR codes, and place orders at participating businesses.
• Website visitors — people who visit our marketing pages, trial signup, demo portal, or public store/table links.

When a business uses ThinkERP to manage its own customers and employees, that business is the controller of its operational data. ThinkarHouse processes that data on the business’s behalf as a service provider.

2. Information we collect

2.1 Account and profile information

• Name, username, email address, phone number, and password (stored in hashed form).
• Company or store name, address, tax identifiers, and subscription/billing details for tenant accounts.
• Role, permissions, and activity related to your account (for example sign-in times and audit events).

2.2 Business and transaction data

Depending on how your organization uses ThinkERP, we store business records such as products, inventory, invoices, purchases, payments, payroll, attendance, customers, suppliers, quotations, and reports. This data belongs to the subscribing business and is used to provide ERP functionality.

2.3 Device and technical information

• Device type, operating system, app version, and language settings.
• IP address, browser type, and server logs for security and troubleshooting.
• API authentication tokens and session identifiers.

2.4 Camera and QR codes

With your permission, our mobile apps may access the device camera to scan QR codes for purposes such as:

• Table check-in and dine-in ordering at cafés and restaurants.
• Store discovery via company QR codes.
• Outlet WiFi setup (admin scanning a configuration QR from web Settings).
• POS or inventory workflows where barcode/QR scanning is enabled.

Images from the camera are processed on your device to read QR content. We do not use the camera for unrelated purposes such as facial recognition or continuous recording.

2.5 Location, WiFi, and in-store presence

ThinkERP does not continuously track your GPS location. Some features require verifying that a customer or admin device is connected to a shop’s WiFi network:

• The connected WiFi router identifier (BSSID / MAC address) and optionally network name (SSID).
• On Android, reading WiFi network details may require location-related permissions declared by the operating system; we use this only to confirm in-store presence when a merchant enables that setting.
• Signal strength or frequency metadata when submitting WiFi setup from the admin app.

Merchants configure allowed router identifiers in their company settings. We compare your device’s connected network against that list — we do not sell WiFi or location data to third parties.

2.6 Push notifications (Firebase Cloud Messaging)

If you opt in to notifications, we collect and store a Firebase Cloud Messaging (FCM) device token, platform (iOS/Android), and optional device identifier so we can deliver:

• Order, table, and service alerts to customers and staff.
• Business notifications sent by authorized ERP users.

You can disable notifications in your device settings. Logging out of the app deactivates the token on our servers when the app requests it.

2.7 Google Sign-In

If you choose “Sign in with Google”, we receive basic profile information from Google (such as your name and email address) according to the permissions you grant. Google’s use of data is governed by Google’s Privacy Policy.

2.8 Cookies and similar technologies (web)

Our web application uses session cookies to keep you signed in and may use security tools such as Google reCAPTCHA on login or signup forms to prevent abuse. reCAPTCHA may collect device and interaction signals as described in Google’s policies.

2.9 Communications

If you contact us, request a demo, start a trial, or receive system emails (verification, invoices, receipts), we process the information you provide and delivery metadata.

3. How we use information

We use collected information to:

• Provide, maintain, and improve the Services.
• Authenticate users and enforce role-based access controls.
• Process orders, payments, inventory, HR, and accounting workflows.
• Verify in-store WiFi presence when enabled by a merchant.
• Send transactional messages and push notifications you request or that your employer enables.
• Monitor security, prevent fraud, and comply with legal obligations.
• Respond to support requests and analyze aggregated usage to improve reliability.

4. How we share information

We do not sell your personal information. We may share data:

• With your organization — data entered by or about you is visible to authorized users within your company’s tenant.
• With service providers — hosting, email delivery, push notification delivery (Google Firebase), authentication (Google), and security (reCAPTCHA), under contractual safeguards.
• For legal reasons — when required by law, court order, or to protect rights, safety, and integrity of the Services.
• Business transfers — in connection with a merger, acquisition, or asset sale, with notice where required.

5. Data retention

We retain account and business data for as long as your subscription or account is active and as needed to provide the Services, resolve disputes, and meet legal or accounting requirements. Inactive trial accounts may be deleted after a reasonable period. FCM tokens are removed or deactivated when you log out or uninstall the app (subject to app behavior). Server logs are retained for a limited period for security and diagnostics.

6. Security

We use industry-standard measures including encrypted connections (HTTPS/TLS), access controls, password hashing, and tenant isolation. No method of transmission or storage is 100% secure; please use a strong password and protect your device.

7. Your choices and rights

Depending on your location, you may have rights to:

• Access, correct, or delete personal information we hold about you.
• Object to or restrict certain processing.
• Withdraw consent (for example disable camera, location/WiFi, or notification permissions in device settings).
• Export data held in your business account (contact your organization’s administrator or us).

Business users should contact their company administrator for tenant data requests. You may contact us using the details below for account or privacy questions.

8. Children’s privacy

The Services are intended for businesses and general audiences, not children under 13 (or the minimum age in your country). We do not knowingly collect personal information from children. Contact us if you believe we have done so.

9. International use and data location

ThinkERP is a cloud business platform for subscribing organizations (B2B) and the end customers (B2C) who interact with those businesses — for example through ordering, table check-in, or store QR links. Any business may purchase or subscribe to the Services; while we may launch and support certain offerings in specific regions first, our goal is to make the platform available to merchants internationally.

ThinkarHouse is incorporated in Bangladesh. Personal and business data may be stored and processed in Bangladesh and in other countries where we host the Services, where our infrastructure or integrated providers operate (such as email, authentication, or push notification services), or where a subscribing business and its users are located.

If information is transferred across borders, we use appropriate technical and contractual safeguards. Subscribing businesses remain responsible for telling their own customers and staff how they handle data under the laws that apply to them.

10. Third-party links and merchant sites

Public store links (/s/…), table check-in pages (/t/…), and tenant-specific domains may display merchant branding and policies. Those merchants are responsible for their customer-facing practices.

11. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top will change when we do. Continued use of the Services after changes means you accept the updated policy. Material changes may also be communicated in-app or by email where appropriate.

12. Account deletion requests

You can request deletion of your personal data and app accounts associated with ThinkERP. This section explains how to submit a request and what we typically delete or retain.

12.1 How to request deletion

• Web form: Use the account deletion form on this page (section 12).
• Email: Send a message to support@thinkarhouse.com from the email address linked to your account. Include your full name, account type (customer app, ERP staff, or Google sign-in), username or customer ID if known, and the business name if you use a merchant’s store.

We may ask you to verify your identity before processing a request. We aim to respond within 30 days unless a longer period is required by law.

12.2 What we delete (by account type)

Customer app accounts (B2C) — end customers who order or check in at a participating business:

• Profile information (name, email, phone, login identifiers).
• Google Sign-In linkage stored on our side, if applicable.
• Shopping cart contents and saved preferences for that account.
• Order and table check-in history tied to your customer profile at merchants that use ThinkERP.
• Reward points, coupons, and promotion balances linked to your customer account.
• Firebase Cloud Messaging (FCM) device tokens registered for your account.

ERP / POS staff accounts (B2B) — employees or owners who sign in to manage a business:

• Your user login, profile, role assignments, and permissions for that tenant.
• FCM device tokens and mobile session data for your staff account.
• Personal contact details stored in your user profile.

Deleting a staff account does not delete the entire business subscription, inventory, invoices, or other company records. Only a business owner or authorized administrator can request closure of a whole organization account.

12.3 What we may retain

• Transaction records (invoices, payments, tax-related documents) that a merchant or law requires us to keep for accounting, audit, or legal compliance.
• Anonymized or aggregated data that no longer identifies you.
• Security, fraud-prevention, and access logs for a limited period.
• Backup copies until those backups expire on our normal rotation schedule.

If you are a customer of a specific shop or restaurant, that merchant may also hold copies of your orders in their tenant. Contact the business directly for merchant-held data.

13. Contact us

For privacy questions, data requests, or concerns about ThinkERP or our mobile apps:

• Data controller / developer: ThinkarHouse
• Email: sales@thinkarhouse.com
• Website: https://poserp.thinkarhouse.com
• Company site: https://www.thinkarhouse.com