Application Privacy Policy
NetStore Pro | Operated by Solcall Services Pty Ltd (ACN 610 122 391)
Effective date: 1 July 2025 | Last updated: 24 June 2026
1. Introduction
Solcall Services Pty Ltd ("Solcall", "we", "our", "us") is committed to protecting the privacy of all individuals who use the NetStore Pro mobile application ("Application"). This Privacy Policy describes how we collect, use, disclose, store, and protect your personal information, and explains your rights under the Privacy Act 1988 (Cth) ("Privacy Act") and the Australian Privacy Principles ("APPs") contained in Schedule 1 of that Act.
By installing or using the Application, you agree to the collection and use of information as described in this Policy. Where we are required to obtain your explicit consent (particularly for sensitive information), we will do so at the point of collection.
2. Personal Information We Collect
2.1 Account & Identity Information
- Full name, email address, and password (hashed)
- Employee role and associated business entity
- Profile settings and preferences
2.2 Device & Technical Information
We automatically collect certain technical information when you use the Application, including via the device_info_plus SDK:
- Device model, manufacturer, and hardware identifier
- Operating system type and version
- Application version number
- Network type and connectivity status
- IP address (logged by third-party services)
2.3 Location Information
If you use features powered by Google Maps (such as store or customer location lookup), the Application may request access to your device's GPS or network-based location. Location data is used only to render map views and is not stored on our servers beyond the session.
2.4 Camera & Image Data
The Application uses your device camera and photo library for:
- Barcode scanning — via mobile_scanner — to read product or inventory barcodes. Camera frames are processed locally on your device and are not transmitted or stored.
- Image capture — via image_picker — to photograph products or documents. Images you capture may be uploaded to our secure cloud storage.
2.5 Biometric Information (Sensitive)
The Application offers optional biometric authentication (Face ID or fingerprint) via the local_auth SDK. Biometric data is processed entirely by your device's operating system (iOS Face ID / Android Biometrics) and is never transmitted to or stored by Solcall or any third party. We receive only a cryptographic pass/fail signal from the OS. You may opt out of biometric login at any time in the Application's Settings screen without affecting your ability to use the Application.
2.6 Health & Consent Information (Sensitive)
If you use the Piercing Consent feature, the Application collects:
- Customer name, date of birth, and contact details
- Whether the customer is a minor (under 18)
- Parent or legal guardian name and contact details (where applicable)
- Physical health disclosures relating to body piercing
- Digital signatures of the customer or their parent/guardian
- Terms & Conditions agreement timestamp
This information constitutes health information and, where the subject is a minor, children's personal information — both of which are sensitive under the Privacy Act. Collection occurs only with the explicit consent of the individual (or their parent/guardian for minors) at the time of completing the form. This data is retained for the period required by applicable recordkeeping laws (see Section 9).
2.7 Signature Data
Digital signatures captured within the Application (via the signature SDK) are encoded as image data and stored securely in our cloud database. Signatures form part of the legal consent record and may be retrieved in the event of a dispute or regulatory inquiry.
2.8 Push Notification Tokens
The Application registers a Firebase Cloud Messaging (FCM) token with your device via firebase_messaging. This token is a unique identifier used to deliver push notifications to your device. It is stored on our servers and with Google LLC (see Section 5). You can disable push notifications at any time via your device's notification settings.
2.9 Crash & Error Diagnostics
We use Firebase Crashlytics (Google LLC) and Sentry (Functional Software Inc.) to automatically collect crash reports and error logs. This data may include:
- Stack traces and application state at the time of the crash
- Device identifiers and operating system information
- Network request metadata (URLs, response codes, timing)
- User identifiers (where set) for the purpose of attributing errors to user sessions
This data is used solely to identify, diagnose, and resolve software defects.
2.10 Session Replay & Performance Monitoring (Sentry)
The Application uses Sentry's Session Replay feature, which may record anonymised replays of your screen interactions (taps, scrolls, navigation flows) to help us identify usability issues and bugs. Sentry is configured to mask sensitive input fields (passwords, PINs, and signature pads) so that their content is not captured. Session replay data is transmitted to and stored by Functional Software Inc. (Sentry) in the United States and is retained for 30 days before automatic deletion. You cannot opt out of session replay while using the Application, but you may contact us at enquiries@solcall.com.au to request deletion of any replay data associated with your account.
2.11 Local Device Storage
The Application stores data locally on your device using:
- shared_preferences — for non-sensitive settings such as your agreement to this Privacy Policy, theme preferences, and navigation state.
- flutter_secure_storage — for security-sensitive values such as authentication tokens and session credentials. This data is encrypted using your device's secure enclave (iOS Keychain / Android Keystore).
3. How We Use Your Personal Information
We collect and use personal information only for purposes that are reasonably necessary for, or directly related to, the operation of the Application (APP 3). Those purposes include:
- Authenticating your identity and providing secure access to the Application
- Delivering the features and services you access within the Application
- Storing and retrieving business records (inventory, customers, consent forms)
- Sending push notifications relating to your account and operational alerts
- Diagnosing and resolving software crashes and errors
- Monitoring Application performance and improving user experience
- Complying with our legal and regulatory obligations
- Responding to your enquiries and support requests
We will not use your personal information for direct marketing without your prior consent, and will provide a simple opt-out mechanism in all such communications.
4. Disclosure of Personal Information
We may disclose personal information to:
- Our employees and contractors who require access to provide the Application's services
- Our professional advisers (lawyers, accountants, auditors) under confidentiality obligations
- Government authorities or law enforcement agencies where required by law
- Third-party service providers listed in Section 5
We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.
5. Overseas Disclosure of Personal Information (APP 8)
The Application relies on the following third-party services that may process personal information outside Australia. Before disclosing personal information to these recipients, we take reasonable steps to ensure they handle it in a manner consistent with the APPs. By using the Application, you consent to this overseas disclosure.
| Service Provider | SDKs / Features | Country | Privacy Reference |
|---|---|---|---|
| Google LLC (Firebase) | Authentication, Database (Firestore), File Storage, Push Notifications (FCM), Crash Reporting (Crashlytics), Cloud Functions | United States | firebase.google.com/support/privacy |
| Google LLC (Maps) | Google Maps (location display) | United States | policies.google.com/privacy |
| Functional Software Inc. (Sentry) | Error tracking, performance monitoring, session replay | United States | sentry.io/privacy |
| Oracle Corporation | ERP / business data integration (where applicable) | United States | oracle.com/legal/privacy |
You acknowledge that, under APP 8.1, Solcall remains accountable for the acts and practices of these overseas recipients. If an overseas recipient does not comply with the APPs, you may still lodge a complaint against Solcall with the Office of the Australian Information Commissioner (OAIC).
6. Sensitive Information
We collect the following categories of sensitive information (as defined in the Privacy Act), only with your explicit consent or where permitted by law:
| Category | How Collected | Purpose |
|---|---|---|
| Biometric identifiers (Face ID / fingerprint) | Device OS only — not transmitted | Optional app authentication |
| Health information (piercing disclosures) | Piercing Consent form | Legal consent record |
| Children's personal information (minors) | Piercing Consent form (parent/guardian consent) | Legal consent record |
7. Security of Personal Information (APP 11)
We implement reasonable physical, technical, and organisational measures to protect personal information from misuse, interference, loss, and unauthorised access, including:
- Encryption of all data in transit using TLS 1.2 or higher
- Encryption of sensitive credentials on-device using iOS Keychain / Android Keystore
- Role-based access controls on our cloud databases and storage
- Automatic masking of sensitive fields in session replay and error logs
- Signed and verified Application releases
While we take these steps, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee the absolute security of data transmitted to or from the Application.
8. Notifiable Data Breaches (NDB Scheme)
We are subject to the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act. If we have reasonable grounds to believe that an eligible data breach has occurred — meaning unauthorised access to or disclosure of personal information that is likely to result in serious harm to any affected individuals — we will:
- Assess the breach as quickly as possible (within 30 days of becoming aware)
- Notify affected individuals and the OAIC as soon as practicable after confirming an eligible breach
- Provide guidance on steps individuals can take to protect themselves
To report a suspected data breach, contact us immediately at enquiries@solcall.com.au.
9. Data Retention
We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law (APP 11.2).
| Data Category | Retention Period |
|---|---|
| Account and profile information | Duration of active subscription, plus 90 days after termination |
| Piercing consent records (health information) | 7 years from date of record (or as required by applicable law) |
| Signature data | 7 years from date of capture |
| Crash reports & error logs (Crashlytics) | 90 days |
| Session replay recordings (Sentry) | 30 days |
| Network request logs (Sentry) | 90 days |
| Push notification tokens | Until deregistered or account terminated |
When data is no longer required, we take reasonable steps to destroy it or ensure it is de-identified.
10. Your Rights — Access & Correction (APP 12 & APP 13)
You have the right to:
- Access the personal information we hold about you (APP 12)
- Correct any personal information that is inaccurate, out-of-date, or incomplete (APP 13)
- Request deletion of personal information we are not required by law to retain
- Withdraw consent for processing based on consent (e.g., biometric authentication, push notifications)
To exercise any of these rights, contact us at enquiries@solcall.com.au. We will respond within 30 days. In limited circumstances we may be unable to provide access (e.g., where doing so would unreasonably affect another person's privacy); we will advise you of any such refusal and the reasons.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Application before the changes take effect. Continued use of the Application after the effective date of any update constitutes your acceptance of the revised Policy.
The date this Policy was last updated is displayed in the header above.
12. Complaints
If you believe we have breached the APPs or you wish to make a privacy complaint, please contact our Privacy Officer:
- Email: enquiries@solcall.com.au
- Post: Solcall Services Pty Ltd, Privacy Officer, Level 2, 696 Bourke Street, Melbourne VIC 3000
We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days. If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by calling 1300 363 992.
13. Contact Us
For any questions about this Privacy Policy or our privacy practices, please contact:
- Company: Solcall Services Pty Ltd (ACN 610 122 391)
- Email: enquiries@solcall.com.au
- Website: solcall.com.au
© 2026 Solcall Services Pty Ltd (ACN 610 122 391). All rights reserved.
This document was prepared for compliance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. It does not constitute legal advice. Solcall Services recommends seeking independent legal advice regarding any specific privacy obligations applicable to your use of this Application.