Overview
RhinoX Ledger is built on an offline-first philosophy. Your business data — invoices, inventory records, vouchers, customer information, and financial entries — is stored locally on your device by default. We do not transmit, sell, or analyse your business data without your explicit action.
We collect only the minimum personal information necessary to operate the service (e.g. your email address for account authentication) and we are transparent about every category we handle.
Your data stays on your device. We never access your business records unless you explicitly choose to sync to the cloud.
Data We Collect
We may collect the following categories of information:
Account & Identity Information
Your name and email address when you register for a RhinoX Ledger account. Used solely for authentication and licence management.
Business Data Stored locally
Inventory items, vendor and customer records, purchase/sales invoices, accounting vouchers, journal entries, and fiscal reports. This data never leaves your device unless you voluntarily initiate a cloud backup.
Application Preferences
Theme settings, language, notification preferences, and other UI configuration stored on your device.
Diagnostic & Crash Data Opt-in only
If enabled, anonymised crash reports and diagnostic logs may be sent to help us improve stability. This feature is opt-in and can be disabled in settings at any time.
Payment Information
If you purchase a subscription, payment is processed by our third-party payment provider. We do not store your credit card numbers or financial instrument details on our servers.
How We Use Your Data
We use the information we collect to:
- Create and manage your RhinoX Ledger account and licence.
- Authenticate you when you sign in across devices.
- Send important service notices, licence expiry alerts, and security updates by email.
- Process subscription payments and issue receipts.
- Improve the application's performance and fix bugs (using only anonymised diagnostic data).
- Respond to your support requests and communicate with you.
- Comply with applicable laws and legal obligations.
We will never use your data for targeted advertising, sell it to third parties, or use your business records for any analytical or commercial purpose.
Data Storage & Security
Your business data is stored in an encrypted local database (Isar) on your device. We employ the following technical measures:
🔒 Local Encryption
The database file is protected by the OS file-permission model and, where supported, hardware-level encryption.
🔑 PIN Protection
An optional PIN lock prevents unauthorised access to the application on your device.
☁️ Cloud Backup Encryption
Backup snapshots are encrypted in transit (TLS 1.2+) and at rest (AES-256) on Supabase storage.
👤 Account Security
Account credentials are managed via Supabase Auth with modern hashing standards.
Despite these measures, no method of electronic storage is 100% secure. We encourage you to maintain local backups and use strong, unique passwords.
Data Sharing & Disclosure
We do not sell, trade, or rent your personal information. We may share limited data with the following parties:
Supabase
Our backend infrastructure provider for account authentication and optional cloud backup storage. Supabase processes data under strict data processing agreements.
Payment Processors
Third-party payment gateways (e.g., Stripe or equivalent) for subscription billing. These parties are bound by their own privacy policies and PCI-DSS standards.
Legal Authorities
If required by applicable law, court order, or government regulation, we may disclose account information. We will notify you of such requests unless legally prohibited.
Cloud Sync (Optional Feature)
Cloud synchronisation is entirely optional. When you choose to use "Sync to Cloud," a compressed and encrypted snapshot of your business data is uploaded to your personal Supabase storage bucket.
- You always control when syncs occur — we do not perform background uploads without your action.
- Cloud data is associated with your account only and is not accessible to Studio Habre for analytical purposes.
- You may delete your cloud backup at any time from within the application settings.
- Disabling cloud sync does not affect local functionality in any way.
Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
Request a copy of the personal data we hold about you.
Request correction of inaccurate or incomplete data.
Request deletion of your account and associated personal data. Note: locally stored business data can only be deleted by you on your device.
Export your business data as a local file directly from the application at any time without our involvement.
Object to or restrict certain processing activities.
Where processing is based on consent (e.g., optional diagnostics), you may withdraw it at any time.
To exercise any of these rights, contact us at rhinoxledger@gmail.com. We will respond within 30 days.
Children's Privacy
RhinoX Ledger is a business application intended for use by individuals aged 16 and above. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.
Changes to This Policy
We reserve the right to update this Privacy Policy at any time. Material changes will be communicated via an in-app notification and/or an email to registered users at least 14 days before the changes take effect. Continued use of RhinoX Ledger after the effective date constitutes acceptance of the revised policy.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, please reach out:
Developer of RhinoX Ledger