Bohni
Start free

Privacy

Privacy policy

Last reviewed 17 May 2026.

Bohni is a self-hosted receivables app for Pakistani wholesalers. This page describes what data we collect, how it's stored, who can access it, and what your rights are. The same policy applies in Roman Urdu & Urdu — translation summary is at the bottom.

1. What data we collect

From you (the business owner / staff):

  • Your name, phone number, password (hashed with argon2id, never stored plain).
  • Your business name, optional default language.
  • FCM device token for push notifications (optional — only if you opt in).
  • The IP and user agent of each session, used for security audit only.

About your customers — entered by you:

  • Customer name, phone, optional CNIC, shop name, address, area tag.
  • Transactions you record (sales, payments, cheques, notes), photos and voice notes you upload, promises you log.

We do not enrich, sell, share, or rent any of this data. We never look up customer phones against any external directory.

2. Where the data lives

  • Server: Hetzner Cloud (Falkenstein, Germany). Bohni is the only tenant on the host.
  • Database: PostgreSQL 16, with row-level isolation by business.
  • Files (photos, voice): MinIO running on the same host. Each file path is scoped to your business ID and includes a UUID, so files are effectively private even though the bucket is publicly readable for performance.
  • Backups:Nightly encrypted snapshots to Hetzner Storage Box (different physical site). Backups inherit the same retention as the live DB; we don't keep copies of deleted records.

3. Who can access your data

  • You and the staff users you invite — scoped by role (owner, cashier, agent).
  • One on-call Bohni operator may access infrastructure (not your records) to keep the service running. Operator access is logged.
  • Law enforcement, only on receipt of a valid court order under Pakistani law. We will tell you unless legally prohibited.

4. Third parties we use

  • SafePay — when you pay for the paid plan. SafePay receives your name, phone, business name, and the payment amount. They process card / wallet details directly; we never see your card number.
  • Google Cloud Vision — only when you upload a cheque photo and your business has cheque OCR enabled. Vision receives just the image bytes for parsing and returns immediately; Google's retention for Vision API content is documented at cloud.google.com/vision/docs/data-usage.
  • Firebase Cloud Messaging (Google) — only when push notifications are enabled. FCM receives device tokens and notification payloads (no customer data).

5. Communications

Bohni does not send WhatsApp, SMS, email or any message to your customers on your behalf. Every tap-to-action icon in the app opens your own device's handler (WhatsApp, SMS app, dialer, mail). Your customers see messages from you, not from Bohni.

6. Your rights

  • Export — request a copy of your business's data at hello@bohni.pk. We'll return a SQL dump within 7 days.
  • Delete— request full deletion at the same address. We'll wipe the live DB and confirm; backups age out within 30 days.
  • Correct — you have direct edit access to every record in your account.

7. Retention

We keep your records as long as your account is active. If you cancel and don't resubscribe within 90 days, we delete the account and notify you by phone first.

8. Security incidents

If we detect a breach affecting your data, we'll notify you by WhatsApp + email within 72 hours and tell you what we know, what we've fixed, and what (if anything) you should do.

9. Children

Bohni is built for businesses; we don't knowingly collect data from anyone under 18.

10. Changes to this policy

Material changes will be flagged on this page with a new Last reviewed date and pushed to logged-in owners via an in-app banner before they take effect.

11. Contact

Privacy questions, export requests, deletion requests — all to hello@bohni.pk. Mail typically answered within 1 working day.

Roman Urdu summary

Bohni aap ke business ki data sirf is server par store karta hai. Aap ke customers ka data aap ke siwa kisi aur ko nahi dikhta. Hum kisi se data share ya bechte nahi. WhatsApp / SMS / call / email hamesha aap ke apne device se jaata hai — Bohni khud kuch nahi bhejta. Data export ya delete chahiye to hello@bohni.pk par bhejein, 7 din mein jawab milega.