Who we are
AuraStores (“AuraStores”, “we”, “us”) is a mobile-first store management platform built for pharmacies, retail shops, and multi-branch chains across Zambia. We provide the AuraStores web application at aurastores.app, the AuraStores apps for iOS and Android, and the services behind them — inventory, checkout, sales insights, expenses, staff management, and multi-branch sync.
This policy explains what data we collect when you use AuraStores, why we collect it, who we share it with, and the choices you have. It applies to the web app, the mobile apps, and any AuraStores service that links to it. We’ve written it to be read, not skimmed past — if anything is unclear, ask us.
Information we collect
Account information
When you create an account we collect your name, email address, and a password. Passwords are stored only as salted hashes by our authentication provider — never in plain text, and never visible to our team.
Business and store data
To run your operation, AuraStores stores the data you and your team put into it: store and branch names and locations, business or pharmacy licence details you provide during onboarding, product catalogues, stock levels and batches, sales and checkout records, expenses, and subscription details.
Staff information
Store owners and admins can invite staff. For each staff member we hold the name, email address, assigned role, and branch assignments entered by the store’s owner or admin.
Payment information
Subscription payments are processed by our payment provider, Lipila. When you pay by mobile money or card, your payment credentials go to the provider — we never store card numbers or mobile-money PINs. We keep only transaction references, amounts, and payment status so we can show your billing history and reconcile your subscription.
Device and usage data
We collect device push-notification tokens (so alerts reach your phone), app version, and standard technical logs such as IP address and browser type. We also use privacy-friendly, aggregated web analytics to understand how the product is used overall.
Location
During onboarding you can pin your store’s location on a map. We store that store location. We do not track your personal whereabouts.
How we use your information
We use the data above to:
- Provide and operate AuraStores — including syncing your stock, sales, and staff context across branches and devices in real time.
- Process subscription payments and manage your plan, trial, and billing history.
- Send transactional messages: receipts, staff invitations, account emails, and the push and in-app notifications you’ve enabled (expiry alerts, reorder suggestions, insights digests).
- Generate Aura Insights — analytics computed from your own sales and stock data, for your eyes only.
- Answer support requests and keep the platform secure, including detecting fraud and abuse.
- Improve the product using aggregated, de-identified usage patterns.
- Comply with legal obligations.
What we don’t do: we never sell your data, we never share your business figures with other stores, and we never use your data for third-party advertising.
Our legal bases
We process personal data in line with Zambia’s Data Protection Act, 2021. Depending on the activity, we rely on:
- Contract — most processing is simply what’s needed to deliver the service you signed up for.
- Legitimate interests — keeping the platform secure, preventing abuse, and improving the product in ways you’d reasonably expect.
- Consent — optional communications and notification preferences, which you can withdraw at any time in settings.
- Legal obligation — where we must retain or disclose records under applicable law.
If your employer added you
If you use AuraStores because a store owner or admin invited you as staff, the owner of that store controls the workspace: they decide your role, what branches you can access, and how long your membership lasts. We process your information on their behalf to run the workspace.
Questions about your data inside a store’s workspace — including correcting or removing it — are best directed to the store owner first. You can always contact us too, and we’ll help route the request.
How long we keep data
We keep your data for as long as your account is active. If you cancel or your subscription lapses, your business records are retained for a limited wind-down period so you can come back or export them, after which they are deleted from our production systems. Backup copies age out on a rolling schedule after deletion.
Some records — such as payment and tax-relevant transaction history — may be retained longer where the law requires it. You can request deletion of your account at any time (see your rights below).
How we protect it
Your data is encrypted in transit and at rest, access inside your organization is role-based, and every record is scoped to your business — one store can never see another’s data. Payment credentials never touch our servers.
Security gets its own page: read the full picture at Security at AuraStores.
Your rights and choices
Under Zambia’s Data Protection Act you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Delete your data, subject to the legal retention noted above.
- Export your business data in a usable format.
- Object to or restrict certain processing, and withdraw consent where processing is based on it.
To exercise any of these, email cloverfields.tech@gmail.com from the address on your account. We respond within 30 days. If you’re not satisfied with our answer, you may lodge a complaint with Zambia’s Office of the Data Protection Commissioner.
Children
AuraStores is a business tool and is not directed at anyone under 18. We do not knowingly collect personal data from children; if you believe a child has provided us data, contact us and we will delete it.
Where your data lives
AuraStores is operated from Zambia, but like most cloud software we rely on infrastructure providers whose servers may be located outside Zambia. Wherever your data is processed, it stays protected under this policy and our contracts with those providers, consistent with the Data Protection Act’s requirements for cross-border transfers.
Changes to this policy
When we change this policy we’ll post the new version here and update the date at the top. For material changes we’ll also tell you directly — by email or in the app — before they take effect. Continuing to use AuraStores after a change means you accept the updated policy.
Contact us
For anything privacy-related, email cloverfields.tech@gmail.com. For general help, reach cloverfields.tech@gmail.com.
See also our Terms of service and Security pages.