Privacy Policy

Introduction

Gold Manager Pro is developed and operated by Fonsek Companies LLC, a Michigan limited liability company ("we," "us," or "the Company"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our inventory management application ("the Application") for precious metals businesses.

Information We Collect

We collect the following types of information:

• Account Information: Name, email address, and authentication credentials (through Google, Apple, or email sign-in).
• Business Data: Store name, locations, product inventory, and purchase and sale transactions you enter.
• Employee Information: Names, email addresses, and roles of employees you register in the application.
• Usage Data: Information about how you use the application to improve our services, including feature usage, session duration, and interaction patterns.
• Payment Information: Processed securely through Apple App Store, Google Play Store, and RevenueCat. We do not store your credit card numbers directly.
• Device Information: Device type, operating system version, and unique device identifiers for app functionality.
• Biometric Authentication Data: Face ID, Touch ID, or fingerprint data used solely for device authentication (see "Biometric & Face Data" section below for full details).
• Transaction Photos: When enabled by the store owner, the Application may capture and store photos of items being purchased, customer identification documents (e.g., driver's license), and customer photos. These images are stored in Firebase Cloud Storage and may be transmitted to law enforcement reporting services as described in the "Police Reporting & Law Enforcement Data Sharing" section below.
• Customer Information for Police Reports: When police reporting is enabled, transaction records may include customer name, date of birth, address, identification number, physical description, and other details required by law enforcement agencies.

Biometric & Face Data

Gold Manager Pro offers optional biometric authentication (Face ID, Touch ID, and fingerprint unlock) as a convenience feature to secure access to the app. This section explains in detail how we handle biometric and face data:

How Biometric Authentication Works:

• When you enable Face ID, Touch ID, or fingerprint unlock in Gold Manager Pro, the app uses your device's built-in biometric authentication system (Apple's LocalAuthentication framework on iOS).
• The biometric authentication process occurs entirely on your device. Gold Manager Pro only receives a success or failure response from the operating system — we never receive, access, process, or store any biometric data, face geometry, facial feature maps, or fingerprint data.
• Your face data and fingerprint data are stored exclusively in the device's Secure Enclave, which is managed by Apple's operating system.

Face Data Retention:

• Gold Manager Pro does not retain any face data at any time. We have no ability to access, extract, or store face data from your device.
• No face data is transmitted to our servers, stored in our databases, or included in any backups.
• Since we do not collect face data, there is no retention period — zero face data is stored by our application.

Third-Party Sharing of Face Data:

• Gold Manager Pro does not share face data with any third parties. Since we do not collect or have access to face data, there is no face data to share.
• None of our third-party service providers (Firebase, RevenueCat, or any other) receive, process, or store any biometric or face data from our application.

Purpose of Biometric Features:

• The sole purpose of biometric authentication in Gold Manager Pro is to provide a secure and convenient way for users to unlock and access the app, protecting sensitive business and transaction data.
• Biometric authentication is entirely optional and can be enabled or disabled at any time in the app's Settings.

Police Reporting & Law Enforcement Data Sharing

Gold Manager Pro offers optional police reporting features that, when enabled by the store owner, automatically transmit transaction data to law enforcement agencies. This section explains how data is shared through these services:

RISSProp Integration:

• RISSProp is a law enforcement property reporting platform operated by the Regional Information Sharing Systems (RISS), a program funded by the U.S. Department of Justice.
• When enabled, transaction data — including customer name, date of birth, address, identification details, physical description, item descriptions, and transaction photos (item, ID, and customer photos) — is formatted into an XML report and uploaded to RISSProp's servers.
• Data is transmitted to and stored on Microsoft Azure Government Cloud infrastructure (.usgovcloudapi.net), which meets U.S. government security and compliance standards (FedRAMP High, CJIS, IRS 1075).
• Once submitted, the data is accessible to authorized law enforcement personnel through the RISSProp platform. Gold Manager Pro has no control over how law enforcement agencies use, retain, or share this data after submission.
• The store owner is responsible for obtaining any required customer consent and complying with local, state, and federal regulations regarding the reporting of secondhand goods transactions to law enforcement.

Email Reports:

• When enabled, transaction reports may be sent via email (as CSV attachments) to configured recipients, which may include local law enforcement agencies (e.g., sheriff departments).
• Email reports contain transaction details including customer information, item descriptions, and transaction metadata.
• Email reports do not include transaction photos as attachments.

LeadsOnline Integration:

• LeadsOnline is a law enforcement property reporting service operated by LeadsOnline LLC.
• When enabled, transaction data — including customer name, date of birth, address, identification details, item descriptions, transaction amounts, and photos (customer photo, ID photo, and item photos encoded as Base64) — is formatted into a SOAP XML request and transmitted to LeadsOnline's servers via their web service API (hosted at w3api.leadsonline.com).
• For interoperability with law enforcement systems, certain item values may be standardized or normalized before transmission (for example, language normalization and measurement format normalization such as pulgadas → in).
• Photos included in submissions are configurable by the store owner (customer photo, ID photo, item photo) and are downloaded from Firebase Cloud Storage, converted to Base64 format, and embedded directly in the SOAP request sent to LeadsOnline.
• Once submitted, the data is accessible to authorized law enforcement personnel through the LeadsOnline platform. Gold Manager Pro has no control over how law enforcement agencies use, retain, or share this data after submission.
• Your LeadsOnline API credentials (Store ID, username, password) are stored in your Firebase account configuration and transmitted to LeadsOnline's API during each submission. Gold Manager Pro does not share these credentials with any other party.
• Automatic "No Transaction Day" reporting (optional): If you enable this feature, our servers run a scheduled background process that, once per day at the time and timezone you configure, transmits a "No Transaction Day" notice to LeadsOnline for days on which your store recorded no buy transactions. This automated transmission contains only your Store ID, API credentials, and the calendar date — no customer or transaction personal data is included. This feature is disabled by default and can be turned off at any time per store.

How We Use Your Information

We use your information to:

• Provide and maintain our inventory management services
• Process transactions and generate reports you request
• Send important notifications about your account
• Improve and personalize your experience in the application
• Provide technical support when you request it
• Prevent fraud and unauthorized access
• Submit transaction reports to law enforcement agencies when police reporting features are enabled by the store owner (see "Police Reporting & Law Enforcement Data Sharing" above)
• Comply with legal obligations
• Enforce our Terms of Service

Data Storage and Security

Your data is stored securely using:

• Firebase (Google Cloud): World-class infrastructure with encryption in transit and at rest.
• Microsoft Azure Government Cloud: When police reporting via RISSProp is enabled, transaction data and images are transmitted to Azure Government Cloud servers (.usgovcloudapi.net), which comply with U.S. federal security standards including FedRAMP High, CJIS, and IRS 1075.
• Secure Authentication: We use OAuth 2.0 protocols and encrypted PIN storage.
• Restricted Access: Only you and employees you authorize can access your data.
• Regular Security Updates: We continuously monitor and update our security measures.

Data Sharing

We do not sell or rent your personal information. We only share data in the following circumstances:

• With Your Consent: When you invite employees to your business account.
• Service Providers: Firebase (storage), RevenueCat (payments), email services (invitations). These providers are bound by confidentiality agreements.
• Law Enforcement Reporting: When police reporting features are enabled by the store owner, transaction data (including customer personal information and photos) is shared with law enforcement agencies through RISSProp, email reports, or other configured reporting channels. See "Police Reporting & Law Enforcement Data Sharing" section for full details.
• Legal Requirements: When required by law, court order, or competent authorities.
• Business Transfers: In connection with any merger, acquisition, or sale of assets, your data may be transferred.
• Protection of Rights: To protect our rights, privacy, safety, or property, or that of our users or the public.

Third-Party Services

We use the following third-party services:

• Google Firebase: Cloud storage, authentication, and analytics
• RevenueCat: Subscription and payment processing
• Apple App Store / Google Play Store: App distribution and payments
• Third-party price APIs: Gold and precious metal price data (reference only)
• RISSProp (RISS): Law enforcement property reporting platform operated by the Regional Information Sharing Systems program, funded by the U.S. Department of Justice. Data is hosted on Microsoft Azure Government Cloud. Used only when police reporting is enabled by the store owner.
• LeadsOnline: Law enforcement property reporting service operated by LeadsOnline LLC. When enabled by the store owner, transaction data and photos are transmitted to LeadsOnline's servers via SOAP API for law enforcement access.

Each of these services has its own privacy policy. We encourage you to review their policies.

Your Rights

Depending on your location, you may have the right to:

• Access: Request a copy of your personal data.
• Rectification: Correct inaccurate information.
• Deletion: Request deletion of your account and data.
• Portability: Export your data in a readable format.
• Withdraw Consent: Revoke permissions granted at any time.
• Opt-Out: Opt out of certain data processing activities.

To exercise these rights, contact us at: support@goldmanagerpro.com

Data Retention

We retain your data while your account is active. If you request account deletion:

• Your data will be permanently deleted within 30 days
• Some data may be retained for legal or tax obligations
• Backups are deleted in regular cycles
• Aggregated, anonymized data may be retained for analytics
• Law Enforcement Data: Data previously submitted to law enforcement reporting platforms (RISSProp, LeadsOnline, or via email) cannot be deleted by Gold Manager Pro, as it is under the control of the respective law enforcement agencies. Contact the relevant agency directly regarding retention or deletion of that data.

Cookies and Similar Technologies

The mobile application does not use traditional cookies. However, we use:

• Firebase Analytics: To understand application usage (can be disabled in settings).
• Local Storage: To keep your session active on the device.
• Device Identifiers: For subscription management and fraud prevention.

Children's Privacy

Gold Manager Pro is designed for users 18 years of age and older. We do not knowingly collect information from minors. If you believe we have inadvertently collected information from a minor, please contact us immediately.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws. By using the Application, you consent to such transfers.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to know what personal information is collected
• Right to know whether your data is sold or disclosed
• Right to say no to the sale of personal information (we do not sell your data)
• Right to equal service and price

Governing Law

Changes to This Policy

We may update this policy periodically. We will notify you of significant changes through the application or by email. Your continued use of the application after changes constitutes acceptance of the updated policy.

Data Security Limitations

While we implement reasonable security measures to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.

Contact Information

If you have questions about this Privacy Policy, contact us:

• Email: support@goldmanagerpro.com
• Application: Settings → Contact Support
• Location: Holland, Michigan, USA