1. Introduction
Welcome to Bitopi Asset, an enterprise Asset Management System developed and operated by Bitopi BD, Bangladesh (package: com.bitopibd.ams). This Privacy Policy describes how we collect, use, store, and protect information when you use the Bitopi Asset mobile application. By installing or using the app, you agree to the practices described in this policy.
Bitopi Asset is intended solely for authorized employees of organizations that hold a licensed subscription to the Bitopi Asset platform. It is an enterprise tool and is not a consumer application offered to the general public.
2. Information We Collect
We collect employee profile information necessary for user authentication and role assignment within the application. This includes your full name, username, email address, job designation, department, and a profile photograph (employee image) as registered in your organization's system.
At the time of login, the app collects certain device information to support session management and security auditing. This includes the device's unique Android identifier (ANDROID_ID), the device manufacturer and model name, the installed Android OS version, and the current version of the Bitopi Asset application.
The app also collects asset and business data entered or generated during normal use. This includes asset details such as name, code, category, sub-category, location, and status; photographs of physical assets captured using the device camera; Goods Received Note (GRN) records; and asset transfer, allocation, and audit history. All such data is business-internal and belongs to your organization.
We do not collect personal financial information, precise GPS or location data, contacts, call logs, SMS messages, browsing history, or any information unrelated to the asset management functions of the application.
3. How We Use Information
Employee credentials and profile information are used to authenticate users, verify their identity, and enforce role-based access control so that each user can only access the features and data appropriate to their position within the organization.
Asset data and photographs are used to create, track, update, transfer, and audit physical assets entirely on behalf of your organization. This data drives the core functionality of the application and is not used for any purpose beyond delivering the service.
Device information collected at login helps organizations detect unauthorized access attempts, maintain a reliable audit trail of active sessions, and ensure that the application is being used on approved devices. This information is not used for advertising or behavioral profiling.
All data collected through the Bitopi Asset application is used exclusively to deliver and support the features of the application. We do not use your data for marketing, advertising, or the sale of information to any third party.
4. Data Storage
Data in the Bitopi Asset application is stored in two locations. First, a local Room (SQLite) database on your device caches asset records and session data to enable offline access and improve performance. This local data is temporary and is cleared automatically when you log out or uninstall the application.
Second, all data is synchronized with a backend server managed exclusively by your employing organization, or by Bitopi BD on their behalf under a service agreement. Your organization is the data controller for all business data held on that server, and Bitopi BD acts as the data processor in that context.
5. App Permissions Explained
The Bitopi Asset application requests the CAMERA permission in order to photograph physical assets for documentation and record-keeping purposes. The camera is activated only when you explicitly initiate a photo capture action within the app; it is never accessed in the background or without your direct interaction.
The INTERNET permission is required to synchronize asset records, employee data, and photographs between your device and your organization's backend server. Without this permission, the app cannot communicate with the server and real-time data sync will not be available.
On devices running Android 9 (Pie) or earlier, the app requests the WRITE_EXTERNAL_STORAGE permission to temporarily save captured photographs to device storage before uploading them to the server. This permission is not requested on devices running Android 10 or above, as the operating system provides scoped storage access by default on those versions.
6. Data Sharing & Disclosure
We do not sell, rent, trade, or share your personal information with any third-party advertisers, analytics providers, data brokers, or marketing platforms. The Bitopi Asset application does not integrate any third-party analytics or advertising SDKs such as Firebase Analytics, Google Analytics, AdMob, or Crashlytics. No usage data or personal information is transmitted to any external platform for commercial purposes.
Data entered in the application is transmitted only to the backend server designated and controlled by your organization. Bitopi BD may access anonymized system-level logs solely for the purpose of diagnosing technical issues and maintaining service reliability.
We may disclose personal information if required to do so by applicable law, court order, or government authority, or if we believe in good faith that such disclosure is necessary to protect the legal rights, property, or safety of Bitopi BD, your organization, or others.
7. Data Retention
Employee profile and asset data stored on the backend server is retained for as long as is necessary to fulfill the business operations of your organization, or until your organization submits a formal request for deletion. Your organization, as the data controller, determines the appropriate retention period in accordance with its own policies and applicable legal obligations.
Data cached locally on your device is removed when you log out of the application or uninstall it. If you wish to request deletion of your account data from the server, please contact your system administrator or reach out to Bitopi BD using the contact information provided in Section 11 of this policy.
8. Security
We implement reasonable technical and organizational measures to protect the information processed by the Bitopi Asset application. These measures include credential-based user authentication, role-based access control, and server-side authorization checks to prevent unauthorized data access.
Please be aware that the application may be deployed within private corporate networks where communication between the app and the server may occur over HTTP rather than HTTPS. Organizations deploying the Bitopi Asset platform are responsible for ensuring that their internal network infrastructure meets their own security and compliance requirements. Bitopi BD recommends that all deployments use encrypted transport (HTTPS) wherever possible.
No method of electronic transmission or data storage is completely secure. While we strive to protect your information using commercially reasonable means, we cannot guarantee absolute security against all possible threats.
9. Children's Privacy
Bitopi Asset is an enterprise application designed exclusively for use by adult employees within organizations. It is not directed at children, and we do not knowingly collect personal information from individuals under the age of 13. If we become aware that we have inadvertently collected personal information from a child under the age of 13, we will take prompt steps to delete that information from our systems.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our data practices, the features of the application, or applicable legal requirements. When we make changes, we will revise the "Last Updated" date shown at the top of this page. For material changes that significantly affect how we handle your personal information, we will provide advance notice through the application or through your organization's administrative channel.
Your continued use of the Bitopi Asset application after any changes to this Privacy Policy have taken effect constitutes your acceptance of the revised terms. We encourage you to review this policy periodically to stay informed about how your information is being protected.
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or the way in which your personal data is handled, please do not hesitate to contact us. You may reach Bitopi BD by visiting our website at www.bitopibd.com or by sending an email to info@bitopibd.com. We are based in Bangladesh and will make every effort to respond to your inquiry in a timely manner.