Privacy Policy – AFISOL CMMS Mobile App

Developer / Provider: Afisol (Pvt) Ltd
Platforms: Android & iOS
Effective date: 2026-03-05
Last updated: 2026-03-05
Summary
AFISOL CMMS Mobile is an enterprise maintenance application used by customer organizations to manage service requests, work orders, preventive maintenance, assets, and inventory activities. We collect and process only the information necessary to provide CMMS functionality, secure access, and operational support. We do not sell personal data and we do not use the app for advertising.

1. Scope

This Privacy Policy explains how Afisol (Pvt) Ltd (“Afisol”, “we”, “us”) collects, uses, stores, and protects information when you use the AFISOL CMMS Mobile App (“App”). The App is intended for workplace/enterprise use by employees, contractors, and authorized users of organizations (“Customer Organizations”) that deploy or subscribe to AFISOL CMMS.

2. Roles: Data Controller & Processor

Customer Organization as Controller: In most deployments, your Customer Organization (e.g., your employer or the organization that provided your account) is the data controller for operational data entered into the CMMS (for example: service requests, work orders, asset information, inventory transactions, approvals).

Afisol as Processor/Service Provider: Afisol generally acts as a data processor/service provider, processing data on behalf of the Customer Organization to provide and support the CMMS service according to contracts and instructions.

3. Information We Collect

3.1 Information you provide (entered or uploaded in the app)

  • Account and profile details provided by your organization (e.g., name, employee code, department, role, email/phone if configured).
  • CMMS operational data you create or update (e.g., service requests, work orders, checklist results, meter readings, spare-part issues/receipts, notes, comments, approvals, statuses).
  • Photos and attachments you upload (e.g., asset condition photos, breakdown evidence, job completion photos) and file metadata (file name, size, upload time).

3.2 Information collected automatically

  • Device and app information: device model, OS version, app version/build, language, and identifiers required for app operation (e.g., push notification token).
  • Log and diagnostic data: crash logs, performance diagnostics, and error reports to maintain stability and security.
  • Usage information: limited feature-usage events (e.g., screens opened, actions completed) used for troubleshooting and quality improvement.
  • Network information: IP address and timestamps may be processed in server logs for security, fraud prevention, and troubleshooting.
Crash/diagnostic tools
If your deployment enables crash reporting (for example, Firebase Crashlytics or similar tools), diagnostic data may be sent to the selected provider to help identify crashes and improve reliability. This typically includes device/app information, crash stack traces, and event timestamps. It does not include your passwords.

3.3 Information we do not intentionally collect

  • We do not intentionally collect sensitive personal data (such as health data, biometric identifiers) through the App.
  • We do not collect contact lists, SMS content, or call logs.
  • We do not sell personal information.

4. How We Use Information

We use information for the following purposes:

  • Provide CMMS features such as authentication, role-based access, service requests/work orders, asset identification, preventive maintenance, and inventory transactions.
  • Operational communication such as push notifications and in-app alerts (e.g., assigned work orders, approvals required, upcoming PM tasks), when enabled by your organization.
  • Security including access control, session management, audit trails, fraud/abuse prevention, and protecting organizational data.
  • Support and troubleshooting including responding to support requests, investigating errors, and maintaining service continuity.
  • Quality improvements including improving usability, reliability, and performance.
  • Compliance where required by law or contractual obligations (for example, audit logging configured by the Customer Organization).

Where applicable under privacy laws (for example, GDPR or similar frameworks), we process information on the following bases:

  • Contract / Service Delivery: to provide CMMS functionality under agreements with Customer Organizations.
  • Legitimate Interests: to operate, secure, and improve the App and services, and prevent misuse.
  • Legal Obligations: to comply with applicable laws and lawful requests, where required.
  • Consent (where required): for specific device permissions such as notifications, camera, or optional location features.

6. App Permissions

The App requests permissions only when required for a feature. You can manage permissions in your device settings. Some features may not work if you deny required permissions.

Permission Why it is needed When it is used
Camera Scan QR codes / barcodes for asset identification; capture photos for work evidence and documentation. Only when you open scanning or photo capture features. Camera is not used in the background.
Photos / Media / Files Attach existing images/documents to service requests/work orders, and download/view attachments where enabled. Only when you choose to upload, view, or download files.
Notifications Work order assignments, approvals, reminders (e.g., PM schedules), and important system notices. When your organization enables notifications and you grant permission.
Network / Internet Connect securely to your organization’s CMMS server/API. During normal app use.
Location (optional, if enabled by your organization) Site-based verification (e.g., confirm a task is performed at a site) or mapping assets. Only if your organization enables location-based features and you grant permission. We do not access location in the background unless explicitly enabled and disclosed.

7. Sharing & Disclosure

We share information only in the limited ways described below:

  • With your Customer Organization: CMMS operational records you create or update are available to authorized users within your organization’s CMMS environment.
  • Service providers: We may use vetted vendors for hosting, email delivery, push notifications, and diagnostics. They process data only to provide services to us and under contractual obligations.
  • Legal and safety: We may disclose information if required to comply with applicable law or lawful requests, or to protect rights, safety, and security.
  • Business changes: If Afisol is involved in a merger, acquisition, or asset sale, information may be transferred as part of that transaction, subject to confidentiality protections.

No advertising: We do not share your information with third parties for their marketing or advertising purposes.

8. Third-Party Services

The App may rely on third-party services to operate core functionality. Depending on deployment and configuration by the Customer Organization, the following providers may receive limited data (such as identifiers, diagnostics, and delivery tokens) for service delivery:

  • Firebase Crashlytics (or similar): crash reporting and diagnostics.
  • Firebase Cloud Messaging (FCM) (or similar): push notification delivery tokens and message delivery.
  • Hosting / infrastructure providers: application hosting, backups, and network security.
  • Email/SMS delivery providers (if enabled): message delivery to organization-configured recipients.

Third-party providers process data under their own privacy policies and our contractual controls. We do not authorize third parties to use this data for their advertising purposes.

9. Data Retention

Retention of CMMS records is typically controlled by the Customer Organization and/or contractual requirements. We retain information for as long as needed to provide services, meet legal obligations, resolve disputes, enforce agreements, and maintain security/audit requirements.

  • Operational records (e.g., work orders, service requests) are retained according to your organization’s CMMS retention settings or policies.
  • Logs and diagnostics are retained for a limited period necessary for troubleshooting and security.
  • Backups may retain data for a defined backup window as part of disaster recovery.

10. Security

We implement reasonable technical and organizational measures to protect information against unauthorized access, alteration, disclosure, or destruction. Security practices may include (depending on deployment): encrypted transport (TLS/HTTPS), role-based access control, audit logging, secure credential handling, and restricted administrative access.

Your security also depends on your device and account practices. Keep your device updated, use a device passcode, and do not share your login credentials.

11. Your Rights & Choices

Your rights may vary based on your country and because the App is used on behalf of a Customer Organization. Where applicable, you may have rights to request access, correction, deletion, restriction, objection, or portability of your personal information.

  • CMMS records and profile changes: Contact your Customer Organization’s administrator/HR/IT team first, as they control most CMMS records.
  • App permissions: You can control camera, photos/files, notifications, and optional location permissions via device settings.
  • Support: If you need assistance from Afisol, contact us and include your organization name and app version.

12. Account Deletion & Data Deletion Requests

Because AFISOL CMMS Mobile is commonly used as an enterprise app, accounts are usually created and managed by the Customer Organization.

  • User requests: If you want your account deleted or want removal of personal information, contact your Customer Organization’s administrator/HR/IT team.
  • Organization requests: Customer Organizations may contact Afisol support to request deletion or anonymization of data where applicable and permitted by contractual/legal requirements.
  • Limitations: Some data may be retained for compliance, audit, security, or legal reasons (for example, audit logs or required operational records).

13. Children’s Privacy

The App is not directed to children under 13 (or the equivalent minimum age in your jurisdiction) and is intended for workplace/enterprise use. We do not knowingly collect personal information from children.

14. International Transfers

Depending on your organization’s hosting and support arrangements, information may be processed in countries other than where you live or work. When transfers occur, we apply appropriate safeguards consistent with applicable laws and contractual commitments.

15. Tracking, Advertising & Cookies

  • No advertising: The App does not show ads.
  • No tracking for advertising: We do not use the App to track users across apps/websites for targeted advertising, and we do not sell personal data.
  • Cookies: The mobile app itself does not use browser cookies in the way websites do. If the App displays web content (for example, help pages), those pages may use standard web technologies according to their own policies.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and revise the “Last updated” date above. If changes are material, Customer Organizations may be notified through administrative channels.

17. Contact Us

If you have questions about this Privacy Policy or privacy practices, contact:

Afisol (Pvt) Ltd
Email: info@afisol.com
Website: www.afisol.com
Phone: (+94) 77 717 1760

This policy is intended to be suitable for publication on a public URL for Google Play and Apple App Store requirements. Customer Organizations may require additional contractual or jurisdiction-specific terms.

© Afisol (Pvt) Ltd. All rights reserved.
Privacy Policy