Privacy Policy

Last updated: April 4, 2026

Sanji Solutions LLC ("Sanji," "we," "us," or "our") operates the sanjisolutions.io website and the Sanji mobile application (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, phone number, company name, and business address. If you create accounts for your team (drivers, sales reps, pickers, managers), we collect their names, emails, and phone numbers on your behalf.

Business Data

We store the business data you enter into the Service, including: customer records, product catalogs, pricing information, orders, invoices, payments, delivery records, route schedules, warehouse inventory, and related operational data.

QuickBooks Data

When you connect your QuickBooks account (Online or Desktop), we access and store synchronized data including customers, products, invoices, credit memos, payments, and vendors. This data is used solely to provide bi-directional synchronization between Sanji and your QuickBooks account.

Location Data

Our mobile application collects GPS location data for proof of delivery, route optimization, and delivery verification. Location data is collected only when actively using delivery features and with your explicit permission.

Device and Usage Data

We automatically collect device information (type, operating system, browser), IP addresses, pages visited, features used, and interaction patterns. This data is used to improve the Service and diagnose technical issues.

Photos and Signatures

Our mobile application may capture photos (delivery proof) and digital signatures (proof of delivery). These are stored securely and associated with the relevant delivery record.

2. How We Use Your Information

  • Provide, operate, and maintain the Service
  • Process transactions and send related information
  • Synchronize data with your QuickBooks account
  • Send administrative notifications (service updates, security alerts)
  • Respond to customer support requests
  • Analyze usage patterns to improve the Service
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

We do not sell, rent, or trade your personal information or business data to third parties. We do not use your data for advertising purposes.

3. Cookies and Authentication

We use httpOnly secure cookies for authentication on the web dashboard. These cookies contain encrypted session tokens and cannot be accessed by JavaScript, protecting against cross-site scripting (XSS) attacks. Our mobile application uses encrypted device storage for authentication tokens.

We do not use third-party tracking cookies or advertising cookies.

4. Data Sharing and Third-Party Services

We share data only with service providers that are essential to operating the Service:

  • Supabase (database hosting) — stores your business data in PostgreSQL with AES-256 encryption at rest
  • Railway (API hosting) — runs our backend server with encrypted volumes
  • Vercel (web hosting) — hosts the web dashboard
  • Expo / Apple / Google (mobile distribution) — distributes the mobile application
  • Intuit QuickBooks — bi-directional data synchronization when you connect your account

These providers process data on our behalf and are contractually bound to protect your information. We do not share your data with any other third parties.

5. Data Security

  • All data transmitted over HTTPS/TLS encryption
  • Passwords hashed with bcrypt (12 salt rounds)
  • Database encrypted at rest (AES-256)
  • Role-based access controls (owner, manager, driver, sales rep, picker)
  • Rate limiting on authentication endpoints
  • httpOnly secure cookies for web sessions
  • Multi-tenant data isolation (each company's data is completely separated)
  • Audit logging for sensitive data access

6. Data Retention

We retain your data for as long as your account is active. Upon account termination, you may request a full export of your data. Data is permanently deleted 30 days after termination unless required by law.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Opt out of non-essential data collection
  • Withdraw consent for data processing

To exercise these rights, contact us at hello@sanjisolutions.io.

8. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. We do not sell personal information.

9. Children's Privacy

Our Service is intended for business use and is not directed to individuals under 18. We do not knowingly collect personal information from minors.

10. International Data Transfers

Your data may be processed in the United States. By using the Service, you consent to the transfer of your data to the United States, where data protection laws may differ from those in your jurisdiction.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Sanji Solutions LLC
Email: hello@sanjisolutions.io
Website: sanjisolutions.io