tillkiller

Privacy Policy

Last updated: 12 June 2026

TillKiller is a point-of-sale and member-tab app for clubs and volunteer organisations ("clubs"). This policy explains what information the app handles, where it lives, and how to have it corrected or removed. We aim to comply with the New Zealand Privacy Act 2020.

Who holds your information

Most of the information in TillKiller is entered and controlled by your club — the club decides which members to add, what to record against a tab, and who can see it. TillKiller (the developer) stores and processes that information on the club's behalf. If you are a club member with a question about your data, your first stop is your club's committee; we will also help directly via the contact below.

What we collect

• Account details — the email address and password used to sign a device into TillKiller (passwords are handled by Firebase Authentication; we never see them in plain text).
• Club and member records — member names, roles, and the running tab ledger (purchases, payments, balances, adjustments and refunds) that the club records through the till.
• Operational records — till sessions, stock levels, and an audit trail of significant actions (who opened a session, changed a setting, issued a refund).
• PINs — member PINs are stored only as one-way bcrypt hashes; the original PIN cannot be recovered from what we store.
• Crash and diagnostic data — via Firebase Crashlytics, to find and fix bugs. This may include device model and app version; it does not include tab contents.

What we don't do

• We don't sell or rent any data, to anyone, ever.
• We don't run advertising or share data with ad networks.
• We don't read your club's ledger except to provide support you have asked for, or as required by law.

Where it lives

Data is stored in Google Firebase (Cloud Firestore, Authentication, Storage and Crashlytics), operated by Google LLC, which may process data on servers outside New Zealand. Google acts as our processor under the Firebase Data Processing Terms.

Retention and deletion

Club records are kept for as long as the club's account is active — a tab ledger is a financial record, so clubs typically retain it for their own accounting obligations. When a club closes its account, its data is deleted on request — see how to delete your account. Individual members can ask their club (or us) to correct their details; ledger entries are append-only by design, so corrections are recorded as adjustments rather than silent edits.

Your rights

Under the Privacy Act 2020 you may request access to, and correction of, personal information we hold about you. Contact us and we'll respond promptly. If you're not satisfied, you can complain to the Office of the Privacy Commissioner.

Changes

If this policy changes materially we'll update this page and note it in the app's release notes. The "last updated" date above always reflects the current version.

Contact

Privacy questions, access or deletion requests: privacy@bringbright.com