1. Scope
This policy explains how QRTool.org collects, uses, shares, and protects personal data.
2. Data We Collect
- Account data: name, email, password
- Billing data through Stripe
- QR and analytics data (scan time, device, location, referrer)
- Technical logs (IP, browser, session cookies)
3. Legal Bases
Contract performance, legitimate interests, consent, and legal obligations.
4. Use of Data
Provide the service, run billing, prevent fraud, support users, improve performance, and enforce legal terms.
5. Sharing
Data may be shared with essential processors (e.g., Supabase, Stripe, hosting, email). We do not sell personal data.
6. Retention
Active accounts: while active.
Canceled accounts: deletion target within 30 days unless legal retention applies.
Billing records: up to 7 years.
7. Your Rights
Access, correction, deletion, portability, restriction, objection, and consent withdrawal where applicable.
Requests: privacy@qrtool.org (target response: 30 days).
8. Security
Encryption, access controls, monitoring, and incident response are applied, but no system is risk-free.
9. Transfers
International transfers use safeguards such as SCCs where required.
10. Cookies
Essential cookies run core functions. Analytics/functional cookies follow consent requirements.
11. Children
Service is not intended for users under 18.
12. Contact
privacy@qrtool.org
dpo@qrtool.org
[Your Business Address]