Privacy Policy

1. Introduction

Qrius.io ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and protect your information when you use our QR code management platform.

2. Data Controller

3. Data We Collect

3.1 Account Information

• Email address
• Name (optional)
• Company name (optional)
• Password (encrypted)

3.2 QR Code Data

• QR code names, slugs, and destination URLs
• QR code customization settings
• Creation and modification timestamps

3.3 Analytics Data

• IP addresses (hashed for privacy)
• Device type, operating system, browser
• Country/region (from IP geolocation)
• Scan timestamps
• Referrer information

3.4 Billing Information

• Stripe customer ID
• Subscription status and plan
• Billing email (if different from account email)

Note: Credit card details are handled exclusively by Stripe and are never stored on our servers.

4. Legal Basis for Processing (GDPR)

We process your data under the following legal bases:

• Contract Performance: To provide our QR code services
• Legitimate Interest: For analytics, security, and service improvement
• Consent: For marketing communications (opt-in)
• Legal Obligation: For tax and accounting requirements

5. How We Use Your Data

• Service Delivery: Create and manage your QR codes
• Analytics: Understand QR code performance and user behavior
• Billing: Process payments and manage subscriptions
• Communication: Send service updates and support responses
• Security: Detect fraud and prevent abuse
• Compliance: Meet legal and regulatory requirements

6. Data Storage and Security

6.1 Location

All data is stored in the European Union (Stockholm, Sweden) to ensure GDPR compliance.

6.2 Security Measures

• Encrypted data transmission (TLS 1.3)
• Encrypted passwords (bcrypt)
• IP address hashing for privacy
• Regular security audits
• Access control and authentication
• Database backups with encryption

6.3 Data Retention

• Account data: Retained while your account is active
• QR scan data: Retained for 24 months for analytics
• Deleted account data: Purged within 30 days
• Billing records: Retained for 7 years (legal requirement)

7. Data Sharing

We do NOT sell your data.

We share data only with:

7.1 Service Providers

• Stripe: Payment processing (PCI DSS compliant)
• Hosting: EU-based servers (GDPR compliant)

7.2 Legal Requirements

We may disclose data if required by law, court order, or to protect our rights.

8. Your Rights (GDPR)

You have the right to:

• Access: Request a copy of your data
• Rectification: Correct inaccurate data
• Erasure: Delete your account and data ("right to be forgotten")
• Portability: Export your data in machine-readable format
• Restriction: Limit how we process your data
• Object: Opt out of marketing communications
• Withdraw Consent: For consent-based processing

How to Exercise Your Rights: Email [email protected]

9. Cookies and Tracking

We use minimal cookies:

• Session Cookie: Required for login (deleted when you log out)
• Remember Me: Optional persistent cookie for convenience

We do NOT use third-party tracking cookies or advertising cookies.

10. Children's Privacy

Our service is not intended for users under 16 years old. We do not knowingly collect data from children.

11. International Data Transfers

All data remains in the EU. If you access our service from outside the EU, your data will be transferred to and processed in the EU under GDPR protection.

12. Changes to This Policy

We may update this policy. Significant changes will be notified via email. Continued use of our service constitutes acceptance of the updated policy.

13. Contact Us

14. Supervisory Authority

You have the right to lodge a complaint with the Swedish Data Protection Authority (Datainspektionen):