Privacy Policy

QRSafe Ltd  ·  Last updated: April 2025

This Privacy Policy explains what personal data QRSafe collects from you, why we collect it, how it is stored and protected, and your rights under applicable data protection law. We have written it in plain English so it is easy to understand.

Who We Are

QRSafe is a secure contact-sharing platform that allows customers to share their personal contact details with retailers via QR code, without verbally disclosing sensitive information. The data controller is QRSafe Ltd, a company registered in England and Wales.

What Data We Collect

When you create a QRSafe account and generate your personal QR code, we collect:

  • First name and last name
  • Email address
  • Phone number
  • Home address (optional)
  • Date of birth (used for age verification purposes only)
  • QR code scan history (which retailers you have shared your details with, and when)

Why We Collect It

We collect and process this data to:

  • Generate and manage your personal QR code
  • Enable retailers to receive the contact details you actively choose to share with them
  • Provide account management, security, and support

We do not use your data for marketing, profiling, or any purpose beyond operating the QRSafe service.

Legal Basis for Processing

We process your personal data on the following legal bases under UK/EU GDPR:

  • Explicit consent (Article 6(1)(a)) — you actively agree to our terms when creating an account and choose which retailers to share your data with each time you present your QR code
  • Performance of a contract (Article 6(1)(b)) — processing is necessary to deliver the QRSafe service you have signed up for

Who We Share Data With

We share your contact details only with the retailers you explicitly choose to share with by presenting your QR code. Each scan is a deliberate, consent-based act by you.

We never sell your data. We never share your data with any third party without your active consent.

How We Store and Protect Your Data

Your data is stored securely using Firebase (Google Cloud infrastructure). All data is encrypted both in transit (TLS) and at rest. Access to data is controlled, logged, and audited. We apply the principle of least privilege to all internal access.

How Long We Keep Your Data

Account data is retained for as long as your account remains active. If you delete your account, your data will be permanently removed within 30 days. You may also request deletion at any time by contacting us at privacy@qrsafe.io.

Your Rights

Under UK/EU GDPR, you have the following rights regarding your personal data:

  • Right to access — request a copy of the data we hold about you
  • Right to rectification — ask us to correct inaccurate data
  • Right to erasure — request that we delete your data
  • Right to restrict processing — ask us to limit how we use your data
  • Right to data portability — receive your data in a portable format
  • Right to object — object to processing based on legitimate interests

To exercise any of these rights, contact us at privacy@qrsafe.io. We will respond within 30 days.

Cookies

We use only essential cookies required for login session management. We do not use advertising, analytics, or tracking cookies of any kind.

Changes to This Policy

If we make material changes to this Privacy Policy, we will notify all registered users by email before the changes take effect.

Contact

For any privacy-related questions or requests, please contact us at:
privacy@qrsafe.io