Privacy Policy

1. Who We Are

QRPath is an online service for designing and ordering printed business cards with branded QR codes. References to “we,” “us,” or “our” in this policy refer to QRPath. Questions or requests about your data can be submitted via our contact page.

2. Information We Collect

Information you provide

• Account details — name, email address, and password.
• Order information — shipping address, billing details, and card design content (logo, text, QR destination URL).
• Communications — any messages you send us via our contact form or email.

Information collected automatically

• Usage data — pages visited, features used, and time spent on the platform.
• Device and browser information — IP address, browser type, and operating system.
• QR scan analytics — when you use our dynamic QR feature, we log anonymised scan counts and timestamps (no personal data from scanners is stored).

3. How We Use Your Information

• To fulfil and ship your orders.
• To operate your account and provide customer support.
• To send transactional emails (order confirmations, shipping updates).
• To improve our platform through anonymised analytics.
• To send product updates or promotional emails — you can unsubscribe at any time.
• To comply with legal obligations.

4. Sharing Your Information

We do not sell your personal data. We share it only with:

• Print fulfilment partners — to manufacture and ship your order.
• Stripe — for secure payment processing. We never store your card details.
• Supabase — our database and authentication provider.
• Law enforcement — when required by law or to protect our rights.

5. Cookies

We use essential cookies to keep you signed in and maintain session state. We may use analytics cookies to understand how users interact with our platform. You can disable cookies in your browser settings, though some features may not function correctly.

6. Data Retention

We retain your account data for as long as your account is active. Order records are kept for at least 7 years for legal and accounting purposes. You may request deletion of your account and personal data at any time — see Section 7.

7. Your Rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Request deletion of your data (“right to be forgotten”).
• Object to or restrict certain processing.
• Data portability — receive a copy of your data in a machine-readable format.

To exercise any of these rights, please contact us. We will respond within 30 days.

8. Security

We implement industry-standard security practices including TLS encryption in transit, hashed passwords, and access controls. No method of transmission over the internet is 100% secure, but we take reasonable steps to protect your information.

9. Children’s Privacy

Our services are not directed at anyone under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or a notice on our platform. The “last updated” date at the top of this page reflects the most recent revision.

11. Contact

If you have questions or concerns about this Privacy Policy or how we handle your data, please get in touch.