Legal

Privacy Policy

Last updated: May 2025

1. Who we are

Qrillo ("we", "us", "our") is the controller of the personal data described in this policy. We operate the website qrillo.com and the application at app.qrillo.com. If you have any questions about this policy or how we handle your data, contact us at [email protected].

2. What data we collect

  • Account data — When you register, we collect your name and email address. If you subscribe to a paid plan, billing details (card number, billing address) are processed directly by Stripe - we never store your raw card data.
  • Usage analytics — For every QR link scan or page view we record: approximate country of origin (derived from your IP address) device platform (Android, iOS, Windows, macOS, Linux), and whether the visitor is on mobile or desktop. We also record the date of the visit for monthly trend reports.
  • Contact form submissions — If a visitor fills in a contact form on one of your Qrillo bio or company pages, the submitted name, email, and message are forwarded directly to the page owner by email. We do not retain this data. Rate limiting is applied to prevent spam.
  • Uploaded files — PDFs and images you upload are stored on our servers. When you replace or delete a file, the old version is removed from storage.

3. How we use your data

  • To provide, maintain, and improve the Qrillo service.
  • To display analytics dashboards to you (scans, views, device breakdown).
  • To process payments and manage your subscription via Stripe.
  • To send transactional emails (account verification, password reset, billing receipts).
  • To send service-related notifications to registered users, such as announcements about new features, plan upgrades, or important changes to the service. You can unsubscribe from these emails at any time using the link in each message.
  • To enforce our Terms of Service and prevent abuse.

4. Cookies & tracking

Qrillo uses a minimal session cookie required for authentication (keeping you logged in). We also use Google Analytics on qrillo.com to understand how visitors interact with our marketing website (pages visited, traffic sources, approximate location). Google Analytics uses its own cookies and may transfer data to Google servers. You can opt out via the Google Analytics Opt-out Browser Add-on or by adjusting your browser's cookie settings. The QR scan analytics inside the app do not use cookies - they are derived server-side from request headers.

5. Third-party services

  • Stripe — Payment processing. Stripe may store your billing details under their own privacy policy.
  • Cloudflare — We use Cloudflare for DNS and network delivery. Cloudflare may process request metadata (IP, headers) as part of its service.
  • Google Analytics — We use Google Analytics on the qrillo.com marketing website to measure traffic and user behaviour (pages visited, session duration, referral source). Data is processed by Google under their Privacy Policy. Google Analytics may use cookies and transfer anonymised data to Google servers.

6. Data retention

Account data is kept for as long as your account is active. When you close your account, your data is soft-deleted immediately and permanently removed within 30 days. Analytics data (aggregate country/device counts) may be retained in anonymised form for trend reporting. Contact form submissions are forwarded by email and not stored.

7. Your rights (GDPR)

If you are in the European Economic Area, you have the right to access, correct, or delete your personal data; to restrict or object to processing; and to data portability. To exercise any of these rights, email us at [email protected]. You also have the right to lodge a complaint with your national data protection authority.

8. Data security

We use industry-standard measures to protect your data: HTTPS everywhere, encrypted storage for sensitive fields, and strict access controls. Uploaded files are sanitised before storage and old files are removed when replaced.

9. Children

Qrillo is not directed at children under 16. We do not knowingly collect personal data from anyone under that age. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

10. Changes to this policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact

For any privacy-related questions or requests, email us at [email protected]. We aim to respond within 5 business days.

Contact: [email protected]