Privacy Policy

QRMind ("we", "our", "us") operates the QRMind platform, accessible at qrmind.com and associated mobile-optimised web pages (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Service. By accessing or using the Service you agree to the terms of this policy.

If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2.1 Information You Provide Directly

• Account data: name, email address, password (stored as a salted hash — we never store plain-text passwords).
• Organisation data: company or team name, site and area names you configure.
• Asset data: asset names, categories, descriptions, photos, maintenance schedules, issue logs, and any documents you upload.
• Payment data: billing email and subscription tier. Card details are processed exclusively by Stripe Inc. and are never stored on our servers.
• Communications: any messages or support requests you send to us.

2.2 Information Collected Automatically

• Log data: IP address, browser type, pages visited, timestamps, and referring URLs.
• Usage data: features used, QR code scans, API calls, and error events.
• Cookies and similar technologies: session cookies required for authentication, and optional analytics cookies. You may disable non-essential cookies in your browser settings.

2.3 Information from Third Parties

• Supabase (database and authentication infrastructure) processes data on our behalf.
• Stripe provides billing and subscription status signals.
• Resend processes outbound transactional emails on our behalf.
• OpenAI processes queries you submit to the AI assistant feature; queries may be retained by OpenAI subject to their own privacy policy.

We use the information we collect to:

• Provide, operate, and maintain the Service.
• Process transactions and manage your subscription.
• Send transactional emails (invitations, alerts, maintenance notifications) that are necessary for the Service to function.
• Respond to support requests and improve user experience.
• Monitor and analyse usage to detect abuse, bugs, and security incidents.
• Comply with applicable legal obligations.

We do not sell your personal data to third parties. We do not use your data for behavioural advertising.

We may share your information only in the following circumstances:

• Service providers: Supabase, Stripe, Resend, OpenAI, and Vercel, acting as data processors under appropriate data-processing agreements.
• Team members: Other users within your organisation (tenant) can see asset data, logs, and team membership as configured by your account owner.
• Legal requirements: We may disclose information if required by law, court order, or government authority, or to protect the rights, property, or safety of QRMind, our users, or the public.
• Business transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred. We will provide notice before your data is transferred.

We retain your account data and asset data for as long as your account is active or as needed to provide the Service. If you close your account, we will delete or anonymise your personal data within 90 days, except where retention is required by law or legitimate business interest (e.g. billing records, fraud prevention).

We implement commercially reasonable technical and organisational measures to protect your data, including TLS encryption in transit, encrypted database storage, row-level security policies, and access controls. However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, and you acknowledge and accept this risk by using the Service.

Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal data, or to restrict or object to its processing. To exercise any of these rights, contact us at legal@qrmind.com. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

We use strictly necessary cookies to maintain your authenticated session. We may use analytics cookies to understand how users interact with the Service. You can control cookie preferences through your browser settings. Disabling session cookies will prevent you from logging in.

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

Your data may be processed in countries outside your country of residence, including the United States and the European Economic Area, where our service providers operate. By using the Service, you consent to such transfers. We ensure appropriate safeguards are in place where required by law.

We may update this Privacy Policy from time to time. We will post the revised policy on this page with a new effective date and, for material changes, notify you by email or prominent notice within the Service. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at: legal@qrmind.com