Privacy Policy

Last updated: July 2025 • Effective: QRKey is now live

Our Privacy Commitment

QRKey is built on privacy-first principles. We believe in transparent data practices and minimal data collection. This policy explains exactly what we collect, why we collect it, and how we protect your information.

Key Promise: We never sell your personal data to third parties. Ever.

What We Collect

For Passengers

  • QR scan timestamp and location (city level only)
  • Offer redemption status (to prevent duplicate claims)
  • No personal identifiers, names, or contact information
  • No tracking across websites or apps

For Businesses

  • Business name, address, and contact information
  • Campaign performance metrics (scans, redemptions)
  • Payment and billing information
  • Communication preferences

For Drivers

  • Driver identification and vehicle information
  • QR scan metrics for earnings calculation
  • Payment information for earnings distribution
  • Participation preferences and status

How We Use Your Data

  • Service Operation: To connect businesses with customers and calculate driver earnings
  • Fraud Prevention: To prevent duplicate offer claims and system abuse
  • Performance Analytics: To provide businesses with campaign insights
  • Payment Processing: To handle business billing and driver payments
  • Service Improvement: To enhance user experience and system performance

Data Sharing & Third Parties

We share data only when necessary for service operation:

  • Payment Processors: Secure payment handling (Stripe, PayPal)
  • Analytics Services: Anonymized usage statistics only
  • Legal Requirements: When required by law or to protect rights

We never sell personal data to advertisers or marketing companies.

Data Security

We implement industry-standard security measures:

  • End-to-end encryption for all data transmission
  • Secure cloud infrastructure with regular security audits
  • Limited employee access on a need-to-know basis
  • Regular security updates and vulnerability testing
  • GDPR-compliant data handling practices

Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your personal data
  • Portability: Receive your data in a machine-readable format
  • Object: Object to processing of your personal data

To exercise these rights, contact us at privacy@qrkey.eu

Data Retention

  • Passenger Data: Scan data retained for 12 months for analytics, then anonymized
  • Business Data: Retained while account is active plus 7 years for legal requirements
  • Driver Data: Retained while participating plus 3 years for payment records
  • Communication Data: Customer service records retained for 2 years

Contact & Updates

Questions about your privacy? We're here to help:

We may update this policy as our service evolves. Major changes will be communicated via email to registered users.

Join QRKey Waitlist