QRever

Privacy Policy

We collect very little, on purpose.

This page is written to be read, not scrolled past. The short version: no IP addresses on scans, no tracking of your customers, no selling of anything to anyone.

Last updated: 19 June 2026

  1. 01

    What we collect, and why

    Account data. Your email address and a hashed password (or your Google identity if you sign in with Google). This exists so you can log in and own your codes. Free static codes need no account, so for those we collect nothing at all.

    Purchase records. Which product you bought, the amount, the currency, and the payment gateway’s order ID. We never see or store your card number, UPI PIN, or bank details — payments are processed entirely by Razorpay (India) or Dodo Payments (everywhere else).

    Your codes and pages. The destinations, labels, designs, and page content you create. This is your data; we host it.

    Scan analytics. When someone scans a paid code, we record the country, a coarse city, the device type (mobile, desktop, or tablet), the referrer, and a timestamp. That’s the complete list.

  2. 02

    What we never collect

    No IP addresses are stored for scans. Not hashed, not truncated, not “anonymized” — not stored. The country and city come from CDN edge headers and the IP is discarded.

    No precise location. City-level at most, and only coarsely.

    No fingerprinting. Device type comes from the user-agent string and nothing else.

    People who scan your codes are your customers, not our product. We do not build profiles of them, and we have nothing to sell about them.

  3. 03

    RSVP data on event pages

    If you publish an event page with RSVP enabled, guests submit a name and phone number. That data is visible only to you, the page owner. We collect no email and store no IP for RSVP submissions (an IP is used transiently for rate-limiting and then discarded).

    For this guest data you are the data controller and QRever is your processor: you decide what to collect and why, and you are responsible for telling your guests how their details will be used. We only store and display it for you, and we delete it when you delete the page.

  4. 04

    Who handles data on our behalf

    We rely on a small number of providers, each for one job. Most act as our processors; the exception is Dodo Payments, which is the seller of record for orders outside India (explained below).

    • Supabase — database, authentication, and file storage.
    • Razorpay — the payment gateway for orders in India. QRever is the merchant; Razorpay processes the card, UPI, or netbanking transaction. We never see your payment credentials.
    • Dodo Payments — our Merchant of Record for orders outside India. For those purchases Dodo is the legal seller: it handles payment processing, billing, sales tax / VAT / GST, refunds, and chargebacks, and its name appears on your receipt.
    • Vercel — hosting and the edge network that serves redirects.
    • Google Analytics — aggregate measurement of how our own website is used. Loaded only with consent for visitors in the EU, UK, and Switzerland (see Cookies).
    • PostHog — product analytics on our own marketing and app pages (which features get used), never on the public pages your codes point to.

    We do not sell data to anyone. We do not share data with advertisers. There are no advertisers.

  5. 05

    The legal bases we rely on

    For visitors protected by the GDPR or UK GDPR, here is the lawful basis for each thing we do:

    • Your account, codes, and pages— performance of our contract with you (Article 6(1)(b)). We can’t give you an account or host your codes without this.
    • Purchase records — partly contract, partly a legal obligation (Article 6(1)(c)): tax and accounting law requires us to keep them.
    • Scan analytics— our legitimate interest (Article 6(1)(f)) in giving you, the code owner, aggregate insight into your codes, balanced against scanners’ privacy by storing no IP address and no precise location.
    • Website analytics cookies — your consent (Article 6(1)(a)), which is why we ask before loading them in the EU, UK, and Switzerland, and which you can withdraw at any time.

    For visitors in India, we process personal data under the Digital Personal Data Protection Act, 2023, on the basis of the consent and notice described in this policy, or where the Act otherwise permits.

  6. 06

    Where your data is processed

    QRever is operated from India, and some of our providers process data in other countries, including the United States. Where personal data protected by the GDPR or UK GDPR leaves the EEA or the UK, the transfer is covered by appropriate safeguards — the European Commission’s Standard Contractual Clauses and/or the provider’s certification under the EU-US Data Privacy Framework (with its UK Extension and the Swiss-US framework). We use providers that commit to one or both of these mechanisms.

  7. 07

    Cookies

    Strictly necessary. A Supabase session cookie keeps you logged in. It is essential, set for everyone, and needs no consent.

    Analytics.Google Analytics and PostHog help us see which features get used on our own site. For visitors in the EU, UK, and Switzerland these load only after you accept our consent banner; until then no analytics cookies are set, and Google Consent Mode keeps any measurement cookieless. Reject, and they stay off. You can change your mind any time by clearing this site’s storage in your browser.

    We use no advertising cookies and no cross-site ad-tracking, and we run no analytics at all on the public pages your codes point to.

  8. 08

    Your rights

    Export and portability. Every paid code has a one-click export — short ID, destination history, and full scan history. No request form, no waiting period.

    Deletion.You can delete any code permanently from your dashboard. To delete your entire account and all associated data, email us and we’ll complete it within 30 days.

    Access and correction.Email us for anything you can’t see or change from the dashboard.

    Objection, restriction, and withdrawing consent. You can object to or ask us to restrict processing we base on legitimate interests, and withdraw analytics consent at any time — withdrawing is as easy as giving it.

    Complaints.If you believe we’ve mishandled your data you can complain to a supervisory authority — your national Data Protection Authority in the EU, the ICO in the UK, or the Data Protection Board of India. We’d genuinely rather you email us first so we can fix it.

  9. 09

    Data retention

    We keep your data for as long as your account exists, because your codes are sold as forever products. Purchase records are retained as long as required by tax law. When you delete a code or your account, the deletion is real — not a soft-hide.

  10. 10

    Changes to this policy

    If we change this policy in a way that matters, we’ll email account holders before the change takes effect. The latest version always lives at this URL, with the date below.

  11. 11

    Grievance officer and contact

    QRever is operated by Sanora Technologies. For anything privacy related, or to exercise any right above, email support@qrever.com.

    Under India’s Digital Personal Data Protection Act, 2023, our Grievance Officer is Gurjot Singh, reachable at gurjot@sanoratech.com. Registered office: F-180, New Delhi, 110092, India. Phone: +91 844-820-9659. We acknowledge and resolve data-protection grievances within 90 days, as the Act requires.

See also: Terms of Service · Refund Policy · The Promise