Privacy Policy

1. Introduction

White Label QR ("we," "us," or "our") is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and other applicable EU data protection laws.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our QR code generation and management service.

2. Data Controller Information

3. Personal Data We Collect

3.1 Data You Provide Directly

• Account Information: Email address, first and last name, company name (optional)
• Billing Information: Payment method details (processed by Stripe), billing address, invoice history
• Service Usage: QR code configurations, white-label domain preferences, custom branding choices

3.2 Data Collected Automatically

• Technical Data: IP address (country/region level), browser type, device information, access timestamps
• Analytics Data: QR code scan counts, user interaction patterns, feature usage statistics

4. Legal Basis for Processing

• Contract Performance: Account management, service delivery, billing, and support
• Legitimate Interest: Service improvement, security, and important communications
• Consent: Marketing communications and non-essential cookies
• Legal Obligation: Tax compliance and law enforcement requests

5. How We Use Your Data

• Primary Service Functions: Account management, QR code generation, analytics, redirection services
• Service Improvement: Platform optimization, feature development, bug fixes
• Security and Compliance: Fraud prevention, legal compliance, data protection

6. Data Sharing and Third Parties

We share data only with trusted third-party service providers who assist in operating our service:

• Stripe: Payment processing and billing management
• AWS: Cloud infrastructure and data storage
• Google Analytics: Website usage analytics (anonymized data only)

Important: We do not sell, rent, or trade your personal data to third parties for marketing or commercial purposes.

7. Data Security

• Technical Measures: Encryption in transit (TLS/SSL) and at rest (AES-256), access controls, network security
• Organizational Measures: Employee training, access policies, incident response procedures
• Data Breach Response: 72-hour notification, immediate containment, guidance for users

8. Data Retention

• Account Data: Retained while account is active, deleted within 30 days after account deletion
• Analytics Data: Retained for 24 months
• Billing Data: Retained for 7 years (legal requirement)

9. Your Data Rights (GDPR)

Under GDPR, you have the following rights:

• Right of Access: Request a copy of all personal data we hold about you
• Right to Rectification: Correct inaccurate or incomplete information
• Right to Erasure: Delete your account and associated data ("Right to be Forgotten")
• Right to Data Portability: Export your data in machine-readable format
• Right to Restrict Processing: Limit data processing to essential functions
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Stop marketing communications and non-essential processing

10. Exercising Your Rights

11. International Data Transfers

Data Location: All data is stored within the European Union (Netherlands). We do not transfer data to countries outside the EU/EEA.

12. Cookies and Tracking

• Essential Cookies: Authentication, security, and functionality (required for service)
• Analytics Cookies: Service improvement and performance monitoring (consent-based)
• Cookie Management: Control through browser settings and our preference center

13. Children's Privacy

Minimum Age: 18 years old. Parental consent required for users under 18. We do not knowingly collect data from children under 13.

14. Changes to This Privacy Policy

We may update this Privacy Policy. Material changes require 30 days advance notice via email. Continued use constitutes acceptance of changes.

15. Contact Information

16. Data Protection Authority

17. Legal Basis Summary