Privacy Policy

1. Introduction

QR to AI LLC ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service ("Service"). Please read this policy carefully.

2. Information We Collect

2.1 Information You Provide to Us

We collect information that you voluntarily provide, including:

• Account Information: Name, email address, company name, password
• Contact Information: Phone number (when you opt-in for SMS communications)
• Payment Information: Billing address, payment method details (processed securely through third-party payment processors)
• Profile Information: Profile photo, bio, preferences
• Content: QR codes, chatbot configurations, websites, contacts, messages, files
• Communications: Messages you send through our support channels

2.2 Information Collected Automatically

When you use our Service, we automatically collect:

• Device Information: IP address, browser type, operating system, device type
• Usage Data: Pages visited, features used, time spent, click patterns
• QR Code Scan Data: Scan location, time, device type, referring source
• Log Data: Error logs, performance data, API calls
• Cookies and Similar Technologies: See our Cookie Policy below

2.3 Information from Third Parties

We may receive information from:

• Authentication Providers: Google, Microsoft, GitHub (if you sign in through these services)
• Payment Processors: Stripe, PayPal
• Telecommunications Providers: Telnyx (for SMS/voice services)
• AI Services: OpenAI, Anthropic (for chatbot functionality)

3. How We Use Your Information

We use your information for the following purposes:

3.1 Service Delivery

• Provide, operate, and maintain the Service
• Process transactions and manage subscriptions
• Generate and track QR codes
• Enable AI chatbot functionality
• Facilitate SMS and voice communications
• Host and serve your websites

3.2 Communication

• Send account notifications and security alerts
• Provide customer support
• Send SMS messages (only with your explicit consent)
• Send marketing communications (with opt-out option)

3.3 Improvement and Analytics

• Analyze usage patterns to improve the Service
• Develop new features and functionality
• Monitor and analyze performance and stability
• Conduct research and testing

3.4 Legal and Security

• Comply with legal obligations and regulations
• Enforce our Terms of Service
• Detect, prevent, and address fraud and security issues
• Protect our rights, property, and safety

4. SMS/Text Messaging Privacy

4.1 Phone Number Collection

We collect your phone number only when you voluntarily provide it and explicitly consent to receive SMS messages. Providing your phone number and SMS consent is entirely optional and not required to use the Service.

4.2 SMS Consent Records

When you consent to SMS messages, we record:

• Your phone number (in E.164 format)
• Date and time of consent
• IP address at time of consent
• Method of consent (web form, API, etc.)
• Opt-in/opt-out status

This information is retained for compliance with TCPA regulations and may be used as evidence of consent if required.

4.3 SMS Usage

We use your phone number to send:

• Launch notifications and product updates
• Account security alerts
• Promotional and marketing messages
• Service-related communications

4.4 SMS Data Sharing

Your phone number and SMS content are shared with our telecommunications provider (Telnyx) solely for the purpose of delivering messages. We do not sell or rent your phone number to third parties.

4.5 Opt-Out Rights

You can withdraw SMS consent at any time by replying STOP to any message, updating your account settings, or contacting support. When you opt out, we will immediately cease sending promotional SMS but may continue to send essential account notifications via email.

5. How We Share Your Information

We share your information in the following circumstances:

5.1 Service Providers

We work with third-party service providers:

• Hosting: Vercel, Digital Ocean, Supabase
• Payment Processing: Stripe
• Telecommunications: Telnyx (SMS/voice)
• AI Services: OpenAI, Anthropic
• Email: Resend
• Analytics: Posthog, Google Analytics

5.2 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5.3 Legal Requirements

We may disclose your information if required by law, such as:

• In response to subpoenas, court orders, or legal process
• To comply with regulatory requirements
• To protect our rights, property, or safety
• To prevent fraud or security threats

5.4 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

6. Data Security

We implement security measures to protect your information:

• Encryption of data in transit (TLS/SSL) and at rest
• Regular security audits and penetration testing
• Access controls and authentication requirements
• Secure password hashing (bcrypt)
• Database row-level security policies
• Regular backups and disaster recovery procedures

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain your information for as long as necessary to:

• Provide the Service to you
• Comply with legal obligations (e.g., TCPA consent records retained for 4 years)
• Resolve disputes and enforce agreements
• Maintain backups and disaster recovery

When you delete your account, we will delete or anonymize your personal information within 90 days, except where retention is required by law.

8. Your Privacy Rights

8.1 Access and Portability

You have the right to access your personal information and request a copy in a portable format.

8.2 Correction

You can update or correct your information through your account settings or by contacting support.

8.3 Deletion

You can request deletion of your account and personal information, subject to legal retention requirements.

8.4 Opt-Out of Marketing

You can opt out of marketing emails by clicking the unsubscribe link or updating your preferences. For SMS, reply STOP to any message.

8.5 Do Not Track

We currently do not respond to Do Not Track browser signals, but you can control cookies through your browser settings.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Essential Cookies: Required for authentication and security
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Understand how you use the Service
• Marketing Cookies: Deliver relevant advertisements (with consent)

You can control cookies through your browser settings. Note that disabling cookies may limit Service functionality.

10. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect information from children. If we discover that we have collected information from a child under 13, we will promptly delete it.

11. International Data Transfers

Your information may be transferred to and processed in the United States or other countries where our service providers operate. By using the Service, you consent to such transfers. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect, use, and share
• Right to delete your personal information
• Right to opt-out of the sale of your personal information (we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at [email protected].

13. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent

Our legal basis for processing your data includes consent, contract performance, legal obligations, and legitimate interests.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last Updated" date at the top indicates when changes were made. Your continued use of the Service after changes constitutes acceptance of the updated policy.

15. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact: