Privacy Policy

Welcome to DaalBhat QR (the "Platform", "we", "us", or "our"). We are committed to protecting your privacy and ensuring a secure experience for all our users.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at https://daalbhatqr.com (the "Site") and use our digital menu creation and QR code services (collectively, the "Service").

Please read this Privacy Policy carefully. By accessing or using our Service, you consent to the collection and use of your information as described herein. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

1. About Us (Data Controller)

The data controller responsible for your personal data under European Union data protection laws is:

• Company Name: DaalBhat QR
• Legal Address: Barcelona, Spain
• Support Email: daalbhatqr@gmail.com
• Website: https://daalbhatqr.com

If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact us at daalbhatqr@gmail.com.

2. Information We Collect

We collect information about you in three ways: information you provide to us, information collected automatically, and information from third parties.

A. Information You Provide to Us

• Account Information: When you register for an account, we collect personal details such as your name, email address, password, business name, and contact details.
• Menu and Business Content: We collect any content you upload to the Platform, including menu item names, descriptions, prices, categories, and images. You own and are responsible for this content.
• Customer Support Communications: If you contact us for support or inquiries, we collect the content of your message, your email address, and any other information you choose to provide.

B. Information Collected Automatically

• Log and Usage Data: We collect information about how you interact with our Service. This includes IP addresses, browser type, device information, access times, pages viewed, and the referring link.
• Analytics Data (via PostHog): We track user behavior and engagement to improve the Service. This includes clicks, feature usage, page transitions, and duration of activity.
• Cookies and Tracking Technologies: We use cookies to keep you logged in, remember your preferences, and analyze how you use our platform. For more details, please see our Cookie Policy.

C. Information from Third Parties

Payment Information (via Stripe): All payments are handled securely by our third-party processor, Stripe. We do not store or have access to your full credit card details or bank credentials. Stripe provides us with transaction confirmation and billing metadata (e.g., zip code, card brand, expiration date).

3. How We Use Your Information

We use the information we collect for the following purposes:

• To Provide and Maintain the Service: To manage your account, generate QR codes, host your digital menus, and process payments.
• To Improve and Optimize the Service: We analyze usage patterns to debug errors, optimize performance, and design new features.
• Anonymous Analytics: We may aggregate and anonymize usage data. We use this anonymous analytics data to improve the platform, identify industry trends, and enhance user experience. Anonymized data cannot be linked back to any individual or specific business.
• To Communicate with You: To send transactional emails, support replies, security alerts, and administrative messages.
• To Ensure Security and Compliance: To detect, prevent, and address fraudulent transactions, terms violations, or illegal activities.

4. Legal Basis for Processing (GDPR Compliance)

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases of the General Data Protection Regulation (GDPR):

• Performance of a Contract: Processing is necessary to fulfill our obligations under our Terms & Conditions (e.g., hosting your menus, processing your subscription).
• Consent: Where you have given clear consent for a specific processing purpose (e.g., subscribing to a newsletter).
• Legitimate Interests: To protect our business interests, improve our platform, prevent fraud, and ensure system security, provided these interests are not overridden by your privacy rights.
• Compliance with Legal Obligations: To comply with tax laws, reporting requirements, or lawful government requests.

5. Third-Party Service Providers

We share your information with trusted third-party service providers who assist us in operating our Platform. These providers are bound by strict data processing agreements and are not permitted to use your data for any other purpose.

• Hosting & Backend Infrastructure: PocketBase (for authentication, database hosting, and secure data storage).
• Payment Processing: Stripe (for secure subscription billing and payment processing).
• Product Analytics: PostHog (for analyzing usage and improving user experience).
• Customer Support & Email Delivery: Secure transactional email providers (for sending notifications and password resets).

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including satisfying any legal, accounting, or reporting requirements.

• Account Data: Retained for the duration of your active account. If you delete your account, we will delete or anonymize your personal data within thirty (30) days, unless tax or legal requirements oblige us to retain it longer (e.g., invoices).
• Menu Content: Retained while your account is active. Deleted immediately upon user-requested deletion of a menu item or account termination.
• Analytics Data: Retained in accordance with our analytics providers' data retention settings, typically no longer than is necessary to achieve the improvement of the Platform.

7. International Data Transfers

Our service providers may store or process your data outside the EEA (such as in the United States). When we transfer data outside the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• Transferring data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
• Using specific Standard Contractual Clauses (SCCs) approved by the European Commission, which give personal data the same protection it has in Europe.

8. Your Data Subject Rights (GDPR)

If you are a resident of the EEA or UK, you have the following rights regarding your personal data:

• Right of Access: You can request a copy of the personal data we hold about you.
• Right to Rectification: You can request that we correct inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten"): You can request that we delete your personal data under certain conditions.
• Right to Restriction of Processing: You can request that we temporarily suspend the processing of your data.
• Right to Data Portability: You can request a transfer of your data to another service provider in a structured, commonly used format.
• Right to Object: You can object to the processing of your personal data based on our legitimate interests.
• Right to Withdraw Consent: If we rely on your consent to process your data, you can withdraw it at any time.

To exercise any of these rights, please contact us at daalbhatqr@gmail.com. We will respond to your request within thirty (30) days. You also have the right to lodge a complaint with your local data protection authority.

9. Age Requirement

Our Service is intended solely for businesses operated by individuals who are at least eighteen (18) years of age. We do not knowingly collect personal data from anyone under 18. If we learn that we have collected personal data from a minor under 18, we will take steps to delete that information as quickly as possible.

10. Security

We implement appropriate technical and organizational measures to safeguard your personal data against accidental loss, unauthorized access, alteration, or disclosure. However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11. Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. We encourage you to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have any questions, comments, or complaints about this Privacy Policy, please contact us at:

• Email: daalbhatqr@gmail.com
• Postal Address: Barcelona, Spain