Privacy Policy

1. Introduction

This Privacy Policy describes how NediQR collects, uses, stores, shares, protects, and deletes personal data in connection with our website, dynamic QR code platform, QR landing pages, support workflows, payment workflows, and related services.

By using NediQR, creating an account, generating QR codes, submitting forms, making payments, or interacting with hosted QR pages, users acknowledge that their personal data will be handled as described in this Privacy Policy.

2. Who We Are

NediQR is a dynamic QR code management platform operated by Neuradigitec Swag Private Limited.

3. Personal Data We Collect

Depending on how a user interacts with NediQR, we may collect the following categories of personal data.

• Account data: full name, email address, country, Indian state where applicable, mobile number where applicable, user ID, login status, and account status.
• Verification data: OTP records, verification status, resend attempts, failed attempt count, block status, and related timestamps.
• QR management data: QR name, QR type, destination details, file metadata, project details, QR status, styling choices, short link details, and QR code identifiers.
• Billing and payment data: plan name, billing cycle, invoice details, payment status, payment reference, billing profile details, and transaction-related metadata.
• Support and contact data: support tickets, public contact submissions, enterprise queries, abuse reports, email address, phone number where provided, attachments, internal status, and communication records.
• Usage and scan data: scan counts, timestamps where applicable, device/browser/operating system information where analytics are enabled, approximate location insights where available, referrer details, and unavailable scan counts.
• Technical data: IP-derived security signals, browser information, session data, cookies, logs, fraud-prevention indicators, and security monitoring records.
• Consent data: legal consent status, marketing consent status, consent timestamp, consent source, and changes to consent preferences.

4. How We Use Personal Data

We use personal data only for legitimate platform, business, legal, security, and user-service purposes connected with NediQR.

• To create and manage user accounts.
• To verify users through OTP-based signup, login, and account update flows.
• To generate, manage, edit, pause, delete, restore, and display dynamic QR codes.
• To provide QR scan analytics, reporting, and dashboard summaries based on the user’s plan.
• To process subscriptions, payments, invoices, renewals, upgrades, and Lite 10-Year purchases.
• To provide customer support, respond to contact forms, handle enterprise queries, and process abuse reports.
• To detect misuse, spam, malware, fraud, illegal content, impersonation, or platform policy violations.
• To send necessary communications such as OTP, invoices, subscription reminders, security notices, and policy updates.
• To send marketing communications only where the user has opted in or where otherwise permitted by applicable law.
• To comply with applicable legal, regulatory, accounting, tax, audit, and dispute-resolution obligations.

5. Consent, Legal Consent, and Withdrawal

Where NediQR relies on consent for processing personal data, users are asked to provide clear consent through signup, account settings, checkout, support forms, or other relevant platform actions.

Mandatory legal consent is required during signup so that users confirm that they have read and agreed to the Terms & Conditions, Privacy Policy, Refund Policy, and Acceptable Use Policy.

Marketing consent is optional, separate from legal consent, and unchecked by default. Users may opt in or opt out from Account Settings where available.

Users may withdraw consent where consent is the basis of processing. Withdrawal may affect access to certain services if the related data is necessary to provide those services.

Necessary communications such as OTPs, invoices, subscription reminders, security notices, and policy update emails cannot be turned off because they are required for service delivery, account safety, billing, or legal compliance.

6. Data Principal Rights

Subject to applicable law and identity verification, users may request to exercise rights available to them as Data Principals under applicable Indian data protection law.

• Access: request a summary of personal data processed by NediQR, where applicable.
• Correction: request correction of inaccurate or incomplete personal data.
• Erasure: request deletion of personal data where continued retention is not required for service, legal, security, tax, audit, dispute, fraud-prevention, or compliance purposes.
• Consent withdrawal: withdraw consent where processing is based on consent.
• Grievance redressal: raise privacy-related complaints through the contact details provided in this policy.
• Nomination: nominate another individual to exercise rights where applicable under law.

NediQR may ask for reasonable information to verify the requester’s identity and ownership of the relevant account or QR-related record before acting on a rights request.

7. Grievance Redressal and Privacy Contact

Users may contact NediQR for privacy questions, data rights requests, consent withdrawal requests, correction requests, deletion requests, or grievances.

Privacy requests should include the user’s registered email address, mobile number where applicable, user ID if available, QR Code ID if relevant, and a clear description of the request.

8. Children and Minor Users

NediQR is intended for business users, professionals, organizations, and individuals who can lawfully use the platform and enter into binding terms.

NediQR does not knowingly target children or knowingly collect children’s personal data for behavioural tracking or targeted advertising.

If a parent, lawful guardian, or authorized person believes that a child’s personal data has been submitted to NediQR without appropriate authority, they may contact us for review and suitable action.

9. QR Code Data, Scan Data, and Analytics

NediQR processes QR-related data to provide dynamic QR functionality, redirection, hosted landing pages, analytics, reporting, abuse control, and support services.

Depending on the user’s plan, QR analytics may include total scans, unique scans, repeat scans, daily trends, device type, browser, operating system, city or country insights, time-of-day insights, referrer details, and related technical metadata.

Unavailable scans from paused, expired, blocked, scheduled inactive, or customer-deleted QR codes may be counted separately as aggregate unavailable scan counts where applicable.

Detailed analytics availability, report downloads, and retention periods depend on the user’s plan, subscription status, and platform retention rules.

10. User-Uploaded Content and Hosted QR Pages

Users are responsible for the content, files, links, contact details, business card details, WhatsApp links, review links, hosted profile pages, and other destination data they create or upload through NediQR.

NediQR may host or display user-provided content through QR landing pages, file landing pages, profile pages, unavailable pages, or other QR-related pages.

NediQR does not generally pre-screen every user QR destination or uploaded content before publication. However, NediQR may review, restrict, block, suspend, remove, or disable access to content where required for security, abuse prevention, legal compliance, platform safety, or policy enforcement.

Users must not upload or link to unlawful, harmful, fraudulent, malicious, misleading, infringing, privacy-invasive, impersonating, adult exploitative, hateful, or security-risk content.

11. Data Sharing and Service Providers

NediQR may share limited data with trusted service providers only where required to operate, secure, bill, support, or improve the platform.

• Payment processors: for subscription payments, renewals, upgrades, Lite purchases, payment verification, and invoice support.
• SMS providers: for OTP and transactional communication where applicable.
• Email providers: for OTP emails, support emails, invoices, reminders, alerts, and policy updates.
• Hosting and storage providers: for website hosting, file storage, database storage, backup, and infrastructure operations.
• Security and analytics tools: for abuse prevention, performance monitoring, error tracking, and security review where applicable.
• Legal or regulatory authorities: where disclosure is required by law, court order, lawful request, compliance duty, dispute, or enforcement requirement.

NediQR does not sell users’ personal data to advertisers.

12. Data Retention, QR Deletion, and Permanent Purge

NediQR retains personal data only for as long as reasonably required for service delivery, account management, QR operation, billing, tax, audit, legal compliance, security, fraud prevention, support, dispute handling, and platform integrity.

When a customer deletes a QR code, the QR is removed from the customer portal immediately and enters an internal 48-hour recovery window. During this period, the QR may be restored by authorized internal support users if the customer requests restoration and ownership is verified.

After the 48-hour recovery window expires, the QR may be permanently purged according to NediQR deletion rules. After permanent purge, the QR cannot be restored, the QR Code ID and short code remain retired, and detailed analytics logs are deleted according to the platform retention model.

Invoices, payment records, audit records, support records, abuse records, and legally required records may be retained for longer periods where required for compliance, accounting, tax, dispute, security, or audit purposes.

13. Security Safeguards

NediQR uses reasonable technical and organizational safeguards to protect personal data and platform data from unauthorized access, misuse, alteration, disclosure, loss, and destruction.

• OTP-based login and verification flows.
• Session validation and role-based access controls.
• Protected routes for private dashboards, internal pages, attachments, and uploaded files.
• Validation of uploaded files, file size, file type, and risky content where possible.
• Internal activity logs for sensitive actions such as restore, purge, block, and support handling.
• Access restrictions for Admin and Sub Admin operational actions.
• Security monitoring and abuse review for suspicious QR activity where applicable.

No online platform can guarantee absolute security, but NediQR aims to apply practical safeguards appropriate to the nature of the data and the platform.

14. Data Breach Response

If NediQR becomes aware of a personal data breach that requires notification under applicable law, NediQR will take reasonable steps to assess the incident, contain the issue, reduce harm, and notify affected users and relevant authorities where legally required.

Notifications may include available information about the nature of the incident, affected data categories, likely consequences, mitigation steps, and recommended user actions, subject to investigation status and legal requirements.

15. Cookies and Similar Technologies

NediQR may use cookies, session storage, local storage, or similar technologies to support login sessions, security, preferences, analytics, performance, and basic website functionality.

Users may manage browser cookie settings through their browser controls, but disabling certain cookies may affect login, session management, dashboard access, and platform functionality.

16. Updates to This Privacy Policy

NediQR may update this Privacy Policy from time to time to reflect changes in law, platform features, data practices, security controls, payment workflows, support processes, or business operations.

Where required, NediQR may notify users through email, account notices, website notices, or other suitable communication channels.

The latest version will be available on this page with the effective date and last updated date.

17. Contact Us

For privacy questions, grievance redressal, consent withdrawal, account data requests, QR-related privacy concerns, abuse concerns, or support requests, users may contact NediQR using the details below.