Privacy Policy

1. Introduction

Premium Box ("we," "us," or "our") operates QRtaap, a review management platform for restaurants. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using QRtaap, you consent to the data practices described in this policy. If you do not agree with our policies, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

When you register for and use QRtaap, we collect:

• Account Information: Email address and password
• Restaurant Information: Restaurant name, logo, and Google review link
• Table Configuration: Number of tables and QR code preferences
• Payment Information: Billing details processed securely through our payment provider

2.2 Customer Feedback Data

When your customers use the QRtaap feedback system, we collect:

• Star rating (1-5)
• Feedback comments (for ratings 1-3)
• Customer name and contact information (if voluntarily provided by the customer)
• Table number associated with the feedback
• Timestamp of submission

2.3 Automatically Collected Information

When you or your customers access QRtaap, we automatically collect:

• Device Information: Browser type, operating system, device type
• Usage Data: Pages visited, features used, time spent on the Service
• IP Address: For security and analytics purposes
• Cookies: Session and preference cookies (see Section 6)

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: To provide, maintain, and improve QRtaap
• Account Management: To manage your account and process payments
• Communication: To send service-related emails, updates, and notifications
• Analytics: To understand how the Service is used and improve user experience
• Security: To detect, prevent, and address technical issues and fraud
• Legal Compliance: To comply with applicable laws and regulations

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers: Third parties that help us operate the Service (hosting, payment processing, email delivery)
• Legal Requirements: When required by law, court order, or governmental authority
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: For any other purpose with your explicit consent

Third-Party Services We Use

• Supabase: Database and authentication services
• Stripe: Payment processing
• Facebook Pixel: Marketing analytics and advertising optimization

5. Facebook Pixel and Advertising

We use Facebook Pixel to:

• Measure the effectiveness of our advertising
• Understand actions people take on our website
• Create custom audiences for targeted advertising
• Optimize our ad delivery

Facebook may use this information to show you relevant ads on Facebook and its partner platforms. You can manage your Facebook ad preferences through your Facebook account settings or opt out of interest-based advertising through the Digital Advertising Alliance at optout.aboutads.info.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Essential Cookies: Required for the Service to function (authentication, security)
• Analytics Cookies: Help us understand how visitors use the Service
• Marketing Cookies: Used to track visitors and display relevant ads

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Service.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specifically:

• Account Data: Retained until you delete your account
• Customer Feedback: Retained as long as your account is active
• Payment Records: Retained as required by tax and financial regulations
• Usage Logs: Retained for up to 12 months

Upon account deletion, we will delete or anonymize your data within 30 days, except where retention is required by law.

8. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

• Encryption of data in transit (HTTPS/TLS)
• Encryption of sensitive data at rest
• Regular security assessments and updates
• Access controls and authentication requirements

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your information.

9. Your Rights (GDPR)

If you are located in the European Economic Area, you have the following rights:

• Access: Request a copy of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Request restriction of processing
• Portability: Receive your data in a portable format
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, contact us at hello@qrtaap.com. We will respond within 30 days.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses approved by the European Commission.

11. Children's Privacy

QRtaap is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on the Service. Your continued use after changes take effect constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us: