The Privacy Policy of Trycon Technologies Private Limited (QR API) has been updated on May 23, 2018.
NON-LEGALESE, SIMPLE ENGLISH PRIVACY POLICY
- Trycon Technologies (QR API) is fully-committed to protect the personal data of its customers and customer’s end-users
- From its customers, the company collects both personal information (email address, billing information, payment information, etc.) and non-personal information (browsing data, etc.). This information is solely used by the company or authorized third-party applications to serve the customers. This data is never used for unauthorized commercial gains in any way
- To use QR API, the customer will share both personal information (e.g. contact information for Vcard QR Codes, map coordinates for Google Maps QR Code, etc.) and non-personal information (e.g., serial code for Simple Text QR Code). This information will be available to customers only (in the form of QR Codes) and they have the responsibility to make the data public (via QR Code-based use cases) only if they own the data or have authorization to use the data
- From the end users (people who scan the QR Codes deployed by the customers), the company does NOT collect any personal information or non-personal information as all QR Codes are ‘Static’ and not connected to QR API in any way
- The company shares both personal and non-personal information with third-party applications and service providers only after ensuring that they employ the best practices in data security, privacy policies, and regulatory compliance
- The company employs the best-in-class data security strategies to ensure the protection of customers’ and end-users’ data. However, in cases of breaches, the company will inform the regulatory authorities and affected customers within 72 hours
- The company will retain the customers’ and end-users’ data for a maximum period of 26 months after the customer ceases to use the company’s applications. However, the customer will always have the right to either download all data or request permanent deletion
LEGAL PRIVACY POLICY
1. INTRODUCTION
This Privacy Policy of Trycon Technologies Private Limited (hereafter referred to as ‘Company’) describes the privacy practices of the company explaining when and how Trycon Technologies collects “customer” (users who subscribe to QR API) information, how we use such information, and the circumstances under which we may disclose such information to third-party businesses, institutions, or personnel.
This Privacy Policy includes the policies that Trycon Technologies observes for compliance with laws in the State of Uttar Pradesh, India and international laws such as the GDPR, European Union. The privacy of our customers and end-users is of paramount importance to the company and applies to all products and services offered by Trycon Technologies.
2. DATA COLLECTION, PROCESSING & PURPOSE
During the lifecycle of using its products and services, the company collects both Personally Identifiable Information (PII) and non-Personally Identifiable Information either directly or via a third-party application or service.
As part of the company’s commitment to be transparent to its customers and end-users, we are sharing details on what data points are collected, at what stage, and for what purpose:
2.1 CUSTOMER DATA
This section outlines the data collected on the customers of the company i.e. the users who subscribe to QR API via any of the subscription plans—free or paid.
2.1.1 Website/App Browsing (Without Login)
- Browsing/Events Tracking: If you are browsing the web pages of our website, we gather non-personally identifiable information—such as web request, Internet Protocol address, browser type, browser language, the date and time of your request, browser user agent, one or more cookies that may uniquely identify your browser, referring URL/domain, activity time, and clicking activity. All such data collected is processed at an aggregate level and can never be tied to an individual.
Purpose: This data is sent to the following tracking tools—Google Analytics, Mixpanel, and Mouseflow—to generate aggregate-level insights on customer behavior. These insights allow our product team to optimize the journey and experience of our customers. Given below are important links to these third-party applications:
- Google Analytics: Privacy Policy | GDPR Compliance
- Mouseflow: Privacy Policy | GDPR Compliance
1. Query Email: If you have a question related to QR API or your requirements, you can send us an email using the ‘Let’s Connect’ option on the QR API homepage. The data points that are collected are—Name, Email Address, Subject, and Message (Query)
Purpose: We require your name to personalize the conversation, email address to reach out to you with a response, and subject and message to understand your query thoroughly. This data is shared via email to authorized in-house customer support personnel only.
2. Query Chat: If you have a question related to our product or services, you can reach out to us via the chat box option. To use the chat box, we collect the following data—Name and Email Address
Purpose: The name is used to personalize the chat conversation and email address is used for any follow-up responses. The chatbox and data are managed by third-party applications—Intercom/Zendesk. The data collected by these applications is used to serve our customer queries only and are never shared for any commercial gains. Given below are important links to these third-party applications:
- Intercom: Privacy Policy | GDPR Compliance
- Zendesk: Privacy Policy | GDPR Compliance
2.1.2 Registration
As part of registration of an account (free or paid) with QR API, the following data is collected and stored (Data Security tip: As per GDPR compliance guideline, all stored and transferred data is first encrypted):
- Valid Email Address (Data Security Tip: The company has employed security measures to ensure that only customers with valid email addresses can create an account. These security measures filter out low-quality email addresses from real users, keeping the overall health of the application high)
- Purpose: A valid email address serves both as a Unique Username/Identifier as well as a point-of-contact to reach the customer for transactional notifications (e.g., introduction to dedicated support contact, account expiry alert, purchase confirmation, feature launch, feedback, activity reports, etc.)
- Password (in case of Signup by Email)
- Purpose: In case of signup by email method, we use the password (generated by the customer) to authorize access to the customer account and its data. The company or its employees will never ask for your password in an unsolicited phone call or email. However, you are responsible for maintaining the secrecy of your password and account information
- Google Authorization (in case of Signup by Google)
- Purpose: In case of signup by social login method (Google), we will require authorization from a valid and logged in account of Google. Note that in case of Google authorization, we only receive the following data—Name, User ID, and Email Address
2.1.3 User Profile
As part of your account registration (free or paid) with QR API, we ‘optionally’ request the following date that is collected and stored (Data Security tip: As per GDPR compliance guideline, all stored and transferred data is first encrypted):
- Full Name
- Purpose: If the user chooses to enter his/her full name, this will help us personalize the conversation between the user and customer relations executives. This information is never shared for commercial gains
- Title/Designation
- Purpose: If the user chooses to enter his/her job title/designation, we will use this information for future marketing research and make optimizations to the product to better assist the users
- Company Name
- Purpose: If the user chooses to enter his/her company name, we will use this information for future marketing research and make optimizations to the product to better assist the users
- Industry
- Purpose: If the user chooses to enter his/her industry, we will use this information for future marketing research and make optimizations to the product to better assist the users
2.1.4 Purchase of Subscription Plan
When you upgrade from QR API’s free trial to one of the premium plans—Starter, Advanced, or Pro —you will be required to provide billing and payment information to complete the transaction:
1. Billing Information: Full Name, Billing Address (including city, country, and zip/postal code), and Tax ID (VAT/GSTN). Our payment gateway might request for additional information such as email address and phone number
Purpose: The billing information is required for the following purposes:
- To generate an official invoice complete with billing name and address as required by law
- To email the customer the invoice/sale receipt
- To maintain sales records in case of any dispute (subscription cancellation, refund, etc.)
- To aggregate data and generate internal reports for management, investors, and shareholders (e.g., monthly sales report, annual report, tax filing, etc.). As the company is a Private Limited, these reports are shared either privately with authorized personnel (management, investors, shareholders) or with regulatory authorities only
- To add the company logo on our website under “Our Customers” section if the company email address (i.e. with the domain name of the company) of the customer is used
2. Payment Information: Credit/Debit Card Number, Expiration Date, CVV Code
Purpose: The payment information is required to authorize a transaction with your bank/credit card account.
Note that QR API only receives an email copy of the invoice generated but never stores the payment information. Both billing and payment information is collected, managed, and stored by our payment gateway provider—Stripe.
Note that ‘Recurring Payment or Auto-renewal’ option remains active by default but the customer is given the option to cancel recurring payment immediately after payment and/or anytime via the application dashboard. If the recurring payment option is enabled, Stripe will continue to store the payment information in a secure way and automatically process the payments at the renewal of the period defined by the customer—monthly or annually. When the user cancels recurring payment (either immediately after payment or anytime later via the dashboard), the payment information is deleted forever by Stripe.
Given below are important links to the third-party application:
- Stripe: Privacy Policy | GDPR Compliance | Security
2.2 DATA SHARED BY CUSTOMER DURING QR CODE MANAGEMENT
When customers use QR API, they can design and generate QR Codes. To generate these content pieces customers enter data in various fields. This section outlines how QR API stores and processes this data.
2.2.1 QR Code Generation
Using QR API, it is possible to generate 8 types of QR Codes. To generate each of these QR Codes, customers are required to enter data for very specific fields. The open-ended nature of the content of the QR Codes means that the customer can add both PII and non-PII information for each category.
Given below is the exhaustive list of QR Codes with the required data points:
- GET/qrcode/URL: URL, Logo
- GET/qrcode/text: Text
- GET/qrcode/Vcard: Name, Title/Designation, Company Name, Email Address, Phone Number, Website, Street Address, City, Zip/Postal Code, Country
- GET/qrcode/googlemaps: Latitude, Longitude
- GET/qrcode/phonecall: Phone number
- GET/qrcode/email: Email Address
- GET/qrcode/SMS: Recipient Phone Number, Message
Purpose: In each of the cases above, the purpose of data collection is to allow the customer to share this information with end-users. No unnecessary datapoint is collected and in most cases, customers have the option to choose only the data points they need to share.
In most cases, QR Codes are made public. This means that the content of the QR Code (PII or non-PII) is visible to all end-users who scan the QR Code.
It is the responsibility of the customer to ensure that:
- The content encoded into the QR Code is owned by the customer OR
- The customer has the required authorization/consent to use the content encoded into the QR Code
QR API stores and transfers this content (in the form of API request logs) in encrypted format via its online databases to ensure maximum security of the data. QR API’s databases are managed by third-party applications—Amazon Web Services and Digital Ocean. Given below are important links to the third-party applications:
- Amazon Web Services (AWS): Privacy Policy | GDPR Compliance
- Digital Ocean: Privacy Policy | GDPR Compliance
2.2.2 QR Code Designing
At the time of making API requests (request to generate the QR Codes), customers also have the option to design the QR Codes. In the QR Code design parameters, users can add logo images and background images. These images can have PII or non-PII information.
Purpose: The feature allows users to personalize the design of the QR Codes. We store this information in the form of API request logs.
2.3 END-USER DATA
QR API does not and cannot collect any information from end-users (people who scan QR Codes generated by customers using QR API). All QR Codes generated using QR API are ‘static’ in nature, which means that information is encoded directly into the QR Code. When the QR Codes are scanned, the end-users can view this encoded information but as there is no link with QR API, QR API cannot collect or review any information from end-users.
3. DISCLOSURE OF INFORMATION TO THIRD PARTIES
We may share with third parties certain pieces of aggregated, non-personal information (e.g., browsing analytics with Google Analytics), and personal information (e.g., email address with Zendesk, our customer support tool).
In all cases, we will ensure that the third party:
- Has good reputation and trustworthy customers
- Has an approachable and responsive support team
- Has robust privacy policies that aim at data protection and security
- Has taken adequate measures to be GDPR compliant
Further, we restrict access to personal information to employees, contractors, and agents who need to know that information in order to operate, develop, or improve our services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
4. DATA SECURITY
The company has implemented best-in-class security protocols to protect customer’s data. This data is maintained on the company servers from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.
Examples of these security mechanisms include:
- Encryption of rest data with AES256 and transit data with SSL (HTTPS)
- Staff access to data on a need basis only (e.g. ticket raised by customer, etc.)
- Staff access to third-party apps via multi-factor authentication only
However, please keep in mind that no security system is impenetrable. It may be possible for third parties to intercept or access the company’s customer data or end-user’s data in spite of these measures.
In case of data breaches, the company will inform the regulatory authorities and affected customers within 72 hours, as per GDPR guidelines.
However, the company cannot guarantee complete security of your information and cannot be held responsible for unauthorized access to customer accounts. It is the responsibility of the customer to ensure that the account email address and password are not shared with any unauthorized personnel.
5. DATA RETENTION, PORTABILITY & DELETION
As per the company’s privacy policies, we will store all data (from Section 2) of non-subscribing customers (non-paying users of our product and services) and their end-users for a maximum period of 26 months from the last date of subscription.
Purpose: The data will be retained to allow customers to reinstate their account and creations (e.g. QR Codes, mobile landing pages, etc.) within this period. However, the customer will have the right to:
- Request the download of all data at any time
- Request the deletion of all data at any time
6. CHANGES TO THIS PRIVACY POLICY
The company retains the discretion to amend or modify this Privacy Policy from time to time. If we make material changes to the way we collect, use or disclose Personally Identifiable Information, we will notify you by posting a clear and prominent announcement on QR API Website/Application or through a direct communication to your QR API account.
7. CONTACT INFORMATION
To keep your personal data accurate, current, and complete, please contact us as specified below:
Name: Gautam Garg
Address: Trycon Technologies Private Limited
2, Rail Vihar
Sector 33
Noida, Uttar Pradesh
India 201301
Email: privacy@scanova.io
Phone: +1-855-440-7400 | +91-8800855812
The terms and conditions along with privacy policies with all references constitutes the sole and entire agreement of the parties to this agreement with respect to the subject matter contained herein and supersedes all prior terms and conditions which were agreed by the Customer.