Skip to content

Privacy Policy

Effective: March 1, 2026 · Last updated: March 29, 2026

1. Information We Collect

When you create an account on QR Seva, we collect the following information:

  • Account information: Name, email address, phone number, and password (for email-based signups)
  • Google OAuth data: If you sign in via Google, we receive your name, email address, and profile picture from your Google account. We only request basic profile access and do not access your contacts, calendar, or any other Google services.
  • Restaurant information: Restaurant name, description, cuisine type, brand color, address, logo, and menu item details (names, descriptions, prices, images)

We do not collect payment information directly. If payment processing is introduced in the future, it will be handled by a certified third-party payment provider and this policy will be updated accordingly.

2. How We Use Your Information

  • To create and manage your QR Seva account
  • To display your restaurant menu to customers who scan your QR code
  • To send transactional emails: OTP verification codes, password reset links, and account security notifications
  • To communicate important service updates or changes to these terms
  • To improve our service and user experience

We do not send marketing or promotional emails. All emails from QR Seva are transactional and directly related to your account or service operation.

3. Google OAuth Data

When you sign in with Google, we access:

  • Name and email — used to create your account and for login identification
  • Profile picture — displayed in your account settings; you can change or remove it at any time

We store this data in our database to maintain your account. We do not:

  • Access any other Google services or data beyond basic profile information
  • Share your Google data with third parties for advertising or marketing
  • Transfer your Google data to unrelated third parties
  • Use your Google data for purposes beyond providing the QR Seva service

You can revoke QR Seva's access to your Google account at any time via Google Account Permissions.

4. Data Sharing & Third-Party Services

We do not sell your personal information. Your restaurant information (name, menu, etc.) is publicly visible to anyone who accesses your QR code menu link.

We use the following third-party services to operate QR Seva:

  • Google OAuth — for secure sign-in authentication
  • Amazon Web Services (AWS) — for cloud hosting, file storage (S3), and transactional email delivery (SES)
  • Cloudflare — for CDN, DNS, and DDoS protection

These providers only process data as necessary to deliver their services and are bound by their own privacy policies.

5. Data Security

We use industry-standard security measures including encrypted connections (HTTPS), hashed passwords (bcrypt), and secure authentication tokens. Uploaded files are stored securely on AWS S3 and accessible only via their unique URLs. Access to production systems is restricted to authorized personnel only.

6. Data Retention

  • Active accounts: Your data is retained for as long as your account is active.
  • Account deletion: When you delete your account, all personal data, restaurant information, menu items, and uploaded images are permanently deleted from our systems within 30 days.
  • Email logs: Transactional email delivery logs (for troubleshooting bounces and complaints) are retained for up to 90 days, after which they are automatically purged.

7. Cookies

We use essential cookies only for authentication and session management. We do not use third-party tracking cookies, advertising cookies, or analytics cookies.

8. Email Communications

QR Seva sends only transactional emails that are necessary for the operation of your account:

  • OTP verification codes during signup or login
  • Password reset links
  • Account security notifications (e.g., password changes)
  • Critical service announcements

Since these are transactional in nature, they do not include an unsubscribe option. You will stop receiving emails if you delete your account.

9. Anti-Spam & Email Compliance

QR Seva maintains a zero-tolerance spam policy. We are committed to responsible email practices and comply with applicable email regulations including the CAN-SPAM Act (USA), GDPR (EU), and the Information Technology Act, 2000 (India).

Our email compliance measures include:

  • All emails sent are strictly transactional — we do not send marketing, promotional, or bulk emails
  • We validate all recipient email addresses before sending (syntax, MX records, disposable domain detection)
  • We maintain an automated bounce and complaint handling system via Amazon SES and SNS
  • Hard bounces result in immediate suppression of the recipient address
  • Soft bounces are tracked and suppressed after repeated failures
  • Spam complaints trigger immediate suppression of the complainant's address
  • We maintain a suppression list to prevent sending to addresses that have bounced or filed complaints
  • We enforce per-recipient rate limits to prevent excessive email delivery

To report abuse or unwanted emails from QR Seva, contact us at abuse@qrseva.com.

10. Your Rights

  • Access: You can view all your account and restaurant data from the Settings page.
  • Update: You can edit your profile, restaurant details, and menu items at any time.
  • Delete: You can delete your account from the Settings page. This permanently removes all associated data.
  • Export: To request an export of your data, contact us at the email below.

11. Children's Privacy

QR Seva is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this privacy policy from time to time. If we make significant changes, we will notify you via email or an in-app notification. Continued use of the service after changes constitutes acceptance of the updated policy.

13. Contact

QR Seva is a product of VD Cottage LLP, registered in India.