Last updated: 25 June 2026
1. Who this policy applies to
This privacy policy applies to people who visit QRitique, business account holders, team members using a business dashboard, and customers who scan a QR code, submit a critique, verify an email address, or receive a voucher.
QRitique provides tools that help businesses collect verified customer critiques and issue discount vouchers. When a customer submits feedback for a business, that business receives the critique and related customer details so it can review feedback and manage rewards.
2. Information we collect
We collect information that is necessary to operate the service, verify critiques, manage accounts, and prevent misuse.
- Business account information: business name, category, address, phone number, email address, website, profile images, subscription status, login details, and account activity.
- Billing information: subscription plan, billing status, Stripe customer and subscription identifiers, payment events, receipt status, and related account notices. Full card details are handled by Stripe and are not stored by QRitique.
- Customer critique information: customer name, email address, optional phone number, rating, critique message, submission date, verification status, and the business the critique relates to.
- Voucher information: voucher code, QR code token, issuing business, linked critique, expiry date, redeemed status, archived status, and email notification status.
- QR and usage information: QR scan counts, last scanned time, pages viewed, search terms, device/browser information, IP address, and basic server logs.
- Support information: messages or information you send to us when requesting help.
3. How we use information
We use personal information for the following purposes:
- to create, secure, and manage business accounts;
- to display business profiles and QR codes;
- to accept customer critiques and link them to the correct business;
- to verify customer email addresses before accepting a critique;
- to generate, send, track, redeem, archive, and expire vouchers;
- to show businesses dashboard analytics such as critique totals, voucher activity, and QR scan counts;
- to send service emails, including verification links, voucher emails, reminders, expiry notices, and account messages;
- to prevent spam, fraud, abuse, unauthorised access, and misuse of vouchers;
- to maintain, debug, secure, and improve the website.
4. Lawful bases
Where data protection law applies, we rely on different lawful bases depending on the purpose. These may include:
- Contract: to provide business account features, subscriptions, dashboards, QR codes, and voucher tools.
- Legitimate interests: to operate QRitique, verify genuine critiques, prevent abuse, maintain service security, improve the product, and help businesses understand customer feedback.
- Consent: where a user actively chooses to submit optional information or where consent is required for a particular communication or technology.
- Legal obligation: where we need to keep or disclose information to comply with applicable law.
5. Who can see information
Customer critique details are made available to the business connected to the QR code or public critique form. Business account users can see their own dashboard information, including critiques, customers, and vouchers for their business.
We do not sell personal information. We may share information with trusted service providers who help us host, secure, email, analyse, process payments, or support QRitique. These providers may only use information to provide services to QRitique and must protect it appropriately.
We may also disclose information if required by law, to protect our rights, to investigate misuse, or to protect users, businesses, or the public.
6. Email communication
QRitique sends operational emails that are part of the service. These include critique verification emails, voucher issue emails, voucher reminders, voucher expiry or cancellation emails, password or account messages, and important service notices.
Businesses may use customer information received through QRitique to respond to feedback or honour a voucher. Businesses are responsible for using that information lawfully and respectfully.
7. Cookies and similar technologies
QRitique may use essential cookies for security, sessions, login state, CSRF protection, and remembering intended pages. We may also use limited analytics or log data to understand traffic, diagnose errors, and improve performance. If non-essential cookies are introduced, we will update this policy and provide any consent controls required by law.
8. Data retention
We keep information only for as long as it is needed for the purposes described in this policy, including account management, critique history, voucher redemption records, fraud prevention, legal compliance, and business reporting.
- Pending critique verification records may be kept long enough to verify, resend, expire, or investigate the submission.
- Accepted critiques, customers, and voucher records may be kept while the relevant business account remains active or while needed for audit, support, security, or legal reasons.
- Server logs and technical records are generally kept for shorter operational periods unless needed for security or investigation.
9. Security
We use reasonable technical and organisational measures to protect information, including validation, CSRF protection, authenticated dashboard access, access checks for business-owned records, secure tokens for verification and vouchers, and escaped output in the website interface.
No online service can be guaranteed to be completely secure. Users should keep account credentials confidential and tell us promptly if they believe an account or voucher has been misused.
10. Your rights and choices
Depending on where you are located, you may have rights to request access to, correction of, deletion of, restriction of, or a copy of your personal information. You may also have the right to object to certain processing or withdraw consent where consent is the lawful basis.
Customers can contact the business they submitted feedback to, or contact QRitique, to ask about critique or voucher information. Business users can update business profile information in the dashboard.
11. International processing
Some service providers may process information outside your country. Where this happens, we aim to use appropriate safeguards required by applicable data protection law.
12. Changes to this policy
We may update this policy as QRitique changes or legal requirements develop. The updated version will be posted on this page with a new last updated date.
13. Contact
Questions about privacy, data rights, or this policy can be sent through the support ticket page.
If you are unhappy with how your information is handled, you may also have the right to complain to your local data protection authority.