Privacy Policy

Effective Date: May 24, 2026

Company: TrustQR Ltd

info@trustqr.org

1. Introduction

TrustQR respects your privacy and is committed to protecting personal information. This Privacy Policy explains how TrustQR collects, uses, stores, shares, and protects information when you visit our website, contact us, create an account, use our dashboard, scan a TrustQR code, or use our product verification and anti-counterfeit services.

TrustQR is an anti-counterfeit SaaS platform that helps brands verify product authenticity using unique QR codes, duplicate scan detection, expiry validation, location-based verification, IP-based scan analysis, and real-time scan analytics.

By using TrustQR, you agree to the practices described in this Privacy Policy.

2. Who We Are

TrustQR provides QR-based product verification, product authentication, brand protection, scan analytics, and anti-counterfeit technology for manufacturers, distributors, and brand owners.

For privacy-related questions, contact us at info@trustqr.org.

3. Scope of This Privacy Policy

This Privacy Policy applies to:

Visitors to the TrustQR website

Customers who use the TrustQR dashboard

Brand owners, manufacturers, distributors, and business users

End users who scan a TrustQR code to verify a product

People who contact us by email, phone, website form, or social media

This Privacy Policy does not apply to third-party websites, apps, platforms, or services that TrustQR does not control.

4. Our Role: Controller and Processor

Depending on how TrustQR is used, we may act as either a data controller or a data processor.

When you visit our website, contact us, create a TrustQR account, or interact directly with TrustQR, TrustQR may act as the data controller because we decide how and why that information is processed.

When a business customer uploads product data, generates QR codes, manages batches, or views scan analytics, TrustQR may act as a data processor on behalf of that customer. In that case, the customer is usually the data controller, and TrustQR processes data according to the customer’s instructions and applicable service terms.

When an end user scans a QR code connected to a product, TrustQR may collect scan and verification data to provide authentication, fraud prevention, duplicate scan detection, expiry validation, and brand protection services.

5. Information We Collect

We may collect the following categories of information.

Website Visitor Information

When you visit our website, we may collect:

IP address

Browser type

Device type

Operating system

Pages visited

Referring website

Date and time of visit

Approximate location based on IP address

Cookie and analytics information

Contact and Business Information

When you contact us or request information, we may collect:

Name

Company name

Job title

Email address

Phone number

Country or region

Message content

Communication history

Account and Dashboard Information

When a business customer uses TrustQR, we may collect:

User name

Business email

Company information

Login credentials

Role and permission settings

Dashboard activity logs

Subscription or billing-related information

Support requests

Product and QR Code Information

To provide product verification services, we may process:

Product names

Product batches

Product categories

Manufacturing dates

Expiry dates

QR code identifiers

Product verification status

Campaign or batch data

Scan history

Duplicate scan signals

Suspicious scan indicators

Scan, IP Address, Location, and Verification Information

When an end user scans a TrustQR code to verify a product, TrustQR may collect and process scan-related information, including:

QR code ID

Product or batch identifier

Scan date and time

Verification result

Number of previous scans

Duplicate scan indicators

Suspicious scan indicators

Device type

Browser type

Operating system

IP address

Approximate location derived from IP address

Precise device location, such as GPS coordinates, only when the user grants location permission through the browser or device

Precise device location is used to improve product verification, detect suspicious scan patterns, identify possible counterfeit activity, support duplicate scan detection, and help the relevant product manufacturer, distributor, or brand owner protect customers and products.

If a user does not grant location permission, TrustQR may still process the scan using other available information, such as QR code ID, scan time, IP address, device information, approximate IP-based location, and verification history.

Payment Information

If payments are processed through a third-party payment provider, TrustQR may receive limited billing information such as plan status, payment confirmation, invoice details, and customer billing contact information. We do not intentionally store full payment card numbers unless required by a payment provider or authorized billing system.

6. How We Use Information

We use information for the following purposes:

To provide TrustQR services

To generate and manage unique QR codes

To verify product authenticity

To detect duplicate scans and suspicious activity

To validate expiry status

To identify unusual scan locations or repeated scans

To provide dashboard analytics

To create and manage customer accounts

To respond to inquiries and support requests

To improve website and product performance

To secure our platform

To prevent abuse, fraud, and unauthorized access

To send service-related communications

To manage billing, subscriptions, and customer relationships

To comply with legal obligations

To improve TrustQR’s anti-counterfeit and verification technology

7. Legal Bases for Processing

Where applicable, we process personal information based on one or more of the following legal bases:

Performance of a contract

Consent

Legitimate business interests

Compliance with legal obligations

Protection of rights, security, and fraud prevention

For precise device location, TrustQR relies on user consent when the user grants location permission through the browser or device. Users may deny location access, and product verification may still continue using other available scan information where technically possible.

For IP address, scan logs, duplicate scan detection, fraud prevention, platform security, and product verification, TrustQR may rely on performance of services, legitimate business interests, fraud prevention, security, or other applicable legal bases depending on the user’s location and applicable law.

8. Cookies and Tracking Technologies

TrustQR may use cookies and similar technologies to:

Keep the website functional

Remember user preferences

Improve website performance

Understand traffic and usage

Protect against abuse

Support analytics and marketing measurement

You can control cookies through your browser settings. Some features may not work properly if cookies are disabled.

9. Analytics

We may use analytics tools to understand how visitors use our website and how customers interact with the platform. Analytics data helps us improve usability, performance, security, and content.

Analytics information may include pages visited, device information, browser type, approximate location, and user interactions.

10. How We Share Information

We do not sell personal information.

We may share information with:

Hosting providers

Cloud infrastructure providers

Payment processors

Email and communication providers

Analytics providers

Security and fraud prevention providers

Professional advisors

Government authorities if legally required

Business customers when scan data relates to their products

We may share scan and verification information with the relevant product manufacturer, distributor, or brand owner whose product is being verified. This may include QR code ID, product or batch information, scan time, verification result, duplicate scan indicators, suspicious scan signals, IP address, approximate location, and precise device location if the user granted location permission.

This information is shared to help the manufacturer, distributor, or brand owner verify authenticity, detect counterfeit risk, investigate suspicious activity, improve product security, and protect customers.

TrustQR does not sell end user personal information.

11. Business Customer Data

Business customers are responsible for ensuring that product, batch, customer, and verification data uploaded to TrustQR is lawful, accurate, and authorized.

TrustQR processes business customer data to provide product verification, QR code generation, scan analytics, fraud detection, and related services.

TrustQR does not claim ownership of customer product data.

12. End User Scan Data

When an end user scans a TrustQR code, the scan may be recorded to verify product authenticity and detect suspicious activity.

TrustQR may process scan data such as QR code ID, scan time, IP address, device information, approximate location, precise device location if permission is granted, verification status, duplicate scan history, and suspicious scan indicators.

This data may be made available to the relevant product manufacturer, distributor, or brand owner through the TrustQR dashboard or reports. The purpose is to help the brand detect possible counterfeit products, identify unusual scan activity, validate expiry status, investigate repeated scans, and improve customer protection.

End users are not required to provide precise device location unless they choose to grant permission. If location permission is denied, TrustQR may still provide product verification using other available scan information.

13. Data Retention

We retain information only as long as necessary for the purposes described in this Privacy Policy, including:

Providing services

Maintaining accounts

Supporting customers

Keeping business records

Detecting fraud or abuse

Complying with legal obligations

Resolving disputes

Scan data, including QR code ID, scan time, IP address, approximate location, precise device location where permission was granted, verification results, and suspicious scan indicators, may be retained for as long as reasonably necessary to provide product verification, anti-counterfeit analytics, fraud investigation, audit history, customer reporting, and legal compliance.

Where possible, TrustQR may anonymize, aggregate, or minimize scan data when detailed personal information is no longer required.

When information is no longer needed, we may delete, anonymize, or securely archive it.

14. Data Security

TrustQR uses reasonable technical and organizational measures to protect information against unauthorized access, loss, misuse, alteration, or disclosure.

These measures may include:

Access controls

Password protection

Encryption where appropriate

Secure hosting

Audit logs

Role-based permissions

Monitoring and security reviews

No system is completely secure, and we cannot guarantee absolute security.

15. International Data Transfers

TrustQR may process and store information in different countries depending on our hosting, infrastructure, service providers, customer location, and operational needs.

Where required, we take appropriate steps to protect personal information when it is transferred internationally.

16. Your Privacy Rights

Depending on your location and applicable law, you may have rights to:

Access your personal information

Correct inaccurate information

Delete your information

Object to certain processing

Restrict processing

Request data portability

Withdraw consent where processing is based on consent

Request information about how your data is used

Opt out of certain types of data sharing or marketing

To exercise privacy rights, contact us at info@trustqr.org.

We may need to verify your identity before responding to your request.

17. Marketing Communications

If you choose to receive marketing communications from TrustQR, we may send updates about our products, services, content, or offers.

You can unsubscribe from marketing emails at any time. Service-related messages, such as account, security, billing, or product verification notices, may still be sent when necessary.

18. Children’s Privacy

TrustQR is designed for business and product verification use. Our services are not intended for children under the age required by applicable law.

We do not knowingly collect personal information from children. If you believe a child has provided personal information to TrustQR, contact us at info@trustqr.org.

19. Third-Party Links

Our website may contain links to third-party websites, social media pages, or external services. We are not responsible for the privacy practices, security, or content of third-party websites.

You should review the privacy policies of third-party services before using them.

20. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we update it, we will revise the effective date at the top of the page.

Continued use of TrustQR after changes means you accept the updated Privacy Policy.

21. Contact Us

For privacy questions, data requests, or concerns, contact TrustQR at info@trustqr.org.