Privacy Policy

uLinkQR ("we", "us", "our") is a QR-based lost-and-found alert service operated by [YOUR LEGAL ENTITY NAME], registered office at [FULL ADDRESS, CITY, STATE, PIN — INDIA].

Privacy contact: privacy@ulinkqr.com

• Phone number — OTP login and push delivery only. Stored encrypted. Never exposed in API responses.
• First name — Shown to the person who scans your tag.
• Tag details — Category, tag ID, optional description.
• Alert data — Timestamp, message from reporter, location text (if typed).
• Device token — FCM push token. OS type for compatibility.
• Anonymised usage data — Feature interactions to improve the service.

• Send instant push notifications when your QR is scanned
• Enable masked calling between owner and reporter
• Manage your account and subscription status
• Send service updates (not marketing unless you opt in)
• Detect fraud, spam, and platform abuse
• Meet legal obligations under IT Act 2000 and DPDP Act 2023

Any breach of this is treated as a critical security incident subject to immediate remediation and CERT-In disclosure.

Processed via PhonePe Payment Gateway (PhonePe Private Limited, RBI-regulated). When you pay:

• You're redirected to PhonePe's secure page or UPI app
• We receive only: transaction ID + success/failure. Never your card, UPI ID, or bank details.
• PhonePe's privacy policy governs their data handling
• We store: plan type, start date, transaction reference — for billing and support

We do not sell, rent, or trade your data. We share only with:

• PhonePe — payment processing
• Firebase/Google — push notifications (FCM) and OTP
• Cloud host — servers in India / compliant regions
• Law enforcement — only on valid court order under IT Act Section 69

• Active accounts — retained while account is active
• Alert history — 90 days, then permanently deleted
• Deleted accounts — all personal data erased within 30 days
• Payment records — 7 years (Indian GST/tax law)

• AES-256 encryption at rest, TLS 1.3 in transit
• OTP-only login — no passwords stored
• Rate limiting on all scan endpoints
• Regular security audits and penetration testing
• Breach disclosure within 72 hours per CERT-In mandate

• Access — Request a copy of your data
• Correction — Fix inaccurate data
• Erasure — Delete your account and all personal data
• Grievance — Complain to our Grievance Officer
• Nomination — Appoint someone to act on your behalf

To exercise rights: privacy@ulinkqr.com or use Settings → Delete Account. We respond within 30 days.

• Session cookie — keeps you logged in (essential)
• Analytics — anonymised usage only, no cross-site tracking, no ad networks

uLinkQR is not for users under 18. If a minor has registered, email privacy@ulinkqr.com and we'll delete the account within 48 hours.

Material changes notified via push/email at least 14 days before taking effect. Continued use = acceptance.

• Privacy: privacy@ulinkqr.com
• Grievance Officer: grievance@ulinkqr.com
• Post: [Company Name, Full Address, India]
• Response time: 30 days for all requests