SkipQR — App Privacy & Data Safety

App privacy summary (for Google Play)

• Data collected: account data (name, email, phone), store data (store name, contact, logos), order data (items, totals, timestamps, table/QR IDs), and basic device/technical data (IP, device type, OS, app version, server logs).
• Data sharing: No — not sold or shared for third-party marketing.
• Security: encrypted in transit (HTTPS).
• Deletion: request account/data deletion via in-app or support@skipqr.com.
• Purpose: app functionality (auth, orders, reporting), account management, fraud prevention/security, legal compliance.
• Payments: physical goods/services only; processed externally (e.g., Billplz). No card data stored by us.
• SDKs: Firebase Auth/Firestore/Storage only. No Firebase Analytics, Crashlytics, or FCM.

Permissions used

• Camera (optional): scan QR codes for table/ordering.
• Internet: connect to backend and Firebase.
• Vibration (optional): order-ready alerts (if enabled).

Privacy Policy

Welcome to SkipQR. We respect your privacy and are committed to protecting it. This policy explains what data we collect, how we use it, and your choices. It applies to our apps and sites including app.skipqr.com and skipqr.com.

Who we are (Data Controller)

Arasys eCommerce Network — Malaysia
Contact: support@skipqr.com

What we collect

• Account data: name, email, phone, password hash (never plain text), role (e.g., store admin, staff).
• Business/store data: store name, region/address label, phone, logo/banner images, subscription status.
• Order data: items, amounts, timestamps, table/QR identifiers, status history (received/ready/complete), optional notes.
• Device & technical data: IP address, device/OS, app version, and basic server/application logs for security and troubleshooting.
• Support messages and information you submit via forms.
• Payments: for physical goods/services, payments are handled by your chosen provider (e.g., Billplz). We do not process or store card numbers. We may receive payment status and references for reconciliation.

How we collect it

• Directly from you when you register, configure a store, place/fulfil orders, or contact support.
• Automatically via the app and backend (security logs, basic diagnostics).
• From third parties you connect, e.g., payment processors sending payment status webhooks.

How we use your data

• Provide and maintain the Services (authentication, order routing, notifications, reporting).
• Secure the platform (fraud prevention, abuse detection, incident response).
• Comply with legal obligations (tax/audit bookkeeping, record retention).
• Improve reliability and performance (troubleshooting based on error logs).
• [Optional] Send essential service communications; you may opt out of non-essential emails.

Legal bases (GDPR/UK GDPR)

• Contract: to deliver the Services you request.
• Legitimate interests: to secure and improve the Services.
• Legal obligation: for financial reporting and compliance.
• Consent: where required (e.g., certain communications). You can withdraw consent at any time.

Processors & third parties

We use vendors who process data on our behalf according to our instructions:

• Google Firebase — Authentication, Firestore, Storage (identity, database, media storage hosting).
• Billplz (or your chosen provider) — processes payments for physical goods/services and returns payment status. We do not receive or store card numbers.
• [Optional integrations you enable later, e.g., email/SMS providers; we’ll update this policy if that changes.]

We do not sell personal data and do not share data with third parties for their independent marketing.

International transfers

Your data may be stored or processed in data centres outside your country (including regions operated by Google Cloud/Firebase). Where required, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) for cross-border transfers.

Retention

• Account & store data: retained while the account is active and up to 24 months after closure, unless law requires longer.
• Order & financial records: up to 7 years (typical statutory requirements).
• Logs: typically 12 months, unless required longer for security or legal purposes.

Security

We use industry-standard safeguards including encryption in transit (HTTPS), access controls, least-privilege policies, and backups. No method of transmission or storage is 100% secure; we work continuously to protect your data.

Your rights

• Malaysia PDPA / GDPR/UK GDPR: request access, correction, deletion, restriction, portability, or object to processing (where applicable). You may also withdraw consent for non-essential processing.
• California (CCPA/CPRA): request to know, access, correct, and delete personal information; we do not “sell” or “share” personal information as defined by California law.

To exercise rights, contact support@skipqr.com. We may verify your identity before responding.

Children

SkipQR is intended for businesses and their staff. It is not directed to children under 13 (or under 16 in the EU/UK). We do not knowingly collect personal data from children.

Cookies & local storage

We use cookies/local storage for essential functions such as authentication sessions, language preferences, and security. We do not use Firebase Analytics, Crashlytics, or push notifications (FCM). If we enable additional SDKs or analytics in the future, we will update this policy.

Account deletion

You can request account deletion via the app (Settings → Account → Delete) or by emailing support@skipqr.com. Deletion removes your profile and store assets from active systems; certain order/financial records may be retained as required by law.

Changes to this policy

We may update this policy to reflect changes in our practices or legal requirements. We will post updates here and indicate the “Last updated” date. Material changes may also be communicated in-app or by email.

Contact us

If you have questions about this policy or your data, contact support@skipqr.com.

This document is provided for transparency and does not constitute legal advice.