Privacy Policy

This Privacy Policy explains how Qurbo Pte. Ltd. ("Qurbo," "we," "us") collects, uses, and shares information when you use our websites and services.

Who we are

Company: Qurbo Pte. Ltd.

Address: 68 Circular Road, #02-01, 049422, Singapore

Support email: care@qurbo.ai

What data we collect

We collect information in three main ways: (1) information you provide, (2) information collected automatically, and (3) information from third parties.

Information you provide

• Account information: such as your email address and account identifiers.
• Workspace information: such as workspace names and settings.
• QR and redirect configuration: such as QR names/labels, slugs, destination URLs, and redirect settings you choose.
• Images and assets you upload: Qurbo lets you upload images used to generate QR codes. We store uploaded images and generated QR assets to provide the Service.
• Support communications: when you contact us, we collect the information you share (for example, emails and attachments).

Information we collect automatically

Depending on what part of the Service you use, we may collect:

• Usage data on marketing and app surfaces (www.qurbo.ai, app.qurbo.ai): such as pages viewed, feature usage, button clicks, and approximate timestamps.
• Device and browser information: such as browser type, device type, operating system, language, and similar technical signals.
• Log and diagnostic data: such as request timestamps, errors, and performance information.

Redirect/scan analytics (privacy-safe by design)

When someone scans a QR code or clicks a short link that routes through Qurbo, we may record analytics events to help you understand performance and to protect the Service from abuse. For redirect analytics, we aim to minimize personal data:

• We do not store raw IP addresses in redirect analytics. We may store a hashed version for approximate unique counting and abuse prevention.
• We aim not to store full destination URLs in redirect analytics events (we associate events to a QR/link identifier instead).

Information from third parties

We receive information from vendors that help us provide the Service:

• Authentication (WorkOS/AuthKit): identity and session-related information needed to sign you in and secure accounts.
• Billing (Stripe): if you purchase paid features, Stripe processes payments. We receive limited billing information such as billing contact details, subscription status, invoice/payment identifiers, and the last 4 digits / card brand (where available). We do not receive your full card number.

How we use data

We use information we collect to:

• Provide and operate the Service: generate QR codes, store and deliver QR assets, and operate redirects.
• Authenticate and secure accounts: sign you in, prevent unauthorized access, and protect workspaces.
• Provide customer support: respond to requests and troubleshoot issues.
• Run billing and account administration: manage subscriptions (if applicable), invoices, and account status.
• Improve the product: understand how the Service is used, fix bugs, and develop features.
• Measure performance and reliability: monitor uptime, diagnose failures, and debug.
• Prevent abuse and fraud: detect malicious behavior (including on redirect/scan endpoints) and enforce policies.
• Communicate with you: send service-related messages such as security notices, confirmations, and administrative updates.

Account status and feature access

Your account status (for example, whether you have an active subscription, have canceled, or are otherwise restricted) can affect what you can do in the product. For example:

• Existing QRs/short links may continue to resolve so they do not break for end users.
• We may limit the ability to create new QRs/short links or to change settings (like destinations).
• We may limit how much historical analytics is available to view in the dashboard (for example, showing only recent activity).

These are product access controls and do not change our commitment to protect personal data.

We do not sell personal information.

Legal bases

If you are in the EEA/UK/Switzerland (or where similar rules apply), we process personal data under these legal bases:

• Contract: to provide the Service you request (account, QR generation, redirects, and support).
• Legitimate interests: to secure, maintain, and improve the Service and prevent abuse (balanced against your rights).
• Consent: where required for certain cookies/tracking and certain marketing communications.
• Legal obligation: to comply with applicable laws and lawful requests.

Cookies and tracking

We use cookies and similar technologies to make the Service work and understand how it is used.

• Strictly necessary cookies: used for login sessions, security, and core site/app functionality.
• Analytics cookies / similar technologies: used to understand usage on www.qurbo.ai and app.qurbo.ai (for example, via PostHog).
• We aim not to use third-party tracking cookies on redirect domains like qrb.sh (redirect analytics are handled server-side).

We are working to implement cookie controls (for example, a consent banner) where required by law. Until those controls are available, you can manage cookies through your browser settings (note that disabling strictly necessary cookies can impact core functionality).

Sharing and processors

We share information only as needed to run Qurbo, comply with law, and protect the Service.

Service providers (processors)

We use vendors that process data on our behalf, including:

• WorkOS/AuthKit (authentication)
• Stripe (billing and payments processing)
• PostHog (product and marketing analytics on www.qurbo.ai and app.qurbo.ai)
• Tinybird (redirect/scan analytics)
• Convex (application database, backend, and file storage)
• Vercel (hosting and delivery)
• Upstash (Redis used for low-latency redirect resolution)

We may also use additional providers for email delivery, customer support tooling, and error monitoring.

Legal and safety disclosures

We may disclose information if we believe it is necessary to:

• comply with law or lawful requests;
• protect the rights, safety, or security of Qurbo, our users, or the public; or
• investigate and prevent fraud, abuse, or security incidents.

Business transfers

If Qurbo is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to appropriate protections.

International transfers

Qurbo is based in Singapore, and our service providers may process data in other countries. Your information may be transferred to and processed in locations outside your country of residence.

Where required, we use appropriate safeguards for cross-border transfers (such as contractual protections).

Data retention

We keep information only as long as needed for the purposes described in this Policy, unless a longer period is required by law.

Important note on retention vs what you can view

We may retain certain analytics or logs for security, fraud prevention, and operations, while limiting what is displayed in your dashboard based on account status (for example, showing only recent analytics).

Default retention approach

• Account and workspace data: retained while your account is active. If you request deletion, we delete or anonymize personal data within a reasonable period.
• Uploaded images and generated QR assets: retained until you delete them or delete your account, then removed from active systems.
• Redirect/scan analytics: retained for analytics and abuse prevention, then deleted or aggregated.
• Product/marketing analytics (app + marketing surfaces): retained for a limited period to understand and improve the Service.
• Billing and tax records (if applicable): retained as needed to comply with legal and accounting obligations.

If you need more detail about retention for a specific category of data, contact us at care@qurbo.ai.

Security

We use reasonable administrative, technical, and organizational measures designed to protect information from unauthorized access, loss, misuse, and alteration. This includes access controls and encryption in transit where appropriate.

No method of transmission or storage is 100% secure, so we cannot guarantee absolute security.

User rights and choices

Depending on where you live, you may have rights regarding your personal data, including:

• Access: request a copy of your personal data.
• Correction: ask us to correct inaccurate or incomplete data.
• Deletion: request deletion of your personal data.
• Portability: request a portable copy of certain data.
• Objection / restriction: object to or request restriction of certain processing.
• Withdraw consent: where processing is based on consent (for example, certain cookies).

How to exercise rights: email care@qurbo.ai. We may ask you to verify your identity and clarify your request.

Marketing communications: if we send marketing emails, you can opt out via the unsubscribe link or by contacting us.

Cookies: you can control cookies through your browser settings. If we provide a cookie settings tool in your region, you can use that tool as well.

If you are in the EEA/UK, you may also lodge a complaint with your local data protection authority.

Children's privacy

Qurbo is not directed to children, and we do not knowingly collect personal information from children.

You must be at least the minimum legal age required to use the Service in your jurisdiction.

If you believe a child has provided us personal data, contact care@qurbo.ai and we will take appropriate steps to delete it.

Changes to this policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date at the top when we do.

If changes are material, we will provide a more prominent notice by email and in-product notice (where appropriate).

Contact

For privacy questions, requests, or complaints, contact:

Qurbo Pte. Ltd.

68 Circular Road, #02-01, 049422, Singapore

Email: care@qurbo.ai