Drentio

قانوني

Privacy Policy

This Privacy Policy explains what personal information Drentio collects, how we use it, who we share it with, and the rights you have.

آخر تحديث . تُشغّلها Zybergo LLC (Wyoming, USA).

1. The controller

Zybergo LLC (Wyoming, USA) is the controller of the personal data described in this Policy. Our privacy contact is privacy@drentio.com.

2. Information we collect

Information you give us

  • Account data — name, email, password (managed by our authentication provider Clerk), and profile photo.
  • Billing data — handled by Stripe; we store the customer ID, plan, last-4 digits and billing country, never the full card number.
  • Content you create — QR codes and their destinations, menus, business-card profiles, contacts you import or capture via two-way sharing, support messages.
  • Communications — emails, support tickets and feedback you send us.

Information collected automatically

  • Scan analytics — when someone scans one of your codes we record the time, device type, OS, browser, coarse referrer and (if you've enabled it on the code) a one-way HMAC of the visitor's IP for de-duplication. We do not store raw IP addresses.
  • Service logs — timestamps and minimal request metadata used to operate the Service, debug errors and prevent abuse.
  • Cookies and similar storage — see our Cookie Policy.

Information from third parties

If you sign in with a federated identity provider, we receive the identifiers and basic profile fields you authorise. If you pay through Stripe, we receive payment-event metadata.

3. How we use it

  • To operate and improve the Service — render your codes, route scans, generate analytics, send transactional notifications.
  • To bill you and prevent payment fraud.
  • To respond to support requests and security reports.
  • To send service announcements (you can't opt out of those while you have an account) and — only if you opt in — product news.
  • To comply with legal obligations and enforce our Terms.

4. Lawful bases (EEA / UK)

If you're in the EEA or UK, we rely on these lawful bases under GDPR/UK-GDPR: contract (to deliver the Service you signed up for), legitimate interest (to keep the Service secure, prevent abuse and improve it), legal obligation (tax, accounting, law-enforcement requests), and consent (e.g. marketing emails, non-essential cookies).

5. Sharing

We share personal data only with:

  • Sub-processors who run the Service on our behalf — currently Clerk (auth), Stripe (payments), Cloudflare (DNS / Workers), our database host, Resend (email).
  • Other users in your team — when you invite seat users they can see content within your workspace at their assigned role.
  • The public — anything you publish (a card landing page, a menu, a QR-code landing) is by definition public.
  • Authorities — when we're legally required, after challenging requests that look overbroad.
  • A successor — in a merger, acquisition or asset sale, with notice to you.

We do not sell your personal data and we do not share it for cross-context behavioural advertising.

6. International transfers

Our infrastructure is primarily in the United States. When personal data is transferred from the EEA or UK to the United States, we rely on the European Commission's Standard Contractual Clauses (or equivalent UK addendum) with our sub-processors.

7. Retention

We keep account data for as long as your account is active and for a recovery window (typically 30 days) after deletion. Scan analytics are aggregated and retained for as long as the parent code exists. Billing and tax records are kept for the period required by law (typically 7 years). You can ask us to delete earlier — see your rights below.

8. Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your account and associated data (subject to legal retention requirements).
  • Export your data in a portable format.
  • Object to or restrict certain processing.
  • Withdraw consent at any time (without affecting prior processing).
  • Lodge a complaint with your supervisory authority.

To exercise these rights, email privacy@drentio.com. We'll respond within 30 days. If you're a California resident, see also your CCPA/CPRA rights (right to know, delete, correct, opt out of sale/sharing, limit use of sensitive personal information, and non-discrimination) — we honour Global Privacy Control signals.

9. Security

We use TLS in transit, hashed passwords (via Clerk), HMAC'd scan identifiers, scoped database access and least-privilege internal access. No system is perfectly secure; if you believe you've found a vulnerability, please email privacy@drentio.com.

10. Children

The Service is not directed to children under 13. If you believe a child has provided us with personal data, email privacy@drentio.com and we'll delete it.

11. Changes

We'll post material changes to this Policy on this page and, when significant, notify you in-app or by email at least 14 days before they take effect.

12. Contact

Privacy questions: privacy@drentio.com. Postal address: Zybergo LLC, Zybergo LLC, Wyoming, USA.

Privacy Policy | Drentio