TouchQR processes data as a data processor for QR owners and a data controller for account information.

---

Data Collected

• QR scan metadata
• Account details
• Payment references

---

Security Measures

• Encrypted passwords
• Secure servers
• Limited internal access
• Regular updates

---

Retention Policy

• Scan data retained for analytical purposes
• Account data retained until account deletion
• Backup retained for legal compliance

---

Data Sharing

We do not sell data.

We only share data with:
• Payment processors
• Hosting providers
• Legal authorities if required

---

Breach Policy

In case of breach:
• Users will be notified
• Remedial action will be taken