Privacy Policy

Privacy Policy

Last updated: March 2026  |  Operated by CSism Technologies

We do not sell, rent, or trade your personal data to any third party. Ever.

QRko is operated by CSism Technologies. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our website, mobile application, and QR tag services. By using QRko, you consent to the practices described in this policy.

1. Information We Collect

We collect only the information necessary to provide our services:

  • Mobile number – used for OTP-based login and sending transactional SMS notifications.
  • Name – used to personalise your account and display on your QR tag profile.
  • Delivery address – collected at checkout and used solely to ship your QR tags.
  • Email address – optional, used for order confirmations and support.
  • Vehicle details – vehicle number, type, brand, colour, and similar details you choose to register against your QR tag.
  • Emergency contact details – name and phone number of your emergency contact, displayed to people who scan your QR tag.
  • Scan logs – each time your QR is scanned, we record the timestamp, scanner IP address, and approximate location. This is shown to you as scan history in the app.
  • Device FCM token – your mobile device's push notification token, used to send you real-time alerts when your QR is scanned.
  • Payment information – we do not store your card or UPI details. Payments are processed by Razorpay directly on their secure servers.

2. How We Use Your Information

  • To verify your identity via OTP and log you into the app.
  • To process and deliver your orders.
  • To display emergency contact information to people who scan your QR tag.
  • To send you transactional SMS notifications (OTP, order confirmation, order dispatch, QR registration confirmation) via Jio's DLT-registered SMS gateway.
  • To send you real-time push notifications (via Firebase Cloud Messaging) when your QR tag is scanned.
  • To show you your QR scan history in the app.
  • To improve our services and prevent misuse.

3. SMS Communications

We send SMS messages using Jio TrueConnect, a TRAI-registered Telemarketing Service Provider. All our SMS templates are registered under DLT (Distributed Ledger Technology) as required by TRAI regulations. The SMS header used is CSISMG (operated by CSism Technologies).

By registering on QRko, you consent to receive the following transactional SMS messages:

  • OTP for login
  • Order confirmation
  • Order dispatch notification with tracking link
  • QR registration confirmation

These messages are transactional in nature (not promotional) and are sent only in direct response to your actions on our platform.

4. Push Notifications

We use Firebase Cloud Messaging (FCM) by Google to send push notifications to your mobile device. Notifications are sent when someone scans your QR tag or when there is an important update related to your account. You can disable push notifications at any time from your device settings.

5. Masked Call Feature

QRko includes a Masked Call feature that is available free of charge to all registered QR tag users. This feature is powered by Exotel, a TRAI-compliant cloud telephony provider.

When a masked call is initiated via your QR tag:

  • The caller's mobile number is shared with Exotel solely to connect the call. It is never revealed to you (the QR owner).
  • Your registered mobile number is shared with Exotel solely to connect the call. It is never revealed to the caller.
  • Each masked call session is time-limited and expires automatically. Call records — including timestamp, session duration, and connection status — are logged and retained by QRko for security, fraud prevention, and support purposes. These records are accessible only to our team and are not visible to end users.
  • Exotel's privacy policy governs how telephony data is handled on their platform.
  • The Masked Call feature may be temporarily unavailable due to provider downtime. We are not liable for unavailability caused by Exotel outages.

6. Payment Processing

All payments are processed by Razorpay, a PCI DSS compliant payment gateway. We do not store, log, or have access to your card number, CVV, UPI PIN, or any sensitive payment credentials. Razorpay's privacy policy governs how payment data is handled on their platform.

7. Data Sharing

We do not sell, rent, or share your personal data for advertising or commercial purposes. We share limited data only with the following service providers, strictly to operate our services:

  • Razorpay – for processing payments (name, email, phone, order amount).
  • Jio TrueConnect – for sending transactional SMS (mobile number, message content).
  • Firebase / Google – for push notifications (device FCM token).
  • Exotel – for connecting masked calls (caller's mobile number and owner's mobile number, used only to route the call; neither is disclosed to the other party).
  • Courier partners – for delivering physical QR tags (name, delivery address, phone number).

All third-party providers are bound by their own privacy policies and data protection agreements.

8. QR Scan Visibility

When someone scans your QR tag, they can see only the information you have chosen to register — such as emergency contact name, phone number, and vehicle details. Your personal mobile number is never shown to the scanner. Scan history (who scanned your QR, when, and approximate location) is visible only to you in the app.

9. Data Storage and Security

Your data is stored on secured servers. We use industry-standard HTTPS encryption for all data in transit. OTP-based login eliminates password-related security risks. We regularly review our security practices to protect your information.

10. Data Retention

We retain your data as long as your account is active. If you request account deletion, we will delete your personal data within 30 days, except where retention is required by law (such as order and payment records which may be retained for up to 7 years for tax and legal compliance).

11. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and personal data.
  • Deactivate your QR tag from your profile at any time.

To exercise any of these rights, email us at privacy@qrko.in.

12. Cookies

We use session cookies to keep you logged in and remember your cart. We do not use third-party advertising cookies or tracking pixels. You can clear cookies from your browser settings at any time.

13. Children's Privacy

Our services are not directed at children under 18 years of age. We do not knowingly collect personal information from minors.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with a revised "Last updated" date. Continued use of our services after changes constitutes acceptance of the updated policy.

15. Contact Us

For any privacy-related concerns or data requests, contact us at:

QRko Help
Quick answers
Hi! 👋 What do you need help with?
Can't find your answer? Talk to us →