Privacy Policy
Effective 12 Nov 2025
1. Data Controller & Contact
QrBiz (operated by QrBizPlus Sdn. Bhd.) is the data controller for personal data collected through the mobile app, web portals, and business management experiences. You can contact us at privacy@qrbiz.com concerning any privacy request.
2. Information We Collect
Account data such as email, password hash, and business registration details.
Business profile details you provide, including store name, phone number, business address, category, description, and optional store logos and images.
Business engagement data including promotions created, QR codes generated, products listed, customer interactions, transaction logs, and analytics tied to your business operations.
Device and usage information (IP address, device model, crash logs) plus location data when you grant permission to set your store location.
3. How We Use Your Data
To create and manage your business account, generate store codes, and verify referral eligibility from QrPlus users.
To display your business information, promotions, and products to QrPlus customers so they can discover and engage with your store.
To comply with Malaysian consumer protection, PDPA 2010, and CPETTR 2024 obligations, including maintaining transaction records for at least three years.
To send service updates or—with your consent—marketing communications. You may opt out at any time.
4. Data Sharing & Transfers
We share data only with service providers (e.g., Supabase, analytics, support tools) under strict confidentiality agreements and with QrPlus customers as necessary to display your business information and promotions.
Where data is transferred or stored outside Malaysia, we rely on contractual safeguards and industry-standard security controls.
5. Your Rights
You may request access, correction, deletion, restriction, or portability of your personal data. Contact privacy@qrbiz.com to exercise these rights.
You may withdraw consent for marketing or location services within the app settings. Doing so may limit functionality tied to those features.
6. Retention & Security
We retain personal data while your account remains active and thereafter as required by law or to resolve disputes. We implement encryption in transit, access controls, and routine audits to protect your data.
In the event of a data breach, we will notify affected individuals and the Malaysian Personal Data Protection Commissioner in line with PDPA guidance and the 2024 amendments.