Privacy Policy

Last updated: February 2026

1. Overview

CeQR is operated by an individual developer. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data. By using CeQR, you agree to the collection and use of data as described in this policy.

2. Data We Collect

Account Holders (Organization Owners and Team Members)

Name and email address (provided during signup)
Password (stored as a secure hash — we never store plaintext passwords)
Role within your organization
Notification preferences

Issue Reports

Issue category, severity, title, and description
Photos submitted with reports (compressed and EXIF-stripped on our servers — GPS and device metadata are removed before storage)
Optional: reporter name, email, and phone number (if provided voluntarily by the reporter)
Timestamp and zone location

Usage and Technical Data

IP addresses (collected for rate limiting and security; not linked to individual identity in logs)
Audit log events (e.g., sign-in, issue created, settings changed)
Error reports sent to our error monitoring service (Sentry)
Mobile device push notification tokens are collected when you enable notifications in the mobile app. These device identifiers are used solely to deliver issue notifications and are deleted when you remove the app from your device or disable notifications.

Billing Data

We do not store credit card numbers. Payment processing is handled entirely by Stripe. We receive a customer ID and subscription status from Stripe.

3. How We Use Your Data

To provide the Service: routing issue reports, sending email notifications, managing team access
AI analysis: Photos submitted with issue reports may be sent to OpenAI's API for classification. Photos are sent as base64 data. Data handling is governed by OpenAI's API data usage policies and our Data Processing Agreement. We recommend reviewing OpenAI's current privacy policies at openai.com/privacy for the most accurate information about data retention. When AI analysis is requested, the facility name and zone name associated with the issue are also transmitted to OpenAI to provide context for the analysis.
Email notifications: Issue alerts, status updates, and account-related messages are sent via Resend
Security and abuse prevention: IP-based rate limiting, audit logging, and error monitoring
Billing: Subscription management via Stripe

We do not sell your data to any third party. We do not use your data for advertising purposes.

4. Data Retention

Issue reports, photos, and associated data are retained for a maximum of 7 years from the date of creation, after which they are automatically and permanently deleted.

Reporter contact information (name, email address, and phone number) is automatically anonymized 90 days after a report is submitted, regardless of the issue's resolution status. Reporter contact information is anonymized within 90 days of report submission; anonymized data may be retained for up to seven years.

Upon account cancellation or deletion, all organization data — issues, photos, comments, buildings, zones, QR codes, and team member records — is permanently and immediately deleted. This deletion is irreversible. You are responsible for exporting any data you need before cancelling your account.

5. Photo Processing

All photos uploaded to CeQR are processed on our servers using Sharp (an image processing library) before storage:

Resized to a maximum of 1280×1280 pixels
Converted to WebP format
All EXIF metadata stripped — including GPS coordinates, device model, and timestamp data embedded by your camera

Original files are never stored. The compressed, metadata-free WebP version is stored in Supabase's secure storage.

6. Third-Party Services

We use the following third-party services to operate CeQR:

Supabase

Database, authentication, and file storage

OpenAI

AI photo analysis (optional, paid plans only)

Stripe

Payment processing and subscription management

Resend

Transactional email delivery

Sentry

Error monitoring and performance tracking

Railway

Application hosting and infrastructure provider. Processes server requests and may have access to server logs including IP addresses.

Redis

In-memory data store used for rate limiting. Temporarily stores request counts associated with IP addresses. Data expires automatically after each rate limit window (maximum 1 hour).

Expo

Push notification delivery (mobile app)

7. Security

All data is encrypted in transit (TLS) and at rest (Supabase AES-256 encryption)
Row-level security (RLS) policies ensure organization data is strictly isolated — one organization cannot access another's data
Passwords are hashed using bcrypt via Supabase Auth
Photos are stored in a private Supabase Storage bucket requiring signed URLs for access

8. Your Rights (GDPR and CCPA)

You have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you
Correction: Request correction of inaccurate data
Deletion: Request deletion of your personal data. Account holders can delete their account via Settings. To request deletion of your reporter contact information, email [email protected] with your issue tracking link. We will process deletion requests within 30 days.
Data portability: Export your data as CSV and photos via the Settings → Export Data feature
Objection: Object to certain uses of your data

To exercise these rights, contact us at ceqr.io/contact.

9. Cookies

CeQR uses cookies only for session management (authentication). We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

10. Children

CeQR is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date at the top of this page when we do. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact

For privacy-related questions or to exercise your rights, please contact us at ceqr.io/contact.