Privacy Policy
We collect only what we need, keep it safe, and never sell it. Here's exactly what we do with your data.
NOTaRentalQR ("we", "us", "our") is a product of FGX (Pty) Ltd, South Africa. This Privacy Policy explains how we collect, use, store, and protect information about you when you use our website and services at notarentalqr.com.
1. Information We Collect
Account information
When you create an account we collect your name, email address, and a securely hashed password (we never store your password in plain text).
QR code content
We store the content you encode into QR codes — URLs, contact details, WiFi credentials, and similar data — so your codes can be managed and edited in your dashboard.
Scan analytics
For dynamic QR codes, we log each scan: timestamp, approximate country (derived from IP address), device type, and browser. We do not store full IP addresses beyond the initial geolocation lookup. Free plans receive 30 days of history; paid plans receive extended or unlimited history as described on the pricing page.
Payment information
Payments are processed by PayPal. We never see or store your card number or full PayPal account details. We receive a PayPal Order ID and record the plan purchased, amount paid, and the date your access expires.
Session data
We use server-side sessions (stored in our database) to keep you logged in. A session cookie is placed in your browser for this purpose. Sessions expire after 30 days of inactivity.
Server logs
Our servers automatically record standard HTTP logs (IP address, browser type, pages visited, timestamps). Logs are retained for up to 30 days for security and debugging purposes.
2. How We Use Your Information
- To provide, operate, and improve the NOTaRentalQR service
- To authenticate your account and keep sessions secure
- To display your QR codes and scan analytics in your dashboard
- To process payments and manage your subscription status
- To send transactional emails (e.g. password resets) — we do not send marketing emails unless you explicitly opt in
- To detect and prevent fraud, abuse, or security incidents
3. Cookies
We use one first-party session cookie (nrqr.sid) to keep you logged in. We do not use advertising cookies, tracking pixels, or third-party analytics cookies. The PayPal payment flow loads PayPal's own scripts, which may set cookies governed by PayPal's privacy policy.
Refusing the session cookie will prevent you from logging in, but the public site and instant QR generator will continue to work without it.
4. Data Sharing
We do not sell, rent, or broker your personal data. We share data only in these limited circumstances:
- PayPal — to process payments. See PayPal's Privacy Policy.
- Hosting infrastructure — our servers run on Replit and Neon (PostgreSQL). Both are contractually obligated to protect your data.
- Legal obligations — we may disclose data if required by law or to protect the rights and safety of our users.
5. Data Retention
Account data is kept for as long as your account is active. You may delete your account at any time from Settings, which permanently removes your personal information and QR codes from our systems within 30 days. Anonymised aggregate statistics (e.g. total scan counts) may be retained.
If you cancel a paid plan your account data is not deleted — consistent with our No-Rental Promise. Your codes remain yours.
6. Your Rights (GDPR / POPIA)
If you are in the European Economic Area, United Kingdom, or South Africa, you have the following rights regarding your personal data:
- Access — request a copy of the data we hold about you
- Correction — ask us to fix inaccurate data
- Erasure — request deletion of your account and associated data
- Portability — request your data in a structured, machine-readable format
- Objection — object to processing for legitimate interests
- Withdraw consent — where processing is based on consent
To exercise any of these rights, email hello@notarentalqr.com. We will respond within 30 days.
7. Security
Passwords are hashed using bcrypt. Sessions are signed and stored server-side. All traffic is encrypted in transit via HTTPS. We apply rate limiting on authentication endpoints to resist brute-force attacks. Despite these measures, no internet service can guarantee absolute security — please use a strong, unique password.
8. Children
NOTaRentalQR is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
9. Changes to This Policy
We may update this policy from time to time. Material changes will be announced by updating the "Last updated" date above. Continued use of the service after changes constitutes acceptance of the updated policy.
10. Contact
For privacy enquiries, data requests, or complaints:
- Email: hello@notarentalqr.com
- Subject line: Privacy Request
- Operator: FGX (Pty) Ltd, South Africa