Privacy Policy
Effective 12 Nov 2025
1. Data Controller & Contact
QrPlus (operated by QrBizPlus Sdn. Bhd.) is the data controller for personal data collected through the mobile app, web portals, and referral experiences. You can contact us at privacy@qrplus.com concerning any privacy request.
2. Information We Collect
Account data such as email, username, and password hash.
Profile details you provide, including phone number, demographic preferences, and optional profile images.
Engagement data including referral codes, QR scan history, coupon balances, and transaction logs tied to your engagement with QrBiz merchants.
Device and usage information (IP address, device model, crash logs) plus location data when you grant permission to find nearby stores.
3. How We Use Your Data
To create and manage your account, deliver rewards, and verify referral eligibility.
To share relevant scan outcomes with participating merchants so they can honour promotions.
To comply with Malaysian consumer protection, PDPA 2010, and CPETTR 2024 obligations, including maintaining transaction records for at least three years.
To send service updates or—with your consent—marketing communications. You may opt out at any time.
4. Data Sharing & Transfers
We share data only with service providers (e.g., Supabase, analytics, support tools) under strict confidentiality agreements and with QrBiz merchants as necessary to fulfil rewards.
Where data is transferred or stored outside Malaysia, we rely on contractual safeguards and industry-standard security controls.
5. Your Rights
You may request access, correction, deletion, restriction, or portability of your personal data. Contact privacy@qrplus.com to exercise these rights.
You may withdraw consent for marketing or location services within the app settings. Doing so may limit functionality tied to those features.
6. Retention & Security
We retain personal data while your account remains active and thereafter as required by law or to resolve disputes. We implement encryption in transit, access controls, and routine audits to protect your data.
In the event of a data breach, we will notify affected individuals and the Malaysian Personal Data Protection Commissioner in line with PDPA guidance and the 2024 amendments.