Qrype

Los documentos legales se proporcionan en inglés. Términos del servicio, Política de privacidad y Política de cookies.

Política de privacidad

Last updated: May 1, 2026

This Privacy Policy explains what data Qrype collects, why we collect it, who we share it with, and what rights you have over it. It is written to reflect what the product actually does — not to quote a generic SaaS template.

1. Data we collect

  • Email address — required for sign-in (we use email-based one-time passwords).
  • Optional profile — full name, if you provide it.
  • Restaurant metadata — name, description, currency, public handle, theme preset and accent colour, QR code styling preferences.
  • Uploaded files — menu photos, PDFs, CSVs, or Excel spreadsheets you upload for AI extraction.
  • Extracted menu data — categories, items, descriptions, prices, allergens, dietary flags, calorie counts, and any translations you generate.
  • Billing data — Stripe customer ID and subscription ID, plus subscription status and renewal date. Card numbers and CVCs are handled by Stripe and never reach Qrype.
  • Authentication tokens — issued by Supabase and stored as HTTP-only cookies on your device for the duration of your session.

2. How your data is used

  • To authenticate you and operate your dashboard.
  • To extract structured menu data from the files you upload using an AI model.
  • To render public menu pages at qrype.com/<your-handle> for your customers.
  • To translate menu items into additional languages on request.
  • To process your subscription payment and email you receipts via Stripe.
  • To send transactional emails (one-time passwords for sign-in, account-related notifications). We do not send marketing email.

3. Sub-processors

The Service uses these third parties to operate:

  • Supabase (database, authentication, file storage). Stores your manager profile, restaurants, menus, and authentication tokens.
  • OpenAI (AI menu extraction and translation). When you upload a menu, the file (image, PDF, or extracted text) is sent to OpenAI's gpt-4o-mini model for structured extraction. When you translate a menu, the item names and descriptions are sent for translation. Per OpenAI's API data-usage policy, content sent through the API is not used to train OpenAI models.
  • Resend (email delivery). Delivers authentication emails containing your one-time sign-in code, via Supabase's SMTP integration.
  • Stripe (payments). Receives your billing email and payment details to process subscription charges. Qrype itself never sees card numbers or CVCs.
  • Vercel (web hosting). Serves the application; standard server logs (IP address, user agent, request path) are kept for operational purposes.

We do not use analytics platforms (no Google Analytics, Plausible, PostHog, Mixpanel, etc.), advertising networks, or marketing trackers.

4. Cookies

Qrype sets only the cookies it needs to function. Details are in our Cookie Policy. There is no marketing or analytics tracking, so there is no consent banner.

5. Retention

Your data is retained for as long as your account is active. When you delete your account (via support@qrype.com or by an admin removing your account), your authentication record, manager profile, restaurants, menu categories, and items are permanently removed via database cascade. Stripe retains transaction records as required by financial regulation.

6. Public-facing data

Anything you publish on a public menu page (qrype.com/<handle>) is, by definition, public. This includes the restaurant name, menu items, prices, descriptions, dietary flags, and any images you upload. Search engines may index these pages.

7. Your rights

Depending on your jurisdiction, you may have the right to access, correct, export, or delete the personal data we hold about you. To exercise any of these rights, email support@qrype.com. We respond within 30 days.

8. AI accuracy

Menu items, prices, and especially allergens and dietary flags extracted by AI may be inaccurate. Always verify before publishing. Qrype does not warrant the accuracy of AI-generated content.

9. Data location

Supabase stores your data in the region configured for our project. OpenAI processes API requests in the United States. Resend, Stripe, and Vercel operate global infrastructure with US-primary regions. By using the Service you consent to your data being processed in these locations.

10. Changes

Material changes to this policy will be announced via email to the address on your account.

11. Contact

Privacy questions: support@qrype.com.

Política de privacidad — Qrype