Privacy Policy
How BetterQR collects, uses, and protects personal data.
Last updated: 22 May 2026. BetterQR is a product of We Are Monad® (company registered in England and Wales, number 09229110). This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use BetterQR and related services. We are the data controller for personal data processed under this Policy.
1. Scope
This Policy applies to personal data processed through the BetterQR website, dashboard, and related services (the "Services"). It does not apply to third-party sites or services that may be linked from the Services.
2. Personal Data We Collect
- Account and contact data: name, email address, authentication details, and organisation information when you register or correspond with us.
- Billing data: payment method details (processed by our payment processors), billing contact, and transaction records.
- Service data: QR codes, campaign metadata, images, links, and analytics generated through your use of the Services.
- Feedback data: when you rate an AI assistant response (thumbs up or thumbs down) and opt in to storage, we collect that rating together with the conversation thread for the rated response. We do not otherwise store the text you enter into the assistant (your prompts) or its responses; these are processed only to generate a reply and are not retained by us. See Section 4.
- Usage and device data: log files, IP address, hashed IP address (we use raw IPs only transiently for geolocation), browser type, device identifiers, settings, referring URLs, and interaction data for security and performance.
- Support data: information you provide when you request assistance, including diagnostics and communications.
- Cookies and similar technologies: we use cookies and comparable tools to remember preferences, maintain sessions, and analyse usage. See Section 9 for choices.
3. How We Use Personal Data
We process personal data for the following purposes:
- Providing, operating, and securing the Services.
- Operating the in-product AI assistant so it can respond to your requests.
- Where you have opted in, storing rated conversations to train and improve our own future AI models (see Section 4).
- Processing subscriptions, payments, and account administration.
- Improving and developing the Services, including analytics and research.
- Communicating about updates, security alerts, and support responses.
- Sending marketing communications where permitted by law and your preferences.
- Complying with legal obligations and enforcing our agreements.
4. AI Assistant and Feedback
The Services include an in-product AI assistant that helps you with BetterQR-related tasks. This section explains how that feature works and how we handle the data involved.
How the assistant works.When you interact with the AI assistant, the text you enter (your prompts) and the assistant's responses are processed to generate answers. This processing is carried out using third-party large language model providers acting on our behalf as processors. We currently use models from Anthropic and/or OpenAI, accessed through Amazon Web Services (AWS Bedrock) and/or Microsoft Azure. These providers process your prompts and the resulting outputs only to return a response to us, and they do not use your prompts or outputs to train their own foundation models. A current list of the providers we use is available on request and, where applicable, on our sub-processors page.
You are interacting with AI. The assistant generates responses automatically and can sometimes be inaccurate or incomplete. It is an assistive tool, and you should not rely on it as a substitute for professional advice.
No automated decisions with legal effect. The AI assistant does not make decisions that produce legal effects concerning you or that similarly significantly affect you. A human remains responsible for any decisions you make using it.
Please do not enter other people's personal data. The assistant is designed for BetterQR-related tasks. Please avoid entering personal data about other people, or any sensitive (special category) information, into the assistant. You are responsible for the content you submit.
Rating a response (feedback). You can rate an assistant response using a thumbs up or thumbs down control. We store conversation data through this feature only when you rate a response and have agreed to storage. We do not store your conversations by default, and if you decline we do not save anything, including the rating itself.
Choosing to contribute your conversations for model improvement. When you rate a response, we check whether you have agreed to let us store rated conversations so that we can use them to train and improve our own AI models, including by fine-tuning models that we develop or operate. If you have already agreed, we store the rated conversation. If you have not yet agreed, we ask you at that point. The choice is yours:
- If you agree (opt in), we store the rated conversation thread together with your rating, and we may use it to develop, train, and evaluate our own BetterQR AI models. Before storing a rated conversation for this purpose, we take steps to remove or redact information that identifies other people and any sensitive (special category) information.
- If you decline, we do not store anything, including the rating. You can still use the assistant exactly as before, and declining has no effect on your access to the Services.
We record your agreement and the date you gave it so that we can act on it correctly. Once you have agreed, we do not ask you again while that setting remains on. You can change your choice at any time using the toggle in your profile settings, and turning it off stops us storing any further conversations for model improvement. Storing requires your active agreement, and the setting is off until you turn it on.
Withdrawing consent and deletion. If you withdraw consent (by turning the setting off), we stop using your conversations for future model training, and you may ask us to delete the conversations we have stored. We will delete stored conversations within 30 days of your request. Please note an important limitation: where your data has already been incorporated into a trained model before you withdraw, it may not be possible to remove that contribution from that model retrospectively. Withdrawal and deletion therefore apply to your stored conversations and to future training runs, rather than to models that have already been trained.
Anonymised data. Where we fully and irreversibly anonymise information so that it no longer identifies anyone, it is no longer personal data, and we may retain and use it without the restrictions in this section.
Legal basis. We rely on your consent (Article 6(1)(a) UK GDPR and EU GDPR) to store rated conversations and to use them for model improvement. We process the prompts and outputs needed to operate the assistant itself on the basis of our contract with you, and we rely on our legitimate interests to keep the feature secure and to prevent misuse.
5. Legal Bases (EEA/UK)
Where GDPR or UK data protection law applies, we rely on the following legal bases: performance of a contract (to provide the Services, including the AI assistant); our legitimate interests (to maintain and improve the Services, secure our platform, and grow our business, balanced against your rights); compliance with legal obligations; and consent for specific activities where required. Consent applies in particular to the storage of rated conversations for model improvement (see Section 4) and to certain cookies and marketing. Where we rely on consent, you may withdraw it at any time, as described in Sections 4 and 11.
6. Sharing and Disclosure
We do not sell your personal data. We share personal data only as described below:
- Service providers: hosting, analytics, support, payment processing, large language model providers that power the AI assistant, and other vendors who process data under our instructions.
- Business transfers: in connection with a merger, acquisition, or sale of assets, subject to this Policy or an equivalent.
- Legal compliance and protection: to comply with law or legal process, enforce agreements, or protect rights, safety, or property.
- Aggregated or de-identified data: we may share data that does not identify you for analytics or service improvement.
7. International Transfers
We host and process personal data primarily in the United Kingdom and the European Economic Area (EEA), for example in data centres located in Germany. Depending on the configuration of the large language model providers that power the AI assistant, prompts and outputs may also be processed in other regions. Transfers from the United Kingdom to the EEA are covered by UK adequacy regulations, which recognise the EEA as providing an adequate level of protection. Where personal data is transferred outside the UK or EEA, we rely on lawful transfer mechanisms such as adequacy regulations, the International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, the EU Standard Contractual Clauses, or other appropriate safeguards. We take reasonable steps to ensure your data remains protected wherever it is processed.
8. Data Retention
We retain personal data for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Scan analytics are retained for 12 months, after which they are deleted or anonymised. If you request account deletion, we schedule deletion and may retain data for up to 12 months to meet legal requirements before permanently removing it.
Rated conversations that you have opted to share for model improvement are retained only for as long as your consent remains active and the model-improvement purpose requires, and we review retained feedback data periodically. If you withdraw consent or request deletion, we delete the stored conversations within 30 days, subject to the limitation described in Section 4 regarding data already incorporated into a trained model.
9. Cookies and Tracking Technologies
We use cookies and similar technologies to operate the Services, remember preferences, authenticate sessions, and measure performance. When a QR code is scanned, we collect anonymous, non-personally-identifiable scan analytics (such as device type, browser, operating system, and approximate location) server-side to provide scan reporting to QR code owners. No cookies are set on QR landing pages. You can adjust browser settings to refuse or delete cookies, though this may affect functionality. Where required, we will seek your consent before setting non-essential cookies.
10. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, or alteration, including encryption in transit and at rest, access controls, and logging. No system is completely secure; you are responsible for safeguarding your account credentials and promptly notifying us of any suspected compromise. If a personal data breach occurs, we will notify the relevant supervisory authority and affected individuals where and as required by applicable law.
11. Your Rights
Depending on your location, you may have rights under applicable law, including the right to access, rectify, erase, restrict, or object to processing, and to data portability. You may also object at any time to the use of your personal data for direct marketing. Where processing is based on consent, you may withdraw it at any time, including by using the profile toggle described in Section 4. Withdrawal does not affect the lawfulness of processing carried out before withdrawal. For data used to train our AI models, your rights to erasure are subject to the limitation described in Section 4.
To protect your data, we may need to verify your identity before acting on a request. We will respond within the time limits set by applicable law (under UK and EU GDPR, normally within one month, which may be extended by up to two further months for complex or numerous requests, in which case we will let you know).
You have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ico.org.uk). If you are in the EEA, you may complain to the supervisory authority in your country of residence, place of work, or where the issue arose.
If you are a resident of California or another US state with applicable privacy laws, you may have additional rights, including to know about, access, correct, or delete your personal information, and to not be discriminated against for exercising those rights. We do not sell your personal data. You can exercise these rights using the contact details in Section 15.
12. Marketing Preferences
We may send you service communications that are necessary to provide the Services. Where marketing communications are permitted, you can opt out at any time by using the unsubscribe link in the message or updating your preferences in your account.
13. Children
The Services are not directed to individuals under 18, and we do not knowingly collect personal data from children. If we become aware that a child has provided personal data, we will delete it.
14. Changes to this Policy
We may update this Policy from time to time. Material changes will be communicated through the Services or by reasonable means. Continued use of the Services after the updated Policy takes effect constitutes acceptance.
15. Contact
For questions about this Privacy Policy or your personal data, please contact us at hello@betterqr.app. Written requests may also be sent to the registered company address available in public records for We Are Monad® (company number 09229110).