Privacy Policy

Effective Date: December 18, 2025

This Privacy Policy outlines how PARQRO S.R.L., a Romanian legal entity with its registered office in Brașov, Str. Lemnarilor no. 14, registered with the Trade Register under no. J2025075301009 CUI 52617433, (hereinafter referred to as "PARQRO", "we", "us", or "our") processes the personal data of users of its website and services (collectively, "the Service"). This policy adheres to the provisions of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data ("GDPR") and Romanian Law no. 190/2018.

1. Purpose and Legal Basis of Processing

Your personal data is collected and processed for specific, explicit, and legitimate purposes. The legal basis for our processing activities, as defined under Article 6 of the GDPR, includes:

• Performance of a Contract: To provide and administer the Service you have requested, such as creating and managing your account, processing payments, and enabling QR code and PARQRO Shield functionalities. This is necessary for the performance of the service agreement to which you are a party.
• Consent: For specific purposes where you have given us your explicit consent, such as subscribing to marketing communications or enabling optional cookies. You may withdraw your consent at any time.
• Legal Obligation: To comply with our legal and regulatory obligations, such as financial reporting, tax compliance, and responding to lawful requests from public authorities.
• Legitimate Interest: For our legitimate interests, provided that your fundamental rights and freedoms are not overridden. This includes improving the Service, ensuring network and information security, preventing fraud, and for administrative purposes.

2. Categories of Data Collected

We collect the following categories of personal data to provide and improve our Service:

• Identification Data: Full name.
• Contact Data: Email address, Phone number.
• Authentication Data: User ID, and an encrypted password for accounts not using soicial authentication to login to PARQRO.
• Financial Data: Stripe customer ID and subscription details. We do not store your full credit card information on our servers; this data is securely managed by our payment processor, Stripe, and is visible to our team for administrative purposes only.
• Technical Data: IP address, device type, WhatsApp messages through the PAPRQRO Shield feature, operating system, browser type, access logs, and error logs for diagnostic, utility and security purposes.
• Usage Data: Information about how you interact with our Service, such as features used and time spent on the platform.

WhatsApp messages sent through the PAPRQRO Shield feature are not end-to-end encrypted, meaning that they can be viewed by us and WhatsApp, and while we do not store the messages in our servers, we do have the ability to access the contents of the messages for up to 15 days. We may access these messages for content moderation, service protection, maintainance and improvements and if we are required by law.

3. Data Recipients and Third-Party Disclosures

Your data may be shared with the following parties, under strict confidentiality and data processing agreements:

• Authorized Processors & Technology Providers: We partner with trusted third-party service providers who process data on our behalf. These include:
  • Google: For user authentication (Firebase Authentication), infrastructure (APIs and Fonts), sending transactional emails (via Gmail), and to protect our platform from spam and abuse (reCAPTCHA Enterprise). Use of these services may involve sending hardware and software information, such as device and application data, to Google for analysis.
  • Stripe: For processing payments and managing subscriptions.
  • Twilio: For sending verification codes and notifications via SMS.
  • Meta: For sending verification codes, notifications and Automated Messages via WhatsApp.
  • Cloudflare: For hosting, network security, performance, and bot protection.
  • New Relic: For application monitoring, logging, and error tracking to maintain and improve service stability.
  • Cookiebot: For managing cookie consent and ensuring compliance with privacy regulations.
• Third-Party Frontend Libraries: To enhance functionality, our website may load certain open-source libraries from public Content Delivery Networks (CDNs). While we do not control these servers, the libraries are used to enable specific features within your browser. These include:
  • intl-tel-input: To provide a standardized dropdown for international telephone number input.
  • jsqr & qr-code-styling: To enable QR code scanning and styling functionalities directly within the browser.
• Public Authorities: We may disclose your data to law enforcement or other public authorities if required by law or in response to a valid legal request.
• Contractual Partners: In the event of a merger, acquisition, or sale of assets, your data may be transferred to a new controlling entity, who will be bound by this privacy policy.

We perform due diligence on all third-party providers to ensure they have adequate data protection measures in place. We may also investigate user data to verify compliance with our Terms of Service, detect and prevent fraudulent or inappropriate use, and improve the Service.

4. Data Retention Period

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected. Your account data will be retained for as long as your account is active. After account deactivation, your data will be held for a grace period of 90 days before permanent deletion. This retention period is necessary to allow for account recovery, to resolve any final disputes, and to prevent fraud. Certain data may be retained for a longer period if required by law (e.g., financial records for tax and accounting purposes).

5. Rights of Data Subjects

Under the GDPR (Articles 15–22), you have the following rights concerning your personal data:

• Right of Access: You can request a copy of the personal data we hold about you.
• Right to Rectification: You can request to correct any inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten"): You can request the deletion of your personal data.
• Right to Restriction of Processing: You can request that we limit the processing of your data under certain conditions.
• Right to Data Portability: You can request to receive your data in a structured, commonly used, and machine-readable format.
• Right to Object: You can object to the processing of your data, particularly for marketing purposes.
• Right to Lodge a Complaint: You have the right to file a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP) or your local data protection authority.

To request any of the listed rights above, contact our support team at support@parqro.com

6. International Data Transfers

Your data may be transferred and processed in countries outside the European Economic Area (EEA). Such transfers are protected by appropriate safeguards, primarily the European Commission's Standard Contractual Clauses, to ensure your data is treated with a level of protection equivalent to that under GDPR.

7. Security Measures

We implement robust technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include password encryption, data pseudonymization where feasible, strict access controls, and regular security training for our staff.

8. Cookies and Similar Technologies

Our website uses both essential and optional cookies to enhance user experience and analyze site traffic. We use the Cookiebot platform for managing cookie consent, in full compliance with Article 7 of the GDPR.

====The information displayed below this paragraph is generated dynamically by CookieBot and may be changed without any prior notice.====

====The information displayed above this paragraph is generated dynamically by CookieBot and may be changed without any prior notice.====

9. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected data from a minor, we will take immediate steps to delete it and block any account related to users under the age of 18.

10. Data Breach Notification

In the event of a data breach that poses a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, in accordance with GDPR requirements.

11. Automated Decision-Making

We do not use automated decision-making or profiling that would produce legal effects concerning you or similarly significantly affect you.

12. Policy Amendments

This policy may be updated periodically to reflect changes in our practices or for legal reasons. We will notify you of any material amendments, besides the content generated dunamically by CookieBot, by posting the updated policy on our website and by prompting you to acknowledge the new updates upon logging into your account. We will provide at least 30 days' notice before the changes take effect. Your continued use of the Service after the notice period constitutes your acceptance of the revised policy.

13. Contact

For any questions, requests, or to exercise your rights under the GDPR, please contact us via email at support@parqro.com or by mail at: PARQRO S.R.L., Str. Lemnarilor no. 14, Brașov, Romania.