Privacy Policy

AroiQR ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our digital menu platform service. By using AroiQR, you agree to the collection and use of information in accordance with this policy.

2.1. Information You Provide • Account Information: Name, email address, phone number, business name • Payment Information: Credit card details, billing address (processed securely through third-party payment processors) • Restaurant Data: Menu items, prices, descriptions, images, categories • Business Information: Restaurant address, operating hours, contact details 2.2. Automatically Collected Information • Usage Data: Pages visited, features used, time spent on the platform • Device Information: IP address, browser type, operating system, device identifiers • Location Data: Approximate location based on IP address • Cookies and Similar Technologies: Session data, preferences, analytics 2.3. Information from Third Parties • Payment processors (Stripe, PayPal) • Analytics providers (Google Analytics) • Social media platforms (if you connect your accounts)

We use the collected information for: 3.1. Service Provision • Creating and managing your account • Processing payments and subscriptions • Generating QR codes and digital menus • Providing customer support • Sending service-related notifications 3.2. Service Improvement • Analyzing usage patterns and trends • Developing new features and functionality • Improving user experience • Conducting research and analytics 3.3. Marketing and Communications • Sending promotional emails (with your consent) • Providing product updates and news • Conducting surveys and feedback requests • Personalizing your experience 3.4. Legal and Security • Complying with legal obligations • Preventing fraud and abuse • Enforcing our Terms of Service • Protecting our rights and property

We may share your information with: 4.1. Service Providers • Cloud hosting providers (AWS, Google Cloud) • Payment processors (Stripe, PayPal) • Email service providers • Analytics providers • Customer support tools 4.2. Business Transfers • In connection with mergers, acquisitions, or asset sales • During bankruptcy or similar proceedings 4.3. Legal Requirements • To comply with legal obligations • To respond to lawful requests from authorities • To protect our rights and safety • To prevent fraud or illegal activities 4.4. With Your Consent • When you explicitly authorize us to share information • For purposes you have approved We do NOT sell your personal information to third parties.

We implement industry-standard security measures to protect your information: • Encryption: Data is encrypted in transit (SSL/TLS) and at rest • Access Controls: Limited access to personal information • Regular Security Audits: Periodic reviews of our security practices • Secure Infrastructure: Use of reputable cloud providers • Employee Training: Staff trained on data protection However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

We retain your information for as long as: • Your account is active • Needed to provide services • Required by law or for legitimate business purposes When you delete your account: • We will delete or anonymize your personal information within 30 days • Some information may be retained for legal or backup purposes • Aggregated, anonymized data may be retained indefinitely

Depending on your location, you may have the following rights: 7.1. Access and Portability • Request a copy of your personal information • Export your data in a machine-readable format 7.2. Correction and Update • Correct inaccurate information • Update your account details 7.3. Deletion • Request deletion of your personal information • Close your account 7.4. Objection and Restriction • Object to certain processing activities • Restrict how we use your information 7.5. Withdraw Consent • Withdraw consent for marketing communications • Opt-out of certain data collection To exercise these rights, contact us at privacy@aroiqr.com

We use cookies and similar technologies for: 8.1. Essential Cookies • Authentication and security • Session management • Load balancing 8.2. Analytics Cookies • Understanding user behavior • Measuring performance • Improving our service 8.3. Marketing Cookies • Personalizing content • Measuring ad effectiveness • Retargeting campaigns You can control cookies through your browser settings. Note that disabling cookies may affect functionality.

Our service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies. Third-party services we use: • Payment processors (Stripe, PayPal) • Analytics (Google Analytics) • Cloud storage (AWS S3, Cloudinary) • Email services (SendGrid, Mailgun)

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@aroiqr.com, and we will delete such information.

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place: • Standard contractual clauses • Privacy Shield certification (where applicable) • Adequacy decisions by relevant authorities

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA): • Right to Know: What personal information we collect and how we use it • Right to Delete: Request deletion of your personal information • Right to Opt-Out: Opt-out of the sale of personal information (we do not sell) • Right to Non-Discrimination: Equal service regardless of privacy rights exercise To exercise these rights, contact us at privacy@aroiqr.com or call 1-800-XXX-XXXX.

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR): • Legal Basis for Processing: Consent, contract performance, legal obligations, legitimate interests • Data Protection Officer: Contact dpo@aroiqr.com • Right to Lodge a Complaint: With your local supervisory authority • Automated Decision-Making: We do not use automated decision-making or profiling

We may update this Privacy Policy from time to time. We will notify you of material changes by: • Email notification • Prominent notice on our website • In-app notification Your continued use of the service after changes constitutes acceptance of the updated policy.

If you have questions or concerns about this Privacy Policy, please contact us: Email: privacy@aroiqr.com Data Protection Officer: dpo@aroiqr.com Address: [Your Company Address] Phone: [Your Phone Number] Website: https://aroiqr.com/privacy We will respond to your inquiry within 30 days.