Privacy Policy

This Policy explains how ARNAUTCODE, the owner and operator of QRest, processes personal data.

1. Controller and roles

For restaurant owner and employee account data, the controller is ARNAUTCODE, Serbia. QRest is a product, not a separate entity. Contact: privacy@qrest.app.

For guest data collected by a restaurant through its QR menu, the restaurant is generally the controller and ARNAUTCODE acts as its processor.

2. Data we process

• name, business email, phone, hashed password, language, and account settings;
• restaurant, menu, staff, table, order, and guest-request data;
• IP address, device, browser, access logs, and security events;
• subscription and transaction data; we do not store full card details;
• support communications and information voluntarily supplied.

3. Purposes and legal bases

We process data to perform the contract, provide and secure the service, prevent abuse, comply with law, improve the platform under legitimate interests, and based on consent where required.

4. Recipients

We share data only as needed with hosting, email, support, analytics, AI providers, payment processors, professional advisers, and authorities. We do not sell personal data.

5. Transfers, retention, and security

We use appropriate safeguards for international transfers. Data is retained while the account is active and afterward as required for law, security, and dispute resolution.

We use access controls, password hashing, session protection, logging, and backups, but no system is absolutely secure.

6. Your rights

Depending on applicable law, you may request access, correction, deletion, restriction, portability, object to processing, or withdraw consent. Contact privacy@qrest.app. Identity verification may be required.

7. Changes

We may update this Policy for service or legal changes. Material changes will be posted and notified where required.