K
Kverio
Privacy Policy
Last updated: July 2026
1. Data Controller
The data controller is the operator of the Kverio service (kverio.com). Contact email: info@kverio.com.
2. Personal Data We Process
- Registration data: name, email address, hashed password.
- Payment data: processed exclusively by the payment gateway Stripe, Inc. We store only the customer identifier and subscription status.
- Content data: texts, images, and settings you enter on your pages.
- Analytics data: anonymised QR code scan records (time, browser language, page). We do not store full IP addresses.
- Technical data: error and performance logs for service operation and security.
3. Purpose and Legal Basis of Processing
- Service provision — performance of a contract (Art. 6(1)(b) GDPR).
- Transactional emails (verification, password reset, billing) — legitimate interest (Art. 6(1)(f) GDPR).
- Security and operations — legitimate interest.
4. Recipients of Personal Data
- Stripe, Inc. — payment processing (Privacy Policy: stripe.com/privacy).
- Google Ireland Ltd. — website analytics (Google Analytics 4 via Google Tag Manager), only with your consent (Privacy Policy: policies.google.com/privacy).
- SMTP / email provider — delivery of transactional emails.
- Hosting provider — operation of server infrastructure.
We do not sell or share your personal data with third parties for marketing purposes.
5. Data Transfers Outside the EEA
Stripe is based in the USA and transfers are made on the basis of standard contractual clauses (SCCs) approved by the European Commission.
6. Retention Periods
- Account data: for the duration of the account + 3 years (for potential complaints).
- Payment records: 10 years (statutory accounting obligation).
- Scan records: 2 years.
7. Your Rights
You have the right:
- to access your personal data,
- to rectify inaccurate data,
- to erasure ("right to be forgotten") — to the extent that it does not prevent fulfilment of statutory obligations,
- to data portability,
- to object to processing based on legitimate interest,
- to lodge a complaint with the supervisory authority — the Office for Personal Data Protection (uoou.cz).
You may exercise your rights by emailing info@kverio.com.
8. Cookies
We use functional cookies necessary for the operation of the service (session cookie for login, language preference, storing your consent choice) — these are always active. We also use analytics cookies from Google Analytics 4, deployed via Google Tag Manager, but only if you give your consent in the cookie banner; without consent they remain disabled (Google Consent Mode v2). You can withdraw your consent at any time in the cookie settings. These tools are provided by Google Ireland Ltd. — more information at policies.google.com/privacy.
9. Security
Passwords are stored as bcrypt hashes. Communication is encrypted using TLS. Database access is protected at the network level.
10. Changes to This Document
We will notify you of significant changes by email or in-app notification. The current version is always available at this address.