Privacy Policy

1. Data controller

MossPig Lab is responsible for processing data collected via QRCodeSwarm.com. Privacy contact / DPO: privacy@mosspig.dev.

2. Data collected

We only collect data strictly necessary to provide and improve the service.

• Account data: first name, last name, email, password (hashed), preferences.
• Usage data: technical logs, IP addresses, technical identifiers, application events.
• Billing data: means of payment (via service provider), payment history, invoices.
• Business content: QR code metadata (title, type, redirection targets, design options), aggregated usage statistics.

3. Purposes and legal bases

We process data for:

• Provide the service and manage the account (performance of the contract).
• Invoice, prevent fraud and provide support (legitimate interest / legal obligation).
• Improve the product, measure performance and security (legitimate interest).
• Send service-related information (legitimate interest); marketing communications only with your consent.

4. Hosting and security

The data is hosted at Scaleway (France/EU). We implement appropriate technical and organizational measures: encryption in transit (TLS), regular backups, access control, security logging. No transfer outside the European Union is carried out without adequate guarantees.

5. Subcontractors

We may use subcontractors for hosting, billing, transactional email, technical analysis. These service providers act according to our instructions, offer sufficient guarantees in terms of security and confidentiality, and are listed on request.

6. Retention periods

We keep:

• Account data: as long as the account is active, then 24 months after deletion to allow possible reactivation or processing of disputes.
• Billing data: 10 years in accordance with French accounting and tax obligations.
• Technical logs: 6 to 24 months depending on the purpose (security, diagnosis, anti-fraud).
• Business content (QR codes, metadata and statistics): retained until deleted by the user or closure of the account.
• Data related to customer support (tickets, emails, chat): 36 months after the last interaction, in order to ensure consistent monitoring and proof in the event of a dispute.
• Marketing and prospecting data (emails, opt-ins, consent logs): 3 years maximum after the last interaction or until consent is withdrawn.
• Automatic backups: retained for 7 to 30 days, continuously rotating, for security and service restoration purposes only.
• Inactive accounts: an account without connection for more than 24 months may be anonymized or deleted after prior notification.

7. Cookies and audience measurement

Technical cookies are necessary for operation. Traffic analysis tools can be used within a scope strictly necessary to improve the service. Non-essential cookies are placed only with your consent, which you can withdraw at any time via the preference center.

8. Your rights

In accordance with the GDPR, you have the following rights:

• Access, rectification, erasure of your data.
• Limitation and opposition to processing.
• Portability of data provided.
• Withdrawal of consent at any time for processing based on it.
• Complaint to the CNIL (www.cnil.fr).

9. Account, deletion and portability

You can view, export and delete certain data from your customer area. For any specific request (e.g. extended portability), contact privacy@mosspig.dev.

10. Minors

The service is not intended for children under 15. We do not knowingly collect data about minors. If you believe a minor has shared data with us, contact us so we can delete it.

11. Security of QR codes and content

You are responsible for the content to which your QR codes redirect. We may suspend content that is manifestly illegal, malicious or contrary to our conditions.

12. Policy Changes

We may update this policy to reflect legal or technical developments. In the event of a material change, information will be provided on the site or by email.

13. Contact

For any questions relating to your personal data or this policy: privacy@mosspig.dev.