Privacy Policy

Explrd Ventures LLC ("we", "us", "our", "Company") operates Sprykit™ Connect ("Service", "Platform"), a software-as-a-service platform for dynamic QR codes, short URLs, AI-built forms and landing pages, digital menus, and related analytics. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

1. Information We Collect

1.1 Information You Provide Directly

We collect information that you voluntarily provide when using our Service:

• Account Information: Name, email address, password, company name, and phone number
• Profile Information: Job title, profile picture, and other optional profile details
• Billing Information: Payment card details, billing address, and tax identification numbers (processed securely through our payment processor)
• Content: QR codes you create, URLs you shorten, forms and landing pages you design, digital menus, uploaded images, logos, and other files
• Form Submissions: Data submitted through forms you create (we process this on your behalf as a data processor)
• Communications: Messages you send to our support team, feedback, survey responses, and other correspondence
• Team Information: Details about team members you invite to your account, including their email addresses and assigned roles

1.2 Information Collected Automatically

When you access or use our Service, we automatically collect certain information:

• Usage Data: Pages visited, features used, time spent on pages, links clicked, search queries, and interaction patterns
• Device Information: Device type, operating system, browser type and version, screen resolution, and device identifiers
• Log Data: IP address, access times, error logs, and referring/exit pages
• API Usage: API requests, rate limit consumption, and authentication attempts (if you use API features)
• Webhook Delivery: Delivery attempts, success/failure status, and retry information (if you use webhook features)
• Location Data: General geographic location derived from IP address
• Cookies and Tracking Technologies: Information collected through cookies, web beacons, and similar technologies (see Section 7)

1.3 Analytics and Scan Data

When someone scans a QR code or accesses a shortened URL created through our Service, we collect:

• Scan Events: Date and time of each scan or click
• Device Information: Device type, operating system, browser type
• Location Data: Geolocation information (city, region, country) derived from IP address using third-party geolocation services (ipapi.co)
• IP Address: Internet Protocol address of the scanning device
• Referrer Information: Source of the scan (e.g., website, social media platform)
• User Agent: Browser and device characteristics

Note: This analytics data is provided to you (the QR code or link creator) as part of the Service. End users who scan QR codes should be aware that analytics may be collected.

1.4 Information from Third Parties

We may receive information about you from third parties:

• Authentication Services: If you use single sign-on (SSO) or social login, we receive information from your identity provider
• Payment Processors: Transaction and payment confirmation data from Stripe or other payment providers
• Business Partners: Information from companies that integrate with our Service
• Public Sources: Publicly available information to verify business details or prevent fraud

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 To Provide and Maintain the Service

• Create and manage your account
• Generate QR codes and shortened URLs
• Host and display landing pages
• Process and redirect QR code scans and link clicks
• Provide analytics and reporting features
• Enable team collaboration and access controls
• Store your content and preferences

2.2 To Process Payments and Subscriptions

• Process subscription payments and manage billing
• Prevent fraud and unauthorized transactions
• Issue invoices and receipts
• Handle refunds and payment disputes

2.3 To Communicate with You

• Send service-related notifications (e.g., account changes, security alerts)
• Respond to your inquiries and support requests
• Send administrative messages and updates about the Service
• Request feedback and conduct surveys (with your consent)
• Send marketing communications about new features and promotions (with your consent, and you may opt out)

2.4 To Improve and Develop the Service

• Analyze usage patterns to improve features and user experience
• Conduct research and development for new products and services
• Test and debug the Service
• Train machine learning models to enhance functionality
• Generate aggregated, anonymized analytics

2.5 For Security and Legal Compliance

• Detect, prevent, and investigate fraud, abuse, and security incidents
• Enforce our Terms of Service and Acceptable Use Policy
• Comply with legal obligations and respond to lawful requests
• Protect the rights, property, and safety of our users and the public
• Maintain audit logs and security monitoring

2.6 For Automated Processing and System Maintenance

We use automated systems to maintain service integrity and enforce subscription policies:

• Process scheduled plan changes and subscription updates
• Monitor and enforce grace periods for failed payments
• Verify custom domain ownership and expire unverified claims
• Synchronize subscription entitlements and usage limits
• Retry failed webhook deliveries automatically
• Delete old analytics data according to your plan's retention period
• Remove unverified or inactive accounts after a reasonable period

2.7 With Your Consent

We may use your information for other purposes with your explicit consent, which you can withdraw at any time.

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

3.1 With Service Providers

We share information with third-party vendors who perform services on our behalf:

• Cloud Hosting: AWS, DigitalOcean, or similar providers for data storage and computing
• Payment Processing: Stripe for payment and subscription management
• Email Services: SendGrid or similar providers for transactional and marketing emails
• Geolocation Services: ipapi.co for IP-based location data
• Caching Services: Upstash Redis or similar for performance and rate limiting
• Analytics Tools: Services that help us understand Service usage
• Customer Support: Help desk and ticketing systems
• Security Services: Tools for fraud detection and security monitoring

These service providers are contractually obligated to use your information only for the purposes we specify and to maintain appropriate security measures.

3.2 With Your Team Members

If you use our multi-tenant features, information may be shared with other members of your organization according to the permissions you configure.

3.3 Form Submissions and Webhooks

If you use our form or webhook features:

• Form submissions are sent to the email addresses you configure and/or your webhook endpoints
• You act as the data controller for any personal information collected through your forms
• We act as a data processor, processing form submissions according to your instructions
• You are responsible for obtaining appropriate consent from form submitters and complying with privacy laws

3.4 For Legal Reasons

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (subpoenas, court orders, warrants)
• Government or regulatory requests
• Law enforcement investigations
• Situations involving potential threats to public safety or security
• Enforcement of our legal rights or defense of legal claims

3.5 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or control of your personal information.

3.6 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

3.7 Aggregated or Anonymized Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you. This includes industry benchmarks, usage statistics, and research findings.

4. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

4.1 Account Data

We retain your account information while your account is active and verified. For verified accounts, we retain data for a reasonable period after account closure (typically 30-90 days) to allow for account recovery or transition.

Unverified accounts that remain incomplete or inactive may be deleted after a reasonable period (as determined by us) to maintain system integrity and data accuracy. We recommend verifying your email address promptly after registration.

4.2 Content and QR Codes

Your QR codes, landing pages, and associated content are retained while your account is active and for a limited period after account closure. We recommend exporting important data before closing your account.

4.3 Analytics Data

Scan and analytics data is retained according to your subscription plan's data retention policy:

• Free and Starter Plans: Up to 90 days
• Professional Plans: Up to 90 days
• Enterprise Plans: Up to 365 days

We automatically delete analytics data older than your plan's retention period to manage storage costs and maintain system performance. Aggregated, anonymized analytics may be retained indefinitely for research and service improvement.

If you exceed your plan's storage quota, we may delete the oldest data first (FIFO) to bring your usage within limits.

4.4 Legal and Compliance Records

We retain certain records (e.g., billing records, audit logs, legal correspondence) as required by law or legitimate business interests, typically for 7 years or as mandated by applicable regulations.

4.5 Backups

Information may remain in backup systems for a limited period after deletion from production systems. We maintain backups for disaster recovery and business continuity purposes.

4.6 Unverified or Incomplete Accounts

We may delete or anonymize accounts that remain unverified or incomplete after a reasonable period of time to maintain system integrity and data accuracy. This includes:

• Accounts where email verification was not completed
• Accounts that were created but never used
• Accounts that remain inactive for extended periods without verification

If your account is deleted under this provision, associated data (QR codes, URLs, landing pages) will also be removed. We are not obligated to provide notice before deleting unverified accounts, though we may send reminder emails as a courtesy.

5. Data Security

We implement reasonable administrative, technical, and physical security measures to protect your information from unauthorized access, disclosure, alteration, and destruction.

5.1 Security Measures

• Encryption: Data in transit is encrypted using TLS/SSL; sensitive data at rest is encrypted
• Access Controls: Role-based access controls and principle of least privilege
• Authentication: Secure password hashing (bcrypt) and optional multi-factor authentication
• Monitoring: Security logging, intrusion detection, and regular security audits
• Infrastructure: Secure cloud infrastructure with regular security updates
• Employee Training: Regular security awareness training for our team
• Automated Data Deletion: Automated processes to delete old data according to retention policies

5.2 Your Responsibility

You are responsible for maintaining the confidentiality of your account credentials. Do not share your password, and notify us immediately if you suspect unauthorized access to your account.

5.3 No Guarantee

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, and you use the Service at your own risk.

6. International Data Transfers

Explrd Ventures LLC is based in the United States. Your information may be transferred to, stored, and processed in the United States or other countries where we or our service providers operate.

These countries may have data protection laws that differ from those of your country of residence. By using the Service, you consent to the transfer of your information to the United States and other countries.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on appropriate data transfer mechanisms such as Standard Contractual Clauses (SCCs) when transferring personal data outside these regions.

7. Cookies and Tracking Technologies

7.1 What Are Cookies

Cookies are small text files stored on your device that help us provide and improve the Service. We use cookies and similar technologies (web beacons, pixels, local storage) to recognize you, remember your preferences, and analyze usage.

7.2 Types of Cookies We Use

• Essential Cookies: Required for the Service to function (e.g., authentication, security)
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how you use the Service
• Marketing Cookies: Track your activity for advertising purposes (with your consent)

7.3 Your Cookie Choices

Most browsers allow you to control cookies through their settings. You can block or delete cookies, but this may affect your ability to use certain features of the Service. Essential cookies cannot be disabled without impacting functionality.

You can opt out of analytics tracking through your account settings or by using browser privacy features like Do Not Track (DNT).

8. Your Privacy Rights

8.1 General Rights

Depending on your location, you may have certain rights regarding your personal information:

• Access: Request access to the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal exceptions)
• Data Portability: Request a copy of your data in a structured, machine-readable format (available through account export features)
• Export: Export your data (QR codes, URLs, landing pages, analytics) while your account is active; 30-day grace period after termination
• Objection: Object to certain processing of your personal information
• Restriction: Request restriction of processing in certain circumstances
• Withdraw Consent: Withdraw consent for processing based on consent (without affecting prior processing)

8.2 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information we collect, use, disclose, and sell
• Right to Delete: Request deletion of personal information we collected from you
• Right to Opt-Out: We do not sell personal information, but you may opt out if practices change
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
• Authorized Agent: You may designate an authorized agent to make requests on your behalf

California "Shine the Light" Law: California residents may request information about disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

8.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@sprykit.com or through your account settings. We will respond to verified requests within the time period required by applicable law (typically 30-45 days).

We may need to verify your identity before processing your request. For security purposes, we may request additional information to confirm your identity.

9. Children's Privacy

The Service is not directed to individuals under the age of 18, and we do not knowingly collect personal information from children under 18. If you are under 18, do not use the Service or provide any information to us.

If we learn that we have collected personal information from a child under 18, we will delete that information as quickly as possible. If you believe we have collected information from a child under 18, please contact us immediately at privacy@sprykit.com.

10. Third-Party Links and Services

The Service may contain links to third-party websites, applications, or services that are not owned or controlled by us. We are not responsible for the privacy practices of these third parties.

When you click on a QR code or shortened link, you may be redirected to a third-party destination. This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated Privacy Policy on this page and update the "Last Updated" date.

If we make material changes, we will provide notice through the Service, by email, or other appropriate means before the changes become effective. Your continued use of the Service after the effective date constitutes acceptance of the updated Privacy Policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For California residents: You may also contact us to request information about our compliance with California privacy laws.