Legal

Privacy Policy

Last updated: 2026-07-05

On this page
  1. 1. Overview
  2. 2. Who is responsible for what
  3. 3. Information we collect from merchants
  4. 4. Information we process about end customers
  5. 5. How we use information
  6. 6. How we share information
  7. 7. Marketing site analytics
  8. 8. Data retention
  9. 9. Security
  10. 10. Your rights
  11. 11. International transfers
  12. 12. Children
  13. 13. Changes to this policy
  14. 14. Contact us

1. Overview

This Privacy Policy explains how 1ClickTrust ("we", "us") collects, uses, and shares information when you use our website and software platform ("Service").

Last updated: 2026-07-05.

2. Who is responsible for what

We act as the data controller for merchant account information (business owners who sign up for 1ClickTrust).

When merchants use feedback or loyalty features, merchants are the data controllers for their customers' personal information. We process that customer data on the merchant's behalf to deliver the Service.

End customers (guests who scan a QR code) generally interact with a merchant's store page and do not create a 1ClickTrust account.

3. Information we collect from merchants

  • Account data: email address, password (stored securely by our auth provider), and billing market.
  • Business data: store names, Google Place IDs, review settings, loyalty configuration, branding assets (Pro), and subscription status.
  • Billing data: plan tier, Stripe customer ID (global market), and payment-related metadata.
  • Usage data: dashboard activity, API requests, and aggregated analytics about your stores.

4. Information we process about end customers

When a guest scans a merchant's QR code, we may process:

  • Star ratings and optional feedback comments submitted to the merchant's private inbox.
  • Technical data for anti-spam and security: IP address (hashed where applicable), browser user-agent, and device fingerprint stored in local storage for loyalty continuity.
  • Phone numbers for optional loyalty programs, encrypted at rest (AES-256-GCM), collected only with explicit consent and shared with the merchant operating that store.
  • Consent records: timestamp and version when a guest joins a loyalty program.
  • Cloudflare Turnstile tokens for bot verification (not stored long-term).

5. How we use information

  • Provide, secure, and improve the Service.
  • Deliver feedback to merchant inboxes and operate loyalty stamp programs.
  • Process subscriptions and send transactional emails (confirmations, password reset).
  • Prevent abuse through rate limits, honeypots, and duplicate detection.
  • Show aggregated analytics to merchants (scan counts, funnel metrics). No guest PII in merchant analytics exports beyond what merchants access in loyalty tools.

6. How we share information

We share guest feedback and loyalty data with the merchant whose store the guest interacted with.

We use subprocessors to operate the Service:

  • Supabase (authentication and database hosting)
  • Stripe (global subscription payments)
  • Brevo (transactional email)
  • Google (Places API, Maps links, optional review page redirects)
  • Cloudflare (Turnstile bot protection, CDN)
  • Vercel (hosting, analytics, speed insights on marketing pages)

7. Marketing site analytics

Our public marketing pages (landing and pricing) may use analytics tools such as Google Analytics 4 and Vercel Analytics. Optional Microsoft Clarity may be enabled in production. These tools may set cookies on marketing pages only. Merchant dashboards, public review pages (/r/*), activation pages, and kiosk flows do not load marketing analytics scripts.

8. Data retention

  • Merchant account data is kept while your account is active and as needed for legal obligations.
  • Free plan feedback inbox history may be limited (for example, 30 days). Upgraded plans retain data according to plan features.
  • Loyalty and audit logs are retained to operate programs and meet security requirements.

9. Security

We use industry-standard measures including encryption for loyalty phone numbers at rest, row-level database isolation between tenants, and httpOnly cookies for merchant sessions.

No method of transmission or storage is 100% secure. Report concerns to 1clicktrust.admin@gmail.com.

10. Your rights

Merchants may access, update, or delete account data through the dashboard or by contacting 1clicktrust.admin@gmail.com.

Guests who shared personal data through a merchant's store should contact that merchant first. Merchants can export or delete loyalty data through dashboard tools. We assist merchants with processor obligations when required.

Depending on your location, you may have rights under Vietnam's Personal Data Protection Decree (NĐ 13/2023), the Australian Privacy Act 1988, or other applicable laws.

11. International transfers

We and our subprocessors may process data in countries other than yours. We take steps to protect data in line with applicable law when data crosses borders.

12. Children

The Service is not directed at children under 16. We do not knowingly collect personal information from children.

13. Changes to this policy

We may update this Privacy Policy. We will revise the last updated date and notify merchants of material changes by email or in the dashboard.

14. Contact us

Data controller: 1ClickTrust

Address: our registered business address (contact us for details)

Email: 1clicktrust.admin@gmail.com