Legal
Privacy Policy
Last updated: 2026-07-05
On this page
- 1. Overview
- 2. Who is responsible for what
- 3. Information we collect from merchants
- 4. Information we process about end customers
- 5. How we use information
- 6. How we share information
- 7. Marketing site analytics
- 8. Data retention
- 9. Security
- 10. Your rights
- 11. International transfers
- 12. Children
- 13. Changes to this policy
- 14. Contact us
1. Overview
This Privacy Policy explains how 1ClickTrust ("we", "us") collects, uses, and shares information when you use our website and software platform ("Service").
Last updated: 2026-07-05.
2. Who is responsible for what
We act as the data controller for merchant account information (business owners who sign up for 1ClickTrust).
When merchants use feedback or loyalty features, merchants are the data controllers for their customers' personal information. We process that customer data on the merchant's behalf to deliver the Service.
End customers (guests who scan a QR code) generally interact with a merchant's store page and do not create a 1ClickTrust account.
3. Information we collect from merchants
- Account data: email address, password (stored securely by our auth provider), and billing market.
- Business data: store names, Google Place IDs, review settings, loyalty configuration, branding assets (Pro), and subscription status.
- Billing data: plan tier, Stripe customer ID (global market), and payment-related metadata.
- Usage data: dashboard activity, API requests, and aggregated analytics about your stores.
4. Information we process about end customers
When a guest scans a merchant's QR code, we may process:
- Star ratings and optional feedback comments submitted to the merchant's private inbox.
- Technical data for anti-spam and security: IP address (hashed where applicable), browser user-agent, and device fingerprint stored in local storage for loyalty continuity.
- Phone numbers for optional loyalty programs, encrypted at rest (AES-256-GCM), collected only with explicit consent and shared with the merchant operating that store.
- Consent records: timestamp and version when a guest joins a loyalty program.
- Cloudflare Turnstile tokens for bot verification (not stored long-term).
5. How we use information
- Provide, secure, and improve the Service.
- Deliver feedback to merchant inboxes and operate loyalty stamp programs.
- Process subscriptions and send transactional emails (confirmations, password reset).
- Prevent abuse through rate limits, honeypots, and duplicate detection.
- Show aggregated analytics to merchants (scan counts, funnel metrics). No guest PII in merchant analytics exports beyond what merchants access in loyalty tools.
7. Marketing site analytics
Our public marketing pages (landing and pricing) may use analytics tools such as Google Analytics 4 and Vercel Analytics. Optional Microsoft Clarity may be enabled in production. These tools may set cookies on marketing pages only. Merchant dashboards, public review pages (/r/*), activation pages, and kiosk flows do not load marketing analytics scripts.
8. Data retention
- Merchant account data is kept while your account is active and as needed for legal obligations.
- Free plan feedback inbox history may be limited (for example, 30 days). Upgraded plans retain data according to plan features.
- Loyalty and audit logs are retained to operate programs and meet security requirements.
9. Security
We use industry-standard measures including encryption for loyalty phone numbers at rest, row-level database isolation between tenants, and httpOnly cookies for merchant sessions.
No method of transmission or storage is 100% secure. Report concerns to 1clicktrust.admin@gmail.com.
10. Your rights
Merchants may access, update, or delete account data through the dashboard or by contacting 1clicktrust.admin@gmail.com.
Guests who shared personal data through a merchant's store should contact that merchant first. Merchants can export or delete loyalty data through dashboard tools. We assist merchants with processor obligations when required.
Depending on your location, you may have rights under Vietnam's Personal Data Protection Decree (NĐ 13/2023), the Australian Privacy Act 1988, or other applicable laws.
11. International transfers
We and our subprocessors may process data in countries other than yours. We take steps to protect data in line with applicable law when data crosses borders.
12. Children
The Service is not directed at children under 16. We do not knowingly collect personal information from children.
13. Changes to this policy
We may update this Privacy Policy. We will revise the last updated date and notify merchants of material changes by email or in the dashboard.
14. Contact us
Data controller: 1ClickTrust
Address: our registered business address (contact us for details)
Email: 1clicktrust.admin@gmail.com