Privacy Policy

Last updated: April 28, 2026

IT-Systems ("we", "our") operates the QR IT-Systems mobile application and the website qr.it-systems.es (the "Service"). This policy describes how we collect, use, and protect your personal information in accordance with the General Data Protection Regulation (GDPR).

Data Controller

IT-Systems, based in Spain. Contact email: privacy@it-systems.es

Data We Collect

• Account data: name, email address, username, and encrypted password when you register.
• Device data: device model, operating system, app version, and push notification token (APNS) to send you alerts.
• Scan data: IP address (anonymized for statistics), user agent (browser and OS), date and time, and HTTP referrer when someone scans your QR codes.
• Payment data: transactions are processed entirely by the Apple App Store. We do not store card numbers or bank details.
• Social login: if you use Google or Apple Sign-In, we receive your email and public name. We do not access your contacts or post on your behalf.

Purpose of Processing

• Manage your account and authenticate you to the Service.
• Provide you with scan statistics for your QR codes.
• Send you push notifications about scans, plan expiry, and weekly summaries based on your preferences.
• Process and verify your in-app purchases.
• Improve and maintain the security of the Service.

Legal Basis

We process your data based on: (a) performance of the service contract, (b) your consent for push notifications and optional communications, (c) our legitimate interest in improving the Service and preventing fraud.

Data Sharing

We do not sell or transfer your personal data to third parties. We only share data with:

• Apple Inc.: to process purchases and manage push notifications (APNS).
• Google LLC: if you use Google Sign-In for authentication.
• Hosting provider: our servers are located in the European Union.

Data Retention

We retain your data while you maintain an active account. Scan data is retained for 24 months. If you delete your account, all your personal data is erased within a maximum of 30 days.

Your Rights

Under the GDPR, you have the right to:

• Access: obtain a copy of your personal data.
• Rectification: correct inaccurate data from your profile or upon request.
• Erasure: delete your account and all your data from the app or by contacting us.
• Portability: export your data in a structured format using the "Export my data" feature.
• Objection and restriction: object to processing or request its restriction by contacting us.
• Withdraw consent: disable push notifications from the app at any time.

To exercise your rights, contact: privacy@it-systems.es. You may also file a complaint with the Spanish Data Protection Agency (AEPD).

Cookies

The website uses strictly necessary session cookies for authentication. We do not use tracking or advertising cookies.

Security

We implement technical and organizational measures to protect your data: HTTPS encryption on all communications, secure password storage with bcrypt, JWT tokens with expiration, and secure credential storage on the device.

Children

The Service is not intended for children under 16. We do not knowingly collect data from children under this age.

Changes to This Policy

We reserve the right to modify this policy. We will publish any changes on this page and, if significant, notify you through the application.

Contact

If you have questions about this privacy policy, you can contact us at: privacy@it-systems.es