Privacy Notice

Last updated: May 19, 2026

1. Who We Are

LooprQR is operated by Simba Adventures Ltd. ("Simba Adventures", "we", "us", "our"). For the personal data we collect about users of LooprQR, Simba Adventures Ltd. is the data controller.

2. Personal Data We Collect

• Account data: email address, password hash, authentication provider (Google, Apple, etc.) and display information.
• Service data: the QR codes you create, their titles, destination URLs, short slugs, and aggregate scan counts.
• Usage and device data: IP address, browser and device identifiers, request timestamps, and basic telemetry used to operate and improve the Service.
• Support data: the content of any message you send us.
• Billing data: handled by Paddle (see Section 5). We receive only the subscription identifiers and status needed to grant or revoke paid access.

3. Purposes & Legal Bases

• Creating and maintaining your account — performance of a contract.
• Providing the Service (QR redirects, dashboard, scan counts) — performance of a contract.
• Security and fraud prevention — legitimate interests.
• Customer support — performance of a contract / legitimate interests.
• Service improvement and basic analytics — legitimate interests.
• Legal compliance (accounting, responding to lawful requests) — legal obligation.

4. Cookies

We use strictly necessary cookies and local storage to keep you signed in and to remember basic preferences. We do not use advertising cookies. The Paddle checkout iframe may set its own cookies to operate the payment flow — see Paddle's privacy notice for details.

5. Data Sharing

We share personal data only with the following categories of recipients:

• Hosting and infrastructure providers (database, authentication, edge hosting) acting as our processors.
• Paddle.com, our Merchant of Record, for the sale of subscriptions, subscription management, payment processing, tax compliance, invoicing, and customer billing support.
• Professional advisers (legal, accounting) where required to run our business.
• Public authorities where required to comply with applicable law.

6. International Transfers

Where personal data is transferred outside your country of residence, we rely on lawful transfer mechanisms such as Standard Contractual Clauses or adequacy decisions, as applicable.

7. Data Retention

We keep account and Service data for as long as your account is active. If you delete your account, we delete or irreversibly anonymise your personal data within a reasonable period, except where we are required to retain it for legal, tax, or fraud-prevention reasons.

8. Your Rights

Subject to applicable law, you have the right to access, rectify, erase, restrict or object to the processing of your personal data, the right to data portability, and the right to withdraw consent where processing is based on consent. UK/EEA residents also have the right to lodge a complaint with their local supervisory authority. To exercise these rights, contact us through the support channel on your dashboard. We will respond within the timeframe required by law (typically one month).

9. Security

We apply appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, and least-privilege database policies. No system is perfectly secure; please use a strong, unique password.

10. Changes

We may update this notice from time to time. Material changes will be communicated by email or via the Service.

11. Contact

Privacy questions: contact us via the support channel on your dashboard. Billing-related data subject requests can also be sent directly to Paddle at paddle.net.