Privacy Policy

1. Introduction

SnapTapQR ("we," "us," or "our") operates the SnapTapQR platform, including the website at snaptapqr.com, the partner dashboard at partners.snaptapqr.com, and QR hub pages at hub.snaptapqr.com. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our services.

2. Information We Collect

We collect the following types of information:

• Account Information: When business partners register, we collect name, email address, phone number, and business details.
• Customer Information: When end users interact with a hub page (e.g., submitting a lead form, booking a birthday party), we collect name, email address, phone number, and any information voluntarily provided.
• Mobile Phone Number: We collect mobile phone numbers in two contexts: (a) when end users call a business phone number powered by SnapTapQR and the call is missed, for the purpose of sending missed call text-back follow-ups and customer service communications; and (b) when an existing customer of a SnapTapQR business partner voluntarily provides their phone number to that business in the course of a service interaction (such as intake, scheduling, quoting, invoicing, or post-service follow-up). Numbers collected in context (b) may be used by the business to send the customer transactional and service-related text messages directly tied to the customer's service or business relationship with that business — such as appointment reminders, technician ETAs, schedule changes, status updates, quote follow-ups, inspection reports, post-service receipts, annual maintenance reminders, and review requests for completed work. For occasional promotional messages not tied to a specific service interaction (such as special offers, customer appreciation, and events), the customer must additionally provide express written consent through one of the methods described in Section 4. SnapTapQR does not facilitate cold outreach, prospecting, purchased lead lists, or messaging to individuals who are not already customers of the sending business.
• SMS Opt-In Records: We collect and store records of SMS consent including the phone number, consent timestamp, the exact disclosure text shown to the user, and the consent method (SMS keyword reply or written consent collected at point of service) for compliance purposes.
• SMS and Text Message Data: We collect and store the content of text messages exchanged through our missed call text-back system for the purpose of facilitating communication between the business and the caller.
• Usage Data: We collect analytics data including QR code scans, page views, button clicks, and engagement metrics. This data is used to provide analytics to business partners.
• Payment Information: Payment processing is handled by Stripe. We do not store credit card numbers or payment credentials on our servers.

3. How We Use Your Information

• To provide and operate the SnapTapQR platform, including hub pages, analytics, and lead management tools.
• To send a single consent request text message to callers who miss a call to a business using our missed call text-back feature. Additional messages are sent only after the caller replies to consent.
• To enable business partners to send text messages to their existing customers regarding the customer's service or business relationship with that partner. Such messages include (1) transactional and service-related communications such as appointment reminders, technician ETAs, schedule changes, quote follow-ups, inspection reports, status updates, post-service receipts, annual maintenance reminders, and review requests for completed work, sent under the customer's prior express consent established when the number was voluntarily provided during a service interaction; and (2) occasional promotional messages such as special offers, customer appreciation, and events, sent only to customers who have provided additional express written consent. Each business sends only to its own existing customers using its own assigned 10DLC phone number. SnapTapQR does not facilitate cold outreach, prospecting, purchased lead lists, or messaging to individuals who are not already customers of the sending business.
• To facilitate AI-assisted conversations between businesses and their customers via SMS.
• To send review request follow-ups after a service interaction is resolved.
• To send transactional emails to business partners (lead alerts, account notifications).
• To generate analytics and reporting for business partners about their customer engagement.
• To process payments and manage subscriptions.

4. SMS and Mobile Information Policy

This section specifically addresses how we handle mobile phone numbers and SMS communications:

• No mobile information will be shared with third parties or affiliates for marketing or promotional purposes.
• Mobile phone numbers collected through our missed call text-back system are used solely for the purpose of facilitating communication between the calling customer and the business they called.
• SMS opt-in data and consent records are not sold, rented, or shared with any third party.
• All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
• Text messages are sent in two contexts: (a) the missed call text-back program, where messages facilitate the specific interaction initiated by the caller (missed call follow-up, conversation, and one-time review request); and (b) the Business Partner Direct Messaging Program, where business partners send messages to their own existing customers about the customer's service or business relationship, along with occasional promotional messages where additional consent has been provided. Promotional messages under this program are sent only to existing customers of the sending business — never to cold leads, prospects, or purchased lists.
• SMS consent under the Business Partner Direct Messaging Program operates on a two-tier model. (1) Transactional and service-related messages directly tied to the customer's service or business relationship — such as appointment reminders, technician ETAs, schedule changes, status updates, quote follow-ups, post-service receipts, annual maintenance reminders, and review requests for completed work — are sent under the customer's prior express consent, established when the customer voluntarily provided their phone number to the business during a service interaction. No separate consent step is required for these messages. (2) Promotional messages not tied to a specific service interaction — such as special offers, customer appreciation, and events — require additional consent from the same existing customer, obtained through SMS double opt-in: the business sends a one-time invitation text message to its existing customer reading substantially as follows: "Hi [First Name], this is [Business Name]. We'd like to send you occasional offers and updates. Reply YES to subscribe or STOP to opt out. Msg & data rates may apply. Msg frequency varies." The customer is added to the business's promotional SMS list only if they reply "YES." Under the federal E-SIGN Act, an SMS reply constitutes electronic written consent. Promotional messages are sent only to existing customers of the sending business — never to cold leads, prospects, or purchased lists. Customers may reply STOP at any time, and a STOP reply immediately and permanently halts ALL further messages from that business — both promotional and transactional. STOP requests are honored at the platform level and cannot be overridden by the partner. Consent is not a condition of any purchase or service.
• Existing Customers Only. Business partners may only send recurring SMS messages under this program to their own existing customers — individuals with whom the partner already has a direct prior business relationship.SnapTapQR does not facilitate cold outreach, prospecting, purchased lead lists, or messaging to individuals who are not already customers of the sending business.
• Business-Specific Consent. Consent given to one business partner applies only to that specific business. SMS consent and mobile phone numbers are never shared, sold, transferred, or used across multiple businesses on the platform. Each business partner sends messages only to customers who opted in to that business directly using its own assigned 10DLC number.
• Users can opt out of SMS messages at any time by replying STOP to any message. Once opted out, no further messages will be sent from that business.
• We retain SMS message data for the purpose of providing conversation history to the business partner and for resolving any disputes.

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share information in the following limited circumstances:

• With Business Partners: Customer information (lead form submissions, missed call data, feedback) is shared with the specific business partner whose hub page or phone number the customer interacted with.
• Service Providers: We use third-party services to operate our platform, including Twilio (SMS delivery), Stripe (payment processing), Supabase (data storage), Resend (email delivery), and Anthropic (AI-assisted conversations). These providers process data solely on our behalf and are bound by their own privacy policies.
• Legal Requirements: We may disclose information if required by law, subpoena, or legal process.

All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

6. Data Security

We use industry-standard security measures to protect your data, including encrypted connections (HTTPS/TLS), secure password hashing, and access controls. However, no method of electronic transmission or storage is 100% secure.

7. Data Retention

We retain personal information for as long as necessary to provide our services and fulfill the purposes described in this policy. Business partners can delete customer leads and data through the partner dashboard. Account data is retained until the partner requests account deletion.

8. Your Rights

You have the right to:

• Request access to the personal information we hold about you.
• Request correction or deletion of your personal information.
• Opt out of SMS communications at any time by replying STOP.
• Contact us to request account deletion.

9. Cookies and Analytics

Our marketing website uses Google Analytics (GA4) to understand site traffic and usage patterns. The partner dashboard uses session-based authentication cookies. We do not use third-party advertising cookies or tracking pixels.

10. Children's Privacy

Our services are intended for use by businesses and their adult customers. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of our services after changes constitutes acceptance of the updated policy.

12. Google API Services User Data Policy

SnapTapQR's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

When a business partner connects their Google account to SnapTapQR, we request the following Google API scopes for the features described:

• https://www.googleapis.com/auth/calendar.events.owned — Used to create, update, and delete calendar events that SnapTapQR authored on the partner's Google Calendar, mirroring CRM follow-up tasks so they appear alongside the partner's other commitments. SnapTapQR does not read or modify events created outside our application.
• https://www.googleapis.com/auth/calendar.events.freebusy — Used to read busy/free time ranges from the partner's primary calendar to display a 7-day availability grid in the partner dashboard. We do not read event titles, descriptions, attendees, locations, or any other event details.
• https://www.googleapis.com/auth/business.manage — Used by partners who connect their Google Business Profile to import reviews into the SnapTapQR dashboard and post AI-assisted review responses on the partner's behalf at their request.
• https://www.googleapis.com/auth/userinfo.email — Used to identify which Google account is connected and display that email in the partner dashboard so partners can confirm the connection or switch accounts.

How we use Google user data. Data received from Google APIs is used solely to provide the user-facing features described above. Specifically, SnapTapQR:

• Does not transfer Google user data to third parties except as necessary to provide or improve user-facing features that are prominent in the application's user interface, and only with the user's consent.
• Does not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
• Does not allow humans to read Google user data unless we have the user's affirmative agreement for specific messages, doing so is necessary for security purposes (e.g., investigating abuse), to comply with applicable law, or for SnapTapQR's internal operations and even then only when the data has been aggregated and anonymized.
• Does not sell Google user data.

Storage and retention. Google OAuth access and refresh tokens are stored on our application servers (hosted by our infrastructure providers identified in Section 5) and are used only to call Google APIs on the partner's behalf for the purposes listed above. Calendar event identifiers we create are stored in our database to keep CRM tasks in sync. We do not copy, mirror, or warehouse the contents of the partner's Google Calendar, Google Business Profile, or any other Google service.

Revoking access and deleting data. Partners can disconnect their Google account at any time from the SnapTapQR partner dashboard, which immediately revokes our stored tokens and stops all sync. Partners can also revoke access directly from their Google Account at myaccount.google.com/permissions. To request deletion of any data SnapTapQR obtained via Google APIs, email alerts@snaptapqr.com.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

• Email: alerts@snaptapqr.com
• Website: snaptapqr.com