Effective date: May 28, 2026
We collect information you provide directly, data generated automatically when you use the platform, and data from third-party integrations. The categories below describe what we collect and why.
When you register for a Helptag account, we collect the information you provide, which includes:
When you create a QR tag, you may voluntarily provide any combination of the following information. This data is stored on our servers and served to people who scan your QR tag, according to your visibility settings:
We treat QR tag content — especially medical data and contact information — as sensitive personal information and apply appropriate access controls and encryption accordingly.
Every time someone scans one of your QR tags, we automatically record a scan event. The data collected per scan includes:
When you use the platform, we automatically collect data about your interactions, including:
All payment transactions are processed by Razorpay. We do not store card numbers, UPI credentials, bank account details, or other sensitive payment instrument data on our servers. We retain the following payment-related records for accounting, compliance, and dispute resolution purposes:
If you contact our support team by email or through an in-platform form, we retain the content of those communications — including your name, email address, and the details of your inquiry — for quality assurance, training, and compliance purposes.
We use cookies, session tokens, and similar tracking technologies to maintain your authenticated session and to understand how users interact with the platform. Please see Section 6 (Cookies & Session Management) for full details.
By default, QR tags are set to Public. A public QR tag can be scanned and viewed by anyone with a compatible device and internet access — no Helptag account or login is required. This setting is designed for emergency use cases where accessibility is paramount (e.g., medical tags, vehicle tags, or child safety tags). The information you include on a public tag will be visible to any person who scans it.
You may switch any QR tag to Private. When set to private, a valid Helptag account login is required to view the tag's contents. The scanner will be prompted to log in before any information is displayed. This setting is recommended for organizational use, controlled access scenarios, or when you want to limit who can access your information.
You have complete control over what information is included on each of your QR tags. No field is mandatory (except a tag label for your own reference). We encourage you to adopt a principle of minimum necessary disclosure: include only the information that is genuinely useful in the context for which the tag is intended. For example, a vehicle tag may only need a phone number, while a medical emergency tag may need blood type and allergy information.
When you delete a QR tag, the associated content is immediately removed from the public-facing scan page. Any QR code sticker or print bearing that tag's URL will no longer display any information and will return an error or not-found page. Scan log records associated with the deleted tag may be retained for up to 12 months in accordance with our data retention schedule.
If your account is deactivated or your subscription expires, your QR tags may be temporarily or permanently deactivated and rendered unscannable. We recommend keeping your account and subscription active if your tags are deployed for safety-critical purposes.
We use the information we collect primarily to provide and operate the Services. This includes: creating and hosting your QR tags, serving tag content to scanners, processing payments, managing your subscription, and delivering scan notifications.
We use your account information to authenticate you, manage your profile, process transactions, provide account recovery, and respond to your support inquiries.
We use scan event data and your notification preferences to send you real-time alerts when your QR tags are scanned. You can configure the type and frequency of notifications from your account settings, including enabling or disabling email and in-app notifications.
We analyze usage patterns, IP addresses, and behavioral signals to detect and prevent unauthorized access, account takeover, fraudulent purchases, spam creation, and platform abuse. This processing is necessary for the legitimate interest of protecting our platform and its users.
We use aggregated and anonymized usage data to understand how the platform is used, identify performance bottlenecks, diagnose bugs, and guide the development of new features. This data does not identify individual users.
We process and retain certain data as required by applicable Indian law, including obligations under the Information Technology Act, 2000, the IT (SPDI) Rules, 2011, the Digital Personal Data Protection Act, 2023, and applicable tax and financial regulations including GST compliance.
With your explicit consent (obtained at registration or via your account settings), we may send you product announcements, feature updates, and promotional offers by email. You may withdraw this consent at any time by clicking the "unsubscribe" link in any marketing email or by updating your preferences in account settings. Withdrawing consent will not affect any processing carried out before withdrawal.
We may use retained transaction data, account history, and communication records to investigate and resolve billing disputes, chargeback claims, or legal proceedings.
Every scan of a QR tag belonging to your account generates a log record accessible to you through your account dashboard. Each log entry contains:
You may enable real-time scan alerts through your notification settings. When enabled, you will receive an email or in-app push notification shortly after each scan. Notification delivery is best-effort and may occasionally be delayed due to network conditions or email provider filtering. Helptag does not guarantee the delivery of any individual notification.
If a QR tag is scanned by an unregistered visitor (someone not logged in to Helptag), we do not share any personally identifying information about that individual with the tag owner. The scan log will reflect the time, device type, and approximate location, but will not identify the specific individual who performed the scan.
If a registered Helptag user scans your QR tag while logged in, their Helptag user ID may be recorded in the scan log and may be visible to you as the tag owner. This feature is designed to promote accountability and to deter misuse of QR tag data. Registered users are made aware of this policy at the time of account creation.
If we detect an unusually high volume of scans from a single IP address or geographic region, we may automatically throttle further scans from that source to prevent abuse. We may also alert the tag owner of the anomaly.
We retain different categories of personal data for different periods based on the purpose of collection and our legal obligations. The table below summarizes our standard retention schedule:
| Data Category | Retention Period | Basis |
|---|---|---|
| Account information (name, email, username) | Until account deletion + 30 days | Service operation |
| QR tag content | Until tag deletion + 7 days | Service operation |
| Scan logs | 12 months from date of scan | Analytics & security |
| Payment & transaction records | 7 years | Financial & tax compliance |
| Support communications | 2 years from last interaction | Customer service |
| Server access logs | 90 days | Security monitoring |
| Marketing consent records | Duration of consent + 3 years | Legal compliance |
| Deleted account data | 30 days post-deletion (then purged) | Recovery & dispute window |
Following the retention period, data is deleted from production systems or irreversibly anonymized. Note that some data may persist in encrypted backup systems for up to 30 additional days after deletion from production, after which it is purged from backups as well.
You may request early deletion of your personal data by submitting a deletion request to hello@helptag.org. We will honor such requests to the extent permitted by our legal retention obligations (e.g., financial records cannot be deleted early due to GST and tax compliance requirements).
To deliver and operate the Services, Helptag engages trusted third-party service providers. Each provider processes data only as necessary to fulfill their contracted function and operates under their own privacy policy and data processing terms.
| Provider / Category | Purpose | Data Shared |
|---|---|---|
| Razorpay (Payment Gateway) | Payment processing & subscription billing | Name, email, transaction details |
| Cloudflare R2 / AWS S3 (Object Storage) | Profile images and file uploads | Uploaded image files |
| MongoDB Atlas (Database) | Hosted database for all platform data | All stored user and QR data |
| SMTP Email Provider | Transactional emails, scan alerts, notifications | Email address, notification content |
| Cloud Hosting / CDN Provider | Platform infrastructure and content delivery | Server logs, request metadata |
Helptag enters into data processing agreements (DPAs) with third-party providers where required by applicable law. We conduct periodic reviews of our vendors to ensure continued compliance with our privacy and security standards.
We encourage you to review the privacy policies of these third-party providers, as their data handling practices may differ from ours. Helptag is not responsible for the privacy practices of third-party services once data leaves our control in accordance with an authorized processing purpose.
Helptag does not sell, rent, lease, or trade your personal information — including QR tag content, scan data, or account details — to any third parties for their own marketing, advertising, or commercial purposes. This is a core principle we do not compromise on.
We share data with trusted service providers as described in Section 7, strictly to the extent necessary for them to perform services on our behalf. These providers are contractually prohibited from using your data for any purpose other than the specific service they provide to Helptag.
Helptag may disclose personal data when required to do so by applicable law, court order, subpoena, or valid governmental authority request. We will notify you of such requests to the extent permitted by law, unless notification is prohibited (e.g., under a non-disclosure order). We review all legal requests carefully and will only comply to the extent legally required.
In the event of a merger, acquisition, asset sale, restructuring, or other corporate transaction involving Helptag, personal data may be transferred as part of that transaction. We will notify affected users via email or a prominent in-app notice at least 30 days before any such transfer. Users will have the option to request deletion of their account and data prior to the transfer.
We may disclose personal data to protect the rights, property, safety, or legal interests of Helptag, our users, or the public — including for purposes of fraud prevention, abuse investigation, or imminent harm prevention — where such disclosure is consistent with applicable law.
We may publish, share, or use aggregated, de-identified, or anonymized data (which cannot reasonably be used to identify you) for research, analytics, benchmarking, or marketing purposes. This type of data sharing does not constitute disclosure of personal information.
We implement a layered set of security controls to protect your personal data:
Internal security practices include employee data handling training, confidentiality obligations for personnel with data access, and procedures for managing security incidents.
In the event of a security breach that affects your personal data and creates a likely risk to your rights or freedoms, we will notify you and relevant supervisory authorities within the timeframes required by applicable law. The notification will include a description of the nature of the breach, the categories of data affected, the likely consequences, and the measures taken or proposed.
Despite our best efforts, no data transmission over the internet or electronic storage system is perfectly secure. You use the Services and store personal data at your own risk. We encourage you to use a strong, unique password, enable two-factor authentication if available, and promptly report any suspicious activity on your account to hello@helptag.org.
Depending on your location and applicable law, you may have some or all of the following rights regarding your personal data. We are committed to honoring these rights in a timely and transparent manner.
You may request a copy of the personal data we hold about you, including your account information, QR tag content, and scan log records. We will provide this data in a readable format within 30 days of a verified request.
You may update or correct inaccurate personal data directly through your account settings at any time. If you need assistance correcting data that you cannot edit yourself, contact us and we will make the correction within a reasonable timeframe.
You may request the deletion of your account and all associated personal data. We will process this request within 30 days, subject to our legal retention obligations. Some data categories (such as financial transaction records) may be retained beyond this period as required by law.
You may request an export of your personal data in a structured, machine-readable format (such as JSON or CSV). This includes your account details, QR tag content, and scan log history.
You may object to certain types of data processing — such as processing based on our legitimate interests — or request that we restrict processing of your data in specific circumstances (for example, while a correction request is pending).
Where data processing is based on your consent (such as marketing communications), you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing that occurred before the withdrawal.
To exercise any of the rights described above, please send a request to hello@helptag.org. We will acknowledge your request within 72 hours and respond substantively within 30 days. We may require you to verify your identity before processing your request.
Helptag is not directed at, and we do not knowingly collect personal information from, children under the age of 13. Our Terms of Service prohibit children under 13 from creating accounts, and we do not design our platform with children under 13 as an intended audience.
If we become aware that we have inadvertently collected personal information from a child under the age of 13 without verifiable parental consent, we will take prompt steps to delete that data from our systems.
Parents, guardians, or other individuals who have reason to believe that a child under the age of 13 has provided personal information to Helptag are encouraged to contact us immediately at hello@helptag.org so that we can take appropriate action.
For users between 13 and 17, use of the platform is only permitted with verifiable parental or legal guardian consent, and the guardian assumes responsibility for overseeing the minor's use of the Services and any personal data stored therein.
Our data practices are designed to comply with India's applicable data protection framework, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and the Digital Personal Data Protection Act, 2023 ("DPDPA"). We act as a Data Fiduciary with respect to data collected directly from users in India, and engage Data Processors (third-party vendors) under appropriate agreements.
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation ("GDPR") or equivalent legislation. Our legal bases for processing personal data include:
EEA users may lodge a complaint with their local supervisory authority (data protection authority) if they believe their rights under the GDPR have been violated.
Helptag's infrastructure is primarily hosted in data centers located in India and/or regions that provide adequate data protection. In cases where personal data is transferred outside of India or the EEA to countries without an adequacy determination, we apply appropriate safeguards such as standard contractual clauses (SCCs) or binding corporate rules, in accordance with applicable law.
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to deletion, and the right to opt out of the sale of personal information (which Helptag does not engage in). To exercise your California rights, contact us at hello@helptag.org.
We may update this Privacy Policy periodically to reflect changes in our data practices, legal requirements, or platform features. When we do, we will revise the "Effective Date" at the top of this page.
For material changes — such as new categories of data collection, new sharing arrangements, or significant changes to your rights — we will provide at least 14 days' advance notice via email to your registered address or via a prominent in-app notification.
Minor changes, such as editorial corrections, clarifications of existing practices, or updates to contact information, may be made without specific individual notice, though the "Effective Date" will always reflect the most recent revision.
Your continued use of the Services after the effective date of any revised Privacy Policy constitutes your acknowledgment and acceptance of the updated practices. If you do not agree with the revised Policy, you should stop using the Services and may request deletion of your account.
This Privacy Policy is governed by and construed in accordance with the laws of India, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023. Any disputes arising from or relating to this Policy or Helptag's data handling practices shall be subject to the exclusive jurisdiction of the competent courts in Mumbai.
Users in the EEA retain the right to bring data protection complaints before their local supervisory authority in addition to or instead of pursuing action in Indian courts. We are committed to cooperating with all relevant data protection authorities and resolving complaints in good faith.
If you have any questions, concerns, or requests relating to this Privacy Policy or our data handling practices, please contact us using the channels below.
Name
Helptag Team
hello@helptag.org — Response within 2 business days
Phone
+91 9004040712 — Mon – Sat
Website
Grievance Officer (as required under Indian IT Rules)
Email: hello@helptag.org
Response time: Within 30 days of receipt
We take all privacy concerns seriously and are committed to resolving any inquiry in a timely, fair, and transparent manner.
