Legal

Privacy Policy

Effective date: April 12, 2026

1. Information We Collect

We collect information you provide directly, data generated automatically when you use the platform, and data from third-party integrations. The categories below describe what we collect and why.

1.1 Account Information

When you register for a Helptag account, we collect the information you provide, which includes:

  • Full name — used to identify your account and personalize your experience
  • Email address — used for authentication, account recovery, and transactional notifications
  • Username — used as your public profile identifier
  • Password — stored in a hashed, non-reversible format; never stored in plain text
  • Optional profile details — bio, location, website, and profile photograph; used to build your public profile

1.2 QR Tag Content

When you create a QR tag, you may voluntarily provide any combination of the following information. This data is stored on our servers and served to people who scan your QR tag, according to your visibility settings:

  • Full name, date of birth, and gender
  • Primary and secondary phone numbers and email addresses
  • Physical address, including city, state, postal code, and country
  • Medical information: blood type, allergies, chronic conditions, current medications
  • Organization name, contact number, email, and website
  • A profile photograph
  • Custom fields defined by you (label and value pairs)

We treat QR tag content — especially medical data and contact information — as sensitive personal information and apply appropriate access controls and encryption accordingly.

1.3 Scan Activity Data

Every time someone scans one of your QR tags, we automatically record a scan event. The data collected per scan includes:

  • Timestamp of the scan (date and time)
  • IP address of the scanning device
  • Approximate geographic location derived from the IP address (city or region level)
  • Device type classification (mobile, tablet, or desktop) derived from the user-agent string
  • User agent string (browser or app type)
  • Whether the scanner was a registered Helptag user (and if so, their user ID)

1.4 Usage & Interaction Data

When you use the platform, we automatically collect data about your interactions, including:

  • Pages visited, features accessed, and actions taken (e.g., creating or editing a QR tag)
  • Search queries and filter selections
  • Clicks, tap interactions, and navigation flows
  • Browser type and version, operating system, screen resolution, and language settings
  • Referring URL (the page you came from before visiting Helptag)
  • Session duration and frequency of visits

1.5 Payment & Billing Data

All payment transactions are processed by Razorpay. We do not store card numbers, UPI credentials, bank account details, or other sensitive payment instrument data on our servers. We retain the following payment-related records for accounting, compliance, and dispute resolution purposes:

  • Razorpay order ID and payment ID
  • Amount charged, currency, and transaction status
  • Plan type and subscription period
  • Date and time of each transaction
  • Billing name and email address associated with the payment

1.6 Support Communications

If you contact our support team by email or through an in-platform form, we retain the content of those communications — including your name, email address, and the details of your inquiry — for quality assurance, training, and compliance purposes.

1.7 Cookies & Automatically Collected Data

We use cookies, session tokens, and similar tracking technologies to maintain your authenticated session and to understand how users interact with the platform. Please see Section 6 (Cookies & Session Management) for full details.

2. QR Content & Visibility Controls

2.1 Public QR Tags

By default, QR tags are set to Public. A public QR tag can be scanned and viewed by anyone with a compatible device and internet access — no Helptag account or login is required. This setting is designed for emergency use cases where accessibility is paramount (e.g., medical tags, vehicle tags, or child safety tags). The information you include on a public tag will be visible to any person who scans it.

2.2 Private QR Tags

You may switch any QR tag to Private. When set to private, a valid Helptag account login is required to view the tag's contents. The scanner will be prompted to log in before any information is displayed. This setting is recommended for organizational use, controlled access scenarios, or when you want to limit who can access your information.

2.3 Selective Disclosure

You have complete control over what information is included on each of your QR tags. No field is mandatory (except a tag label for your own reference). We encourage you to adopt a principle of minimum necessary disclosure: include only the information that is genuinely useful in the context for which the tag is intended. For example, a vehicle tag may only need a phone number, while a medical emergency tag may need blood type and allergy information.

2.4 Tag Deletion & Access Revocation

When you delete a QR tag, the associated content is immediately removed from the public-facing scan page. Any QR code sticker or print bearing that tag's URL will no longer display any information and will return an error or not-found page. Scan log records associated with the deleted tag may be retained for up to 12 months in accordance with our data retention schedule.

2.5 Account Deactivation & Tag Status

If your account is deactivated or your subscription expires, your QR tags may be temporarily or permanently deactivated and rendered unscannable. We recommend keeping your account and subscription active if your tags are deployed for safety-critical purposes.

3. How We Use Your Data

3.1 Service Delivery

We use the information we collect primarily to provide and operate the Services. This includes: creating and hosting your QR tags, serving tag content to scanners, processing payments, managing your subscription, and delivering scan notifications.

3.2 Account Management

We use your account information to authenticate you, manage your profile, process transactions, provide account recovery, and respond to your support inquiries.

3.3 Notifications & Alerts

We use scan event data and your notification preferences to send you real-time alerts when your QR tags are scanned. You can configure the type and frequency of notifications from your account settings, including enabling or disabling email and in-app notifications.

3.4 Safety & Security

We analyze usage patterns, IP addresses, and behavioral signals to detect and prevent unauthorized access, account takeover, fraudulent purchases, spam creation, and platform abuse. This processing is necessary for the legitimate interest of protecting our platform and its users.

3.5 Platform Improvement

We use aggregated and anonymized usage data to understand how the platform is used, identify performance bottlenecks, diagnose bugs, and guide the development of new features. This data does not identify individual users.

3.6 Legal & Regulatory Compliance

We process and retain certain data as required by applicable Indian law, including obligations under the Information Technology Act, 2000, the IT (SPDI) Rules, 2011, the Digital Personal Data Protection Act, 2023, and applicable tax and financial regulations including GST compliance.

3.7 Marketing & Promotional Communications

With your explicit consent (obtained at registration or via your account settings), we may send you product announcements, feature updates, and promotional offers by email. You may withdraw this consent at any time by clicking the "unsubscribe" link in any marketing email or by updating your preferences in account settings. Withdrawing consent will not affect any processing carried out before withdrawal.

3.8 Dispute Resolution

We may use retained transaction data, account history, and communication records to investigate and resolve billing disputes, chargeback claims, or legal proceedings.

4. Scan Logs & Notifications

4.1 What Scan Logs Contain

Every scan of a QR tag belonging to your account generates a log record accessible to you through your account dashboard. Each log entry contains:

  • Date and time of the scan
  • Approximate location (city/region level, derived from the scanner's IP address)
  • Device type (mobile, tablet, or desktop)
  • Whether the scanner was logged in as a Helptag user
  • The specific QR tag that was scanned

4.2 Real-Time Alert Notifications

You may enable real-time scan alerts through your notification settings. When enabled, you will receive an email or in-app push notification shortly after each scan. Notification delivery is best-effort and may occasionally be delayed due to network conditions or email provider filtering. Helptag does not guarantee the delivery of any individual notification.

4.3 Anonymous Scanner Privacy

If a QR tag is scanned by an unregistered visitor (someone not logged in to Helptag), we do not share any personally identifying information about that individual with the tag owner. The scan log will reflect the time, device type, and approximate location, but will not identify the specific individual who performed the scan.

4.4 Registered Scanner Accountability

If a registered Helptag user scans your QR tag while logged in, their Helptag user ID may be recorded in the scan log and may be visible to you as the tag owner. This feature is designed to promote accountability and to deter misuse of QR tag data. Registered users are made aware of this policy at the time of account creation.

4.5 Bulk Scan Anomalies

If we detect an unusually high volume of scans from a single IP address or geographic region, we may automatically throttle further scans from that source to prevent abuse. We may also alert the tag owner of the anomaly.

5. Data Retention Periods

We retain different categories of personal data for different periods based on the purpose of collection and our legal obligations. The table below summarizes our standard retention schedule:

Data CategoryRetention PeriodBasis
Account information (name, email, username)Until account deletion + 30 daysService operation
QR tag contentUntil tag deletion + 7 daysService operation
Scan logs12 months from date of scanAnalytics & security
Payment & transaction records7 yearsFinancial & tax compliance
Support communications2 years from last interactionCustomer service
Server access logs90 daysSecurity monitoring
Marketing consent recordsDuration of consent + 3 yearsLegal compliance
Deleted account data30 days post-deletion (then purged)Recovery & dispute window

Following the retention period, data is deleted from production systems or irreversibly anonymized. Note that some data may persist in encrypted backup systems for up to 30 additional days after deletion from production, after which it is purged from backups as well.

You may request early deletion of your personal data by submitting a deletion request to hello@helptag.org. We will honor such requests to the extent permitted by our legal retention obligations (e.g., financial records cannot be deleted early due to GST and tax compliance requirements).

6. Cookies & Session Management

6.1 Essential Cookies & Session Tokens

We use cookies and secure session tokens to maintain your authenticated state across browser sessions. These are strictly necessary for the platform to function and cannot be disabled without impairing your ability to log in or use core features. These tokens are signed and encrypted, and carry a defined expiration period.

6.2 Preference Cookies

We use cookies to remember your user preferences, such as selected display mode (light or dark theme), language selection, and notification settings. These preferences are stored locally and synchronized with your account when you are logged in.

6.3 Analytics

We may use server-side or privacy-preserving client-side analytics tools to measure aggregate traffic patterns, feature adoption, and platform performance. Where client-side analytics are used, we minimize data collection and do not build individual user profiles for advertising purposes.

6.4 No Third-Party Advertising Trackers

Helptag does not use third-party advertising networks, cross-site tracking pixels, or interest-based advertising technologies. We do not sell your personal data, behavioral data, or browsing history to advertisers or data brokers.

6.5 Cookie Management

You can control and manage cookie behavior through your browser settings. Most browsers allow you to block, delete, or restrict cookies. Please note that disabling essential cookies will prevent you from logging in and using core features of the platform. For instructions on managing cookies in your specific browser, refer to your browser's help documentation.

7. Third-Party Services

To deliver and operate the Services, Helptag engages trusted third-party service providers. Each provider processes data only as necessary to fulfill their contracted function and operates under their own privacy policy and data processing terms.

Provider / CategoryPurposeData Shared
Razorpay (Payment Gateway)Payment processing & subscription billingName, email, transaction details
Cloudflare R2 / AWS S3 (Object Storage)Profile images and file uploadsUploaded image files
MongoDB Atlas (Database)Hosted database for all platform dataAll stored user and QR data
SMTP Email ProviderTransactional emails, scan alerts, notificationsEmail address, notification content
Cloud Hosting / CDN ProviderPlatform infrastructure and content deliveryServer logs, request metadata

Helptag enters into data processing agreements (DPAs) with third-party providers where required by applicable law. We conduct periodic reviews of our vendors to ensure continued compliance with our privacy and security standards.

We encourage you to review the privacy policies of these third-party providers, as their data handling practices may differ from ours. Helptag is not responsible for the privacy practices of third-party services once data leaves our control in accordance with an authorized processing purpose.

8. Data Sharing & Disclosure

8.1 We Do Not Sell Your Data

Helptag does not sell, rent, lease, or trade your personal information — including QR tag content, scan data, or account details — to any third parties for their own marketing, advertising, or commercial purposes. This is a core principle we do not compromise on.

8.2 Service Providers

We share data with trusted service providers as described in Section 7, strictly to the extent necessary for them to perform services on our behalf. These providers are contractually prohibited from using your data for any purpose other than the specific service they provide to Helptag.

8.3 Legal Requirements

Helptag may disclose personal data when required to do so by applicable law, court order, subpoena, or valid governmental authority request. We will notify you of such requests to the extent permitted by law, unless notification is prohibited (e.g., under a non-disclosure order). We review all legal requests carefully and will only comply to the extent legally required.

8.4 Business Transfers

In the event of a merger, acquisition, asset sale, restructuring, or other corporate transaction involving Helptag, personal data may be transferred as part of that transaction. We will notify affected users via email or a prominent in-app notice at least 30 days before any such transfer. Users will have the option to request deletion of their account and data prior to the transfer.

8.5 Protection of Rights & Safety

We may disclose personal data to protect the rights, property, safety, or legal interests of Helptag, our users, or the public — including for purposes of fraud prevention, abuse investigation, or imminent harm prevention — where such disclosure is consistent with applicable law.

8.6 Aggregated & Anonymized Data

We may publish, share, or use aggregated, de-identified, or anonymized data (which cannot reasonably be used to identify you) for research, analytics, benchmarking, or marketing purposes. This type of data sharing does not constitute disclosure of personal information.

9. Data Security

9.1 Technical Security Measures

We implement a layered set of security controls to protect your personal data:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS)
  • Encryption at rest: Sensitive data fields are encrypted in the database using industry-standard algorithms
  • Password security: Passwords are hashed using a strong, salted algorithm (bcrypt or equivalent) and are never stored in plain text
  • Access controls: Internal access to production systems and user data is restricted to authorized personnel on a need-to-know basis
  • API rate limiting: The QR scan API and authentication endpoints are rate-limited to prevent brute-force attacks
  • Security monitoring: We monitor for anomalous access patterns and potential intrusions on an ongoing basis
  • Dependency management: We conduct regular reviews of third-party dependencies for known vulnerabilities

9.2 Organizational Security Measures

Internal security practices include employee data handling training, confidentiality obligations for personnel with data access, and procedures for managing security incidents.

9.3 Data Breach Notification

In the event of a security breach that affects your personal data and creates a likely risk to your rights or freedoms, we will notify you and relevant supervisory authorities within the timeframes required by applicable law. The notification will include a description of the nature of the breach, the categories of data affected, the likely consequences, and the measures taken or proposed.

9.4 No Absolute Security Guarantee

Despite our best efforts, no data transmission over the internet or electronic storage system is perfectly secure. You use the Services and store personal data at your own risk. We encourage you to use a strong, unique password, enable two-factor authentication if available, and promptly report any suspicious activity on your account to hello@helptag.org.

10. Your Rights & Choices

Depending on your location and applicable law, you may have some or all of the following rights regarding your personal data. We are committed to honoring these rights in a timely and transparent manner.

10.1 Right of Access

You may request a copy of the personal data we hold about you, including your account information, QR tag content, and scan log records. We will provide this data in a readable format within 30 days of a verified request.

10.2 Right to Correction

You may update or correct inaccurate personal data directly through your account settings at any time. If you need assistance correcting data that you cannot edit yourself, contact us and we will make the correction within a reasonable timeframe.

10.3 Right to Deletion ("Right to be Forgotten")

You may request the deletion of your account and all associated personal data. We will process this request within 30 days, subject to our legal retention obligations. Some data categories (such as financial transaction records) may be retained beyond this period as required by law.

10.4 Right to Data Portability

You may request an export of your personal data in a structured, machine-readable format (such as JSON or CSV). This includes your account details, QR tag content, and scan log history.

10.5 Right to Object or Restrict Processing

You may object to certain types of data processing — such as processing based on our legitimate interests — or request that we restrict processing of your data in specific circumstances (for example, while a correction request is pending).

10.6 Right to Withdraw Consent

Where data processing is based on your consent (such as marketing communications), you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing that occurred before the withdrawal.

10.7 How to Exercise Your Rights

To exercise any of the rights described above, please send a request to hello@helptag.org. We will acknowledge your request within 72 hours and respond substantively within 30 days. We may require you to verify your identity before processing your request.

11. Children's Privacy

Helptag is not directed at, and we do not knowingly collect personal information from, children under the age of 13. Our Terms of Service prohibit children under 13 from creating accounts, and we do not design our platform with children under 13 as an intended audience.

If we become aware that we have inadvertently collected personal information from a child under the age of 13 without verifiable parental consent, we will take prompt steps to delete that data from our systems.

Parents, guardians, or other individuals who have reason to believe that a child under the age of 13 has provided personal information to Helptag are encouraged to contact us immediately at hello@helptag.org so that we can take appropriate action.

For users between 13 and 17, use of the platform is only permitted with verifiable parental or legal guardian consent, and the guardian assumes responsibility for overseeing the minor's use of the Services and any personal data stored therein.

12. Global Data Protection Standards

12.1 India — DPDPA & IT Rules

Our data practices are designed to comply with India's applicable data protection framework, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and the Digital Personal Data Protection Act, 2023 ("DPDPA"). We act as a Data Fiduciary with respect to data collected directly from users in India, and engage Data Processors (third-party vendors) under appropriate agreements.

12.2 European Users — GDPR

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation ("GDPR") or equivalent legislation. Our legal bases for processing personal data include:

  • Contract performance: Processing necessary to provide the Services you have subscribed to
  • Legitimate interests: Security monitoring, fraud prevention, and platform improvement
  • Legal obligation: Compliance with applicable laws and regulatory requirements
  • Consent: Marketing communications and optional analytics

EEA users may lodge a complaint with their local supervisory authority (data protection authority) if they believe their rights under the GDPR have been violated.

12.3 Cross-Border Data Transfers

Helptag's infrastructure is primarily hosted in data centers located in India and/or regions that provide adequate data protection. In cases where personal data is transferred outside of India or the EEA to countries without an adequacy determination, we apply appropriate safeguards such as standard contractual clauses (SCCs) or binding corporate rules, in accordance with applicable law.

12.4 California Users — CCPA

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to deletion, and the right to opt out of the sale of personal information (which Helptag does not engage in). To exercise your California rights, contact us at hello@helptag.org.

13. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our data practices, legal requirements, or platform features. When we do, we will revise the "Effective Date" at the top of this page.

For material changes — such as new categories of data collection, new sharing arrangements, or significant changes to your rights — we will provide at least 14 days' advance notice via email to your registered address or via a prominent in-app notification.

Minor changes, such as editorial corrections, clarifications of existing practices, or updates to contact information, may be made without specific individual notice, though the "Effective Date" will always reflect the most recent revision.

Your continued use of the Services after the effective date of any revised Privacy Policy constitutes your acknowledgment and acceptance of the updated practices. If you do not agree with the revised Policy, you should stop using the Services and may request deletion of your account.

14. Governing Law & Jurisdiction

This Privacy Policy is governed by and construed in accordance with the laws of India, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023. Any disputes arising from or relating to this Policy or Helptag's data handling practices shall be subject to the exclusive jurisdiction of the competent courts in New Delhi, India.

Users in the EEA retain the right to bring data protection complaints before their local supervisory authority in addition to or instead of pursuing action in Indian courts. We are committed to cooperating with all relevant data protection authorities and resolving complaints in good faith.

15. Contact & Grievances

If you have any questions, concerns, or requests relating to this Privacy Policy or our data handling practices, please contact us using the channels below.

Email

hello@helptag.org — Response within 2 business days

Phone

+91 9004040712 — Mon – Sat

Website

www.helptag.org

Grievance Officer (as required under Indian IT Rules)

Email: hello@helptag.org

Response time: Within 30 days of receipt

We take all privacy concerns seriously and are committed to resolving any inquiry in a timely, fair, and transparent manner.

Helptag