← Back to home

Legal

Privacy Policy

Last updated: May 18, 2026

See also: Terms & Conditions

The terms "Cliqr," "we," "us," or "our" refer to AlphaQuest Innovate (operating the Cliqr platform at cliqr.shop and related domains). The terms "you" or "your" refer to any user of our websites, dashboards, guest capture flows, APIs, and related services (collectively, the "Service").

Cliqr serves two audiences: venue operators (restaurants, cafés, hotels, and similar hospitality businesses) who use our dashboard, and guests who interact with venue QR codes or links to capture and share content. This Privacy Policy explains how we handle information for both.

By using the Service you agree to the practices described below. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Venue operator accounts. When you register or manage a venue workspace we may collect your name, email address, password (stored in hashed form), team membership, venue details, billing information (processed by payment providers), and communications with support.

1.2 Guest capture data. When a guest scans a venue QR code or opens a campaign link, we may collect:

  • Mobile phone number and verification status (including OTP validation via WhatsApp or SMS where enabled)
  • Photos, videos, and related metadata (dimensions, duration, capture mode, optional display name or social handle)
  • Occasion tags and campaign identifiers
  • Explicit content-licence consent (version, timestamp, and consent text shown at submission)
  • Device and browser technical data (IP address, user agent, approximate locale)

1.3 Connected social accounts. When a venue connects Instagram, Facebook, or other channels, OAuth tokens and profile identifiers are stored by our publishing partner Scheduloid (encrypted at rest). Cliqr requests publish and analytics actions on the venue's behalf; end-users completing provider OAuth never sign in to Scheduloid directly.

1.4 AI and moderation. Guest media may be analysed by automated systems (including third-party vision models) to assess quality, safety, and brand fit before approval. We log moderation scores, labels, and reviewer actions where applicable.

1.5 WhatsApp and messaging. Where enabled, we process guest phone numbers to deliver OTP codes, rewards, and venue-initiated messages in compliance with applicable messaging laws and platform policies. Message delivery status may be logged.

1.6 Automatically collected data. We collect cookies, session tokens, usage logs, error reports, and analytics about how the Service is accessed to maintain security and improve performance.

2. How We Use Information

  • Provide guest capture, AI moderation, content queues, and publishing workflows
  • Authenticate users, manage venues, teams, campaigns, and rewards
  • Send transactional messages (OTP, reward delivery, account alerts)
  • Enable venues to build guest CRM records and engagement history
  • Publish or schedule approved content to connected social networks via Scheduloid
  • Detect abuse, fraud, and security incidents
  • Comply with legal obligations and enforce our Terms
  • Improve the Service through aggregated, de-identified analytics

We do not sell personal data to data brokers or advertising networks.

3. How We Share Information

We share information only as needed to operate the Service:

  • Venue operators: Guest submissions, contact details (where collected), and engagement data are available to the venue that ran the campaign.
  • Service providers: Cloud hosting (including Supabase for authentication and data storage), Scheduloid for social publishing, WhatsApp Business API providers, AI/vision APIs, email delivery, and payment processors — each bound by contractual confidentiality.
  • Social platforms: Approved content is transmitted to networks you or the venue connect (e.g., Instagram, Facebook). Their use of data is governed by their own policies.
  • Legal and safety: When required by law, to protect rights and safety, or to respond to valid legal process.
  • Business transfers: In connection with a merger, acquisition, or asset sale, subject to continued protection of personal data.

4. Guest Content & Marketing Use

Guests grant the venue and Cliqr a licence to use submitted content as described at the point of capture (including publication on social media and in marketing materials). Venues are responsible for ensuring campaigns, signage, and in-venue notices accurately describe how guest content will be used.

Content already published to a social network remains subject to that platform's policies; removing it from Cliqr does not automatically remove it from third-party networks.

5. Data Retention

We retain venue account data while the account is active and for a reasonable period thereafter for legal and backup purposes. Guest media and contact records are retained according to venue settings and operational needs; venues may request deletion of guest records subject to applicable law.

You may request deletion of your personal data by contacting us (see Section 11). We will respond within 30 days where required by law.

6. Security

We use encryption in transit (TLS), access controls, and industry-standard practices to protect data. OAuth tokens for social accounts are stored encrypted by Scheduloid. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

7. Cookies & Similar Technologies

We use cookies and local storage for authentication sessions, security, and preferences. You can manage cookies in your browser; disabling them may limit dashboard functionality.

8. Your Rights

Depending on your location (including under India's Digital Personal Data Protection Act and, where applicable, the EU GDPR), you may have the right to access, correct, delete, restrict, or port your personal data, and to withdraw consent where processing is consent-based.

Guests can contact the venue or email us to exercise these rights. Venue operators can manage team data in the dashboard or contact support for account-level requests.

9. Children's Privacy

The Service is not directed at children under 18. We do not knowingly collect personal information from children. If you believe we have collected a child's data, contact us and we will delete it promptly.

10. International Transfers

Data may be processed in India and other countries where our providers operate. We take steps to ensure appropriate safeguards when data crosses borders.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated "Last updated" date. Continued use after changes constitutes acceptance.

12. Contact Us