Privacy Policy

Effective April 4, 2026  ·  Last updated April 4, 2026

1. Introduction

Welcome to OneTag (“we,” “our,” or “us”). We operate the smart QR tag platform available at onetag.in. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our services.

By registering an account or using OneTag, you agree to the practices described in this policy.

2. Information We Collect

2.1 Account Registration

When you create a OneTag account, we collect:

  • Full name
  • Email address
  • Phone number (used only for alert delivery — never shared publicly)
  • Password (stored in encrypted form)

2.2 QR Tag Data

When you register a QR tag to an item, we collect:

  • Item name and category (e.g., “Black Backpack”, “Pet Collar”)
  • Custom tag description (optional)
  • Unique cryptographic QR tag ID linked to your account

2.3 Finder / Scan Event Data

When a finder scans your QR tag, we collect:

  • Alert type selected by the finder (e.g., “Found Item”, “Wrong Parking”)
  • Message entered by the finder (optional)
  • GPS coordinates, if the finder grants location permission (optional)
  • Approximate scan time and date
  • Browser/device type (for security and abuse prevention)

2.4 Usage Data

We automatically collect:

  • IP address
  • Browser type and version
  • Pages visited within our platform
  • Time and duration of visits

3. How We Use Your Information

We use your information to:

  • Deliver instant alerts — notify you (via push notification, WhatsApp, or SMS) when your QR tag is scanned
  • Protect your privacy — ensure your personal contact details are never shown on the QR landing page or to finders
  • Secure your account — authenticate logins and prevent unauthorized access
  • Improve our service — analyze aggregate usage patterns to enhance performance and features
  • Prevent abuse — detect and block fraudulent or malicious scans using rate limiting and abuse detection systems
  • Comply with law — respond to legal obligations where required

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. What Finders See — Privacy by Design

OneTag is built on a privacy-first architecture. When a finder scans your QR code:

Your phone number is never displayed
Your email address is never displayed
Your home address is never displayed
The finder sees only a secure, branded alert form specific to your item category
Their message and location (if shared) are relayed directly to you via your chosen notification method

Your identity remains protected at all times.

5. Data Sharing

We may share data only in the following limited circumstances:

ScenarioDetails
Service ProvidersTrusted third-party providers (e.g., notification services, hosting) who process data on our behalf under strict confidentiality agreements
Legal RequirementsIf required by applicable law, court order, or governmental authority
Business TransferIn the event of a merger, acquisition, or sale of assets — users will be notified in advance
Safety & SecurityTo protect the rights, property, or safety of OneTag, our users, or the public

We do not share finder messages, scan locations, or alert data with any third party except as described above.

6. Data Security

We implement robust technical and organizational measures to protect your data:

  • Encryption — All data is encrypted in transit (TLS/HTTPS) and at rest
  • Cryptographic QR IDs — Each QR tag uses unique, non-guessable identifiers to prevent enumeration attacks
  • Rate Limiting — Scan requests are rate-limited to prevent abuse and spam alerts
  • Access Controls — Only authorized personnel have access to production systems
  • Abuse Detection — Automated systems flag and block suspicious scan patterns

While we take security seriously, no system is 100% secure. We encourage you to use a strong password and keep your account credentials confidential.

7. Data Retention

We retain your data for as long as your account is active. Specifically:

  • Account data — retained until you delete your account
  • Scan/alert event logs — retained for up to 12 months for security and service improvement
  • Anonymized analytics — may be retained indefinitely in aggregate form with no personal identifiers

You may request deletion of your data at any time (see Section 10).

8. Cookies

OneTag uses essential cookies to:

  • Maintain your login session
  • Prevent cross-site request forgery (CSRF)
  • Ensure platform security

We do not currently use advertising or tracking cookies. If this changes, we will update this policy and request your consent.

9. Children's Privacy

OneTag is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with their information, please contact us and we will promptly delete it.

10. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Request correction of inaccurate or incomplete data
  • Deletion — Request deletion of your personal data (“right to be forgotten”)
  • Portability — Request your data in a portable, machine-readable format
  • Objection — Object to certain types of data processing
  • Withdraw Consent — Withdraw consent where processing is based on consent

To exercise any of these rights, please contact us (see Section 12).

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will:

  • Update the “Last Updated” date at the top of this document
  • Notify registered users by email of material changes
  • Post the updated policy at onetag.in/privacy

Continued use of OneTag after changes take effect constitutes your acceptance of the revised policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact:

OneTag Support

Website: onetag.in

Support: onetag.in/support