Legal

Privacy policy

How QRIoT handles information collected through the reference application and demo backend service.

Last updated: 14 April 2026

This privacy policy describes how QRIoT ("we", "us") handles information collected through the QRIoT reference mobile application and its associated demo backend service. It applies to the iOS and Android apps we publish, the PWA hosted at pwa.qriot.io, and the backend service at qriot.io that supports them. These together form a public demonstration of the QRIoT platform.

A note for IoT product makers building on QRIoT: if you're deploying the QRIoT platform inside your own product, this policy covers our demo only — it does not cover the end-users of your product. You'll need your own privacy policy for them, tailored to the data your product collects.

Information we collect

When you use the QRIoT reference app to pair a device, we process the following information:

  • Device identifier — a unique ID burned into the demo device's firmware, used to associate the device with the onboarding session.
  • Onboarding token — a short random string encoded in the QR code on the device, used to authenticate the onboarding session.
  • Session events — timestamps and status codes for each step of the onboarding flow (for example: session created, Bluetooth connected, handshake succeeded, claim completed). These exist to help us diagnose failures.
  • Telemetry samples — counter and uptime values read from the device over Bluetooth during the onboarding session, used to demonstrate live data exchange in the reference app.
  • Platform — whether the request came from iOS, Android, or the web PWA, used for diagnostics.

We do not collect your name, email address, phone number, precise location, contacts, photos, or advertising identifiers through the onboarding flow. If you contact us by email, we will only see the information you choose to send.

How we use information

  • To complete the device onboarding flow in the reference app and associate the paired demo device with the session.
  • To diagnose issues with the reference app and improve the platform's reliability.
  • To respond to integration, evaluation, and support requests.

We do not sell your information, and we do not use it for advertising or profiling.

Where your information is stored

Onboarding data is stored in Amazon Web Services (AWS) in the eu-west-2 (London) region, inside Amazon DynamoDB tables. Data in transit is protected by TLS.

How long we keep it

Onboarding sessions and telemetry samples are retained for as long as necessary to operate the service and to diagnose issues. You may request deletion at any time — see "Your rights" below.

Your rights

Depending on where you live, you may have the right to access, correct, export, or delete the information we hold about the demo device you paired. To exercise any of these rights, email support@qriot.io and include the device identifier or onboarding token from your session so we can locate the record.

Children

The QRIoT reference app is not directed at children under 13, and we do not knowingly collect information from children.

Changes to this policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page.

Contact

Questions about this policy can be sent to support@qriot.io.