Privacy Policy
Last updated: June 30, 2026
Effective Date: June 30, 2026
Operated by: India Tax Info Private Limited
App: QRBell – Smart Video Doorbell
1. Introduction
QRBell ("we", "our", or "us") is a smart video doorbell service operated by India Tax Info Private Limited. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use the QRBell mobile application and website (qrbell.co.in).
By downloading, installing, or using the QRBell app, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the app.
This policy applies to the QRBell Android application (available on the Google Play Store), the QRBell website, and any related services. It covers all user roles: vendors (account owners), customers (visitors who scan QR codes), and family members added to a vendor account.
2. Information We Collect
a) Information You Provide
- Phone number and country code — required for account registration and OTP-based identity verification
- Full name — used for your partner profile displayed inside the app
- Email address — optional; used for account recovery and service communications
- Google account information — if you sign in with Google, we receive your name and email address via Google Sign-In (OAuth); we do not receive your Google password
- Family member details — if you add family members to your account, we collect their name, relationship, phone number (optional), email address (optional), and the access permissions you configure
- QR code location — if you choose to tag a QR code with a location, we collect GPS coordinates (latitude and longitude) and/or a text address. This is entirely optional and user-initiated
- Support ticket content — text descriptions and replies you submit when raising support requests
- Auto-reply messages — custom text messages you configure to be sent automatically to visitors
b) Information Collected Automatically
- Call history — records of visitor calls including timestamps, call duration, and status (answered, missed, or declined)
- Visitor device information — when a visitor scans your QR code, we log their IP address and browser user agent for security and abuse-prevention purposes. If the visitor's browser shares their location, GPS coordinates may also be logged
- Device push token (FCM token) — collected by Firebase Cloud Messaging to deliver incoming call notifications to your device
- Crash reports — automatically collected by Firebase Crashlytics, including device model, OS version, and app state at the time of the crash
- Payment references — when you purchase a subscription, we store the Razorpay order ID and payment ID for transaction verification. We do not store card numbers, bank details, or UPI credentials; these are handled entirely by Razorpay
c) Information Collected During Calls
- Camera and microphone (video/audio calls) — accessed only during an active video or audio call with a visitor. Audio and video streams are transmitted in real time through Agora RTC's infrastructure and are not recorded or stored by us or by Agora
- Camera (QR code scanning) — the camera is also used to scan QR codes within the app for management purposes. No images or video frames from QR scanning are stored
3. How We Use Your Information
We use the information we collect for the following purposes:
- To create and manage your QRBell partner account
- To authenticate your identity via OTP or Google Sign-In during login
- To auto-fill OTP codes from incoming SMS with your explicit consent (Android SMS User Consent API)
- To deliver real-time incoming visitor call notifications to your device via push notification
- To enable real-time video and audio calls between you and your visitors using Agora RTC
- To enable in-app QR code scanning for QR code management
- To display your call history and activity log within the app
- To manage family members and their access permissions to your QR codes
- To tag your QR codes with a physical location (only when you explicitly configure one)
- To process subscription payments and verify transactions via Razorpay
- To send service-related notifications, transaction receipts, and security alerts
- To diagnose crashes and improve app stability using Firebase Crashlytics
- To respond to your support tickets and requests
- To enforce visitor blocking by logging visitor IP addresses
- To comply with applicable legal obligations and respond to lawful requests
We do not use your personal information for advertising, profiling, or any purpose beyond what is described in this policy.
4. App Permissions
The QRBell Android application requests the following device permissions. Each permission is used solely for the stated purpose and is never used beyond what is necessary for the app's core functionality.
| Permission | Required / Optional | Why It Is Needed |
|---|---|---|
| CAMERA | Required | Used during live video calls with visitors, and to scan QR codes within the app. No images or video are stored. |
| RECORD_AUDIO (Microphone) | Required | Used during live audio/video calls with visitors. Audio is streamed in real time and is not recorded. |
| POST_NOTIFICATIONS | Required | Used to display incoming visitor call alerts and service notifications via Firebase Cloud Messaging. |
| INTERNET | Required | Required for all core app functionality: authentication, video calls, push notifications, and API communication. |
| RECEIVE_BOOT_COMPLETED | Required | Ensures push notification services are re-registered after the device restarts, so you continue to receive incoming call alerts. |
| VIBRATE | Required | Used to vibrate the device when an incoming visitor call notification arrives. |
| ACCESS_FINE_LOCATION / ACCESS_COARSE_LOCATION | Optional | Used only when you explicitly choose to tag a QR code with your current GPS location. The app does not access location in the background and does not continuously track your position. |
| READ_MEDIA_IMAGES / READ_EXTERNAL_STORAGE (if applicable) | Optional | Used only if you choose to upload a profile photo or avatar from your device gallery. Not used otherwise. |
| FOREGROUND_SERVICE / FOREGROUND_SERVICE_CAMERA / FOREGROUND_SERVICE_MICROPHONE (if applicable) | Optional | May be used to maintain an active call connection when the app is moved to the background during a live video/audio call session. |
| BLUETOOTH / BLUETOOTH_CONNECT (if applicable) | Optional | May be used by the Agora RTC SDK to route call audio to Bluetooth headsets or earphones if connected. QRBell does not use Bluetooth for any other purpose. |
5. QR Code Data Handling
QR codes are central to how QRBell works. Here is exactly what data is associated with each QR code and how it is handled:
- QR code identifier — each QR code has a unique ID stored in our database that links it to your partner account. This ID is encoded in the QR code image and is used to route an incoming visitor call to you
- QR code image — the generated QR code image is stored securely on Amazon S3. The image contains only the QR code ID and a link to the QRBell visitor-facing call page; it does not contain your name, phone number, or any other personal identifier
- QR code location (optional) — if you choose to attach a physical location to a QR code, we store the GPS coordinates (latitude/longitude) and/or a text address that you provide. This is strictly optional and can be removed at any time
- QR code label/name — any label or display name you assign to a QR code (e.g. "Front Door", "Shop Entrance") is stored in our database and is visible only to you and your family members
- Visitor scan events — when a visitor scans your QR code using their browser or camera, we log the scan event including a timestamp, the visitor's IP address, and browser user agent. This data is used for security (e.g. blocking abusive visitors) and to display your call history
Privacy guarantee: Your phone number, email address, and personal identity are never embedded in a QR code or exposed to any visitor who scans it. Visitors interact only with an anonymous call interface — your identity remains completely private.
6. Partner, Customer, and User Information
QRBell serves multiple types of users, and the data we collect differs by role:
Partners (Account Owners)
Partners are users who register an account, own one or more QR codes, and receive incoming visitor calls. We collect:
- Phone number (required for registration and OTP login)
- Full name and optional email address
- Google account name and email if Google Sign-In is used
- Call history, QR code configurations, subscription status, and family member list
- Profile photo (optional, stored on Amazon S3)
Customers / Visitors
Customers are individuals who scan a partner's QR code to initiate a video or audio call. Visitors do not need to register an account or install any app — they interact with QRBell via a web browser. We collect:
- IP address and browser user agent — logged at the time of scan for security and abuse-prevention purposes
- GPS location (only if the visitor's browser shares it and the visitor grants permission) — stored alongside the call log entry
- Audio and video streams during an active call — transmitted in real time via Agora RTC and not stored
Visitor data is never used for advertising and is not linked to any persistent user identity outside of the call log.
Family Members
Family members are individuals added to a partner's account by the account owner. They may independently log in to the QRBell app using their own phone number and OTP. We collect:
- Name and relationship (as entered by the account owner)
- Phone number (optional, used for independent OTP login if provided)
- Email address (optional)
- Access permissions configured by the account owner
7. Family Members & Account Features
Family members with a registered phone number may log in to the QRBell app using OTP verification and access any accounts they have been added to. A single phone number may be linked to multiple accounts (for example, a home account and family accounts from other homes); switching between accounts grants access to the call history and QR codes associated with that account.
- Family member login — a family member can independently log in to the QRBell app using their own phone number and OTP, without requiring the account owner to be present
- Multi-account access — a single phone number may be linked to more than one account; the user can switch between accounts within the app
- Scoped access on switch — switching to a different account grants access only to the call history and QR codes belonging to that account; data from other accounts remains separate
8. Camera and Microphone Access
QRBell uses your device camera and microphone for two purposes:
- Video/audio calls — camera and microphone are accessed during an active call with a visitor who scanned your QR code. We do not record, capture, or store any call audio or video. All media is transmitted in real time through Agora RTC
- QR code scanning — the camera is used to scan QR codes within the app for management purposes. All scanning is performed on-device using Google ML Kit; no camera frames are uploaded or stored
9. Data Sharing and Third-Party Services
We do not sell, trade, or rent your personal information to any third party. We share your data only in the following limited circumstances:
- Service providers — trusted third-party vendors that help us operate the app (listed below), each bound by their own privacy policies and applicable data protection regulations
- Legal compliance — when required by applicable law, court order, or government authority
- Safety — to protect the rights, property, or safety of QRBell, our users, or the public
- Business transfer — in the event of a merger, acquisition, or sale of assets, with prior notice provided to affected users
Third-party service providers we use:
Agora RTC (Agora.io)
Real-time video and audio calls are powered by the Agora RTC SDK (v4.6.3). During an active call, your audio and video streams are transmitted through Agora's global infrastructure. Agora may collect technical metadata such as device type, network quality, and call duration for quality-of-service purposes. Call audio and video content is not stored by Agora or by us.
Privacy policy: agora.io/en/privacy-policy
Firebase — Cloud Messaging & Crashlytics (Google LLC)
- Firebase Cloud Messaging (FCM) — delivers push notifications to alert you of incoming visitor calls. FCM registers and stores a device push token on your device
- Firebase Crashlytics — automatically collects crash reports including device model, OS version, and app stack traces to help us identify and fix bugs
Firebase is operated by Google LLC. Privacy policy: policies.google.com/privacy
Google Sign-In (Google LLC)
QRBell supports sign-in with your Google account. If you choose this option, Google shares your name and email address with us via an OAuth token. We do not receive your Google password. You can revoke this access at any time from your Google account's connected apps settings.
Privacy policy: policies.google.com/privacy
Google SMS User Consent API (Google LLC)
When you log in via OTP, the app uses Android's SMS User Consent API to automatically detect and pre-fill the OTP code from an incoming SMS. A system prompt asks for your permission before reading the SMS. The app reads only the single OTP message and does not access any other SMS content.
Privacy policy: policies.google.com/privacy
Google ML Kit Barcode Scanning (Google LLC)
QRBell uses Google ML Kit's on-device barcode scanning to scan QR codes within the app. All processing happens locally on your device; no camera frames are sent to Google's servers.
Privacy policy: policies.google.com/privacy
Razorpay (Razorpay Software Pvt Ltd)
Subscription payments are processed by Razorpay. When you purchase a plan, the payment flow is handled through Razorpay's secure payment interface. We receive only a transaction reference (order ID and payment ID) to verify your payment. We do not store your card number, bank details, or UPI credentials — these are handled solely by Razorpay under their PCI-DSS compliant infrastructure.
Privacy policy: razorpay.com/privacy
SMS / OTP Gateway
We use a third-party SMS gateway to deliver OTP verification codes to your mobile number during login and account verification. Your phone number is shared with this provider solely for this purpose and is not used for marketing, profiling, or any other purpose.
Amazon Web Services (AWS)
QR code images and user profile photos (avatars) are stored securely on Amazon S3. AWS handles storage under their standard data protection and security practices.
Privacy policy: aws.amazon.com/privacy
10. Push Notifications
QRBell sends push notifications to alert you when a visitor scans your QR code and initiates a call. Notifications are delivered via Firebase Cloud Messaging (FCM).
You can disable notifications at any time through your device settings (Settings → Apps → QRBell → Notifications). Disabling notifications will prevent you from receiving incoming call alerts even when the app is in the background.
11. Data Retention
We retain personal data only for as long as necessary to provide our services or as required by law:
- Account data (name, phone, email) — retained for the lifetime of your account
- Family member data — retained until you remove the family member or delete your account
- Call history — retained for up to 12 months from the date of the call (subject to your subscription plan limits)
- QR code location data — retained until you remove the location or delete the QR code
- Payment references (Razorpay order/payment IDs) — retained for up to 7 years as required for financial record-keeping under applicable Indian law
- Crash reports — retained by Firebase Crashlytics for 90 days
- FCM push tokens — retained until you log out or uninstall the app
- Support tickets — retained for up to 2 years from the date of submission
- Visitor scan logs (IP address, user agent) — retained for up to 90 days for security purposes
Upon account deletion, your personal data, QR codes, family members, call history, and settings are permanently deleted within 30 days, except where retention is required by applicable law (e.g. payment records).
12. Data Security
We implement industry-standard security measures to protect your personal information:
- All data transmitted between the app and our servers is encrypted using HTTPS/TLS
- Authentication tokens are stored securely on your device using Android's encrypted DataStore
- Session tokens are excluded from Android's automatic cloud backup to prevent unintended restoration on new devices
- QR code images are stored on Amazon S3 with access controls in place
- We do not store call audio or video content at any point
- Payment card details and banking credentials are never stored on our servers — these are handled by Razorpay under PCI-DSS compliance
While we implement industry-standard security measures, no method of electronic transmission or storage is 100% secure. We encourage you to keep the QRBell app updated to receive the latest security patches, and to use a strong, unique password for your Google account if you sign in via Google.
13. User Rights (Access, Update, Delete)
You have the following rights with respect to your personal data. To exercise any of these rights, contact us using the details in Section 15.
- Access — you may request a copy of the personal data we hold about you. We will provide this within 30 days of a verified request
- Correction / Update — you may request correction of inaccurate or incomplete personal information. You can update your name, email, and profile photo directly within the app settings
- Deletion — you may request deletion of your account and all associated personal data. See Section 14 for instructions. We will complete deletion within 7 business days and confirm via email or the contact method you provided
- Opt-out of notifications — you may disable push notifications at any time through your device settings
- Portability — you may request an export of your personal data in a structured, machine-readable format
- Withdraw consent — where processing is based on your consent (e.g. location tagging, Google Sign-In), you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal
To exercise any of these rights, email us at contact@qrbell.co.in or use our contact form at qrbell.co.in/contact. We will respond within 30 days of receiving a verified request.
14. Account Deletion
You can request deletion of your QRBell account and all associated data at any time through either of the following methods:
- Submit a request via our contact page: qrbell.co.in/contact — select subject "Account Deletion Request"
- Email us at contact@qrbell.co.in with the subject line "Delete My Account"
15. Cookies and Tracking Technologies
Our website (qrbell.co.in) may use cookies and similar technologies for the following purposes:
- Session management — to keep you logged in during your website session
- Language preference — to remember your selected language
- Basic analytics — to understand aggregate traffic patterns and improve the website. Analytics data is not used to identify individual users
You can control cookie preferences through your browser settings. Disabling cookies may affect certain website functionality such as language persistence.
The QRBell mobile app does not use advertising cookies, cross-app tracking SDKs, or any third-party SDK for behavioural marketing or profiling. The app does not participate in advertising networks.
16. Children's Privacy
QRBell is intended for users aged 13 and older. The app requires a mobile phone number and OTP verification to register, which we consider sufficient to limit use by very young children. We do not knowingly collect personal information from children under the age of 13.
If we become aware that a child under 13 has provided us with personal information without verifiable parental consent, we will take steps to delete that information promptly.
If you are a parent or guardian and believe your child has submitted personal information to QRBell without your consent, please contact us immediately at contact@qrbell.co.in.
17. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or the features of the QRBell app. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Display an in-app notice or send a notification where appropriate
- Where required by law, seek your consent before implementing the changes
Your continued use of QRBell after changes are posted constitutes your acceptance of the updated policy. We encourage you to review this page periodically.
18. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us: