Privacy Policy

This Privacy Policy describes how DotPlus Technologies Private Limited ("DotPlus", "we", "our" or "us") collects, uses, stores, shares and protects information about you when you visit, register or transact on DPLink — our QR code generator and URL shortener platform — accessible at dplnk.in and related sub-domains (the "Service").

By accessing or using the Service you agree to this Privacy Policy. If you do not agree, please stop using the Service. This policy is published in accordance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Digital Personal Data Protection Act, 2023 ("DPDP Act"), and the EU General Data Protection Regulation ("GDPR") where applicable.

1. Information We Collect

a. Account Information

When you create an account we collect your name, email address, hashed password and (where you choose to sign in via Google / OAuth) profile information returned by the provider.

b. Content You Create

We store the QR code data, destination URLs, short-link aliases, titles, tags, logos and design settings that you save to your dashboard.

c. Payment Information

Subscription payments are processed exclusively through PCI-DSS compliant payment gateways (Razorpay and/or its banking partners). We do not see, store or have any access to your full card number, CVV, UPI PIN, net-banking credentials or one-time passwords. We only receive a transaction reference, payment status, the last four digits of the instrument, invoice amount, currency, GSTIN you provide and billing address for tax invoicing.

d. Usage & Device Data

We automatically collect technical data such as IP address, browser type, operating system, device type, pages visited, referring URL, timestamps and approximate geographic location (country / city) when you use the Service or when someone scans a dynamic QR / visits a short link you created.

e. Cookies & Similar Technologies

We use strictly-necessary cookies for authentication and fraud prevention, and optional analytics cookies for aggregated usage statistics. You can control cookies through your browser settings; disabling essential cookies may break login and payment functionality.

2. How We Use Your Information

• To create, operate and maintain your account and deliver the Service.
• To process payments, issue invoices, remit applicable taxes and prevent fraud or charge-back abuse.
• To generate scan and click analytics for QR codes and short URLs that you own.
• To send transactional emails (account, billing, receipts, expiry warnings, security alerts).
• To respond to support requests and grievance tickets.
• To improve product quality, detect bugs, monitor uptime and secure our systems.
• To comply with legal, regulatory and tax obligations applicable in India and the countries where we operate.

3. How We Share Information

We do not sell or rent your personal data. We share it only with:

• Payment partners — Razorpay and banks, strictly to process subscriptions, refunds and generate tax invoices.
• Infrastructure providers — cloud hosting, email delivery, CDN and DNS partners under written data-processing agreements.
• Law enforcement — where we are legally compelled by a valid order from an authority of competent jurisdiction.
• Corporate transactions — in the event of a merger, acquisition or sale of assets, in which case continuity of this policy will be preserved.

4. Data Retention

We retain your account information for as long as your account is active, and for up to 7 years after deletion to comply with tax, accounting, anti-money-laundering and audit obligations. Payment transaction records are retained as required by applicable law. Scan and click analytics are retained for 24 months by default and then aggregated. You may request earlier deletion subject to legal retention requirements.

5. Security Measures

We implement commercially reasonable security controls including TLS encryption in transit, bcrypt-hashed passwords, role-based access control, regular dependency patching, infrastructure monitoring, rate limiting, and isolation of payment data. No system can be guaranteed 100% secure; in case of a qualifying personal-data breach we will notify affected users and the competent data protection authority within statutory timelines.

6. Your Rights

Depending on your jurisdiction (India DPDP Act, EU GDPR, UK GDPR, etc.) you have the right to:

• Access a copy of the personal data we hold about you.
• Request correction of inaccurate or incomplete data.
• Request erasure of your account and associated personal data.
• Object to or restrict certain processing activities.
• Withdraw consent for optional processing at any time.
• Port your data to another service provider in a machine-readable format.
• Lodge a complaint with a supervisory authority.

To exercise any of these rights email us at [email protected]. We will respond within 30 days.

7. Children's Privacy

The Service is not directed to children under 13 years of age, and we do not knowingly collect personal data from such children. If you believe a child has provided us data, please contact us for prompt deletion.

8. International Data Transfers

DPLink is operated primarily from India. If you access the Service from outside India, your information may be transferred to, stored and processed in India. We use standard contractual clauses and appropriate safeguards for international transfers.

9. Third-Party Links

Short URLs and QR codes created with DPLink may point to third-party destinations. We do not control or endorse those destinations and are not responsible for their privacy practices. Please review the privacy policy of any third-party site you visit.

10. Changes to this Policy

We may update this Privacy Policy to reflect changes in law, technology or our services. Material changes will be notified by email and through an in-product banner at least 14 days in advance. Continued use of the Service after the effective date constitutes acceptance.

11. Grievance Officer & Contact

For privacy queries, data-subject requests or to report a violation, contact our Grievance Officer: