GDPR Compliance

Summary

At BonoQR, we take digital privacy seriously. Even though our primary operations are in Colombia, we follow the European General Data Protection Regulation (EU) 2016/679 (GDPR) as a global standard for excellence in data handling.

1. Data Minimization & Security

We apply the principle of "Data Protection by Design". For users in our Starter Plan, customer information is automatically hashed using SHA-256, providing a high level of security by ensuring that raw PII (Personally Identifiable Information) is never stored in a readable format by our staff.

2. Your Rights under GDPR

• Right of Access & Portability: Obtain a structured file with your account data.
• Right of Erasure: Delete your account and all associated data permanently.
• Right to Object: Halt any specific processing of your data based on legitimate interests.

3. Sub-processors

We work with the following high-tier sub-processors who are committed to GDPR compliance:

• Vercel / Supabase: Infrastructure and hosting.
• OpenAI: Artificial Intelligence processing (text/image generation).
• Mercado Pago: Payment processing (PCI-DSS compliant).

4. DPO Contact

For further inquiries or to exercise your rights, please reach out to our representative: Adrián Esteban Ibarra Giraldo at info@bonoqr.com.