Back to home

Privacy Policy

Last updated: 10 March 2026

REXU ("we", "us", "our") operates the website rexu.app and the QRgency emergency QR code platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

1.1 Account Information

When you register, we collect your name, email address, and mobile number. If you sign in with Google, we receive your name and email from your Google account.

1.2 Emergency Profile Data

You voluntarily provide emergency information including: blood group, age, allergies, medical conditions, medications, emergency contact numbers, language preference, organ donor status, and emergency instructions. This data is stored solely to be displayed on your public emergency page when your QR code is scanned.

1.3 Fleet / Commercial Data (B2B)

If you register a commercial account, we additionally collect: vehicle registration numbers, vehicle labels/make/model, driver names, driver phone numbers, and driver blood groups. This data is used to display vehicle- and driver-specific emergency information when a fleet QR code is scanned. Fleet owners are responsible for obtaining consent from their drivers before providing their personal information.

1.4 Payment Information

Payments are processed through Razorpay and/or Stripe. We do not store your credit/debit card numbers, UPI IDs, or bank account details on our servers. Payment processors handle all financial data under their own privacy policies and PCI-DSS compliance.

1.5 Scan Logs

When someone scans your QR code, we log the timestamp, IP address, and user agent of the scanner for analytics and abuse prevention. We do not collect the scanner's personal identity.

1.6 Automatically Collected Data

We collect standard web analytics data: browser type, device type, operating system, pages visited, and referring URL. This is collected via Vercel Analytics and contains no personally identifiable information.

2. How We Use Your Information

  • To create and display your emergency profile when your QR code is scanned
  • To send emergency alerts to your designated contacts
  • To process payments for QR activation
  • To verify your mobile number via OTP
  • To communicate service updates, security alerts, and support messages
  • To prevent fraud, abuse, and unauthorized access
  • To improve our Service through aggregated, anonymized analytics

3. Data Sharing & Disclosure

We do not sell, rent, or trade your personal data. We share data only in these cases:

  • Emergency page viewers: When your QR code is scanned, limited emergency information (name, blood group, medical info, emergency contacts) is displayed to help the person assist you. Phone numbers are partially masked.
  • Payment processors: Razorpay and Stripe receive necessary transaction data to process your payment.
  • Legal requirements: We may disclose data if required by Indian law, court order, or government authority.

4. Data Storage & Security

Your data is stored on Supabase (PostgreSQL) with Row-Level Security enabled. Data is encrypted in transit (TLS 1.3) and at rest (AES-256). Our infrastructure is hosted on Vercel and Supabase cloud with servers in India and Singapore.

QR tokens are cryptographically random and do not contain any personal information. Even if a QR code is photographed, it only contains a random token URL — not your data.

5. Data Retention

  • Account and profile data is retained as long as your account is active.
  • Scan logs are retained for 12 months, then automatically deleted.
  • Payment records are retained for 8 years as required by Indian tax law.
  • You can request deletion of your account and all associated data by emailing us at privacy@rexu.app.

6. Your Rights

Under applicable Indian data protection laws, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and data
  • Withdraw consent for data processing
  • Port your data in a machine-readable format

To exercise any of these rights, contact us at privacy@rexu.app.

7. Cookies

We use essential cookies only: authentication session cookies and admin session tokens. We do not use advertising or third-party tracking cookies.

8. Children's Privacy

Our Service is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us data, please contact us to have it removed.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance.

10. Contact Us

For privacy-related questions or concerns:

© 2026 REXU. All rights reserved.

Pages

HomeHow it worksPricingAbout

Socials

InstagramWhatsApp

Legal

Privacy PolicyTerms & ConditionsRefund PolicyShipping & Delivery

Account

Sign upLoginContact Us