Privacy Policy

Last updated: November 9, 2025

Stiqr Pty Ltd ("Stiqr", "we", "us", "our") operates the QRimb mobile application, web experiences, and related services (collectively, the "Services"). This Privacy Policy describes how we collect, use, disclose, and safeguard personal information when you interact with QRimb. By using the Services, you agree to the practices described in this policy.

Information We Collect

We collect and process the following categories of personal data to provide and improve QRimb:

Account & Profile Information

  • Registration details such as name, display name, email address, and password or other authentication identifiers.
  • Profile preferences including home gym, location, biography, avatar selection, visibility settings, and communication preferences.

Route & Performance Data

  • Climb history, scanned routes, grades, performance types (flash, topped, attempt), attempts, falls, timing, ratings, and difficulty votes.
  • XP, coins, achievements, level progression, streaks, multipliers, and reward status associated with your account.
  • Notes, photos, and other information you voluntarily attach to a climb.

Social & Community Data

  • Friends, favorites, and other social graph connections you initiate.
  • Leaderboard standings, shared climb insights, and public profile information based on your privacy selections.

Device & Usage Data

  • Device identifiers, operating system, app version, language, time zone, and diagnostic logs.
  • Session analytics, screen views, QR scans, and in-app actions captured to improve user experience. Analytics events are stored locally and synchronized to our infrastructure when needed.

Support & Communications

  • Information you provide when contacting support, submitting feedback, or participating in surveys or beta programs.

How We Use Your Information

We process personal information to:

  • Authenticate users, maintain accounts, and deliver core functionality.
  • Track climb performance, award XP and coins, manage achievements, and power analytics dashboards.
  • Personalize route recommendations, difficulty insights, and social experiences.
  • Synchronize progress across devices using secure storage and caching mechanisms (including AsyncStorage and TTL caches).
  • Monitor app stability, detect abuse, enforce policies, and troubleshoot issues.
  • Send service announcements, updates, promotional communications (where permitted), and respond to inquiries.
  • Comply with legal obligations and enforce our Terms & Conditions.

Legal Bases for Processing

Depending on your location, we rely on:

  • Performance of a contract (to provide the Services you request).
  • Legitimate interests (improving, securing, and operating the platform).
  • Compliance with legal or regulatory obligations.
  • Your consent (for optional features, marketing communications, or where required by law).

How We Share Information

We only share personal data when necessary and with appropriate safeguards:

  • Service Providers (Processors): Supabase, Inc. (hosting, database, authentication) and Cloudflare, Inc. (security, performance, networking) process data under written agreements and must follow our instructions.
  • Community Features: Information you choose to make public (e.g., leaderboards, climb stats) is visible to other users per your privacy settings.
  • Legal & Safety: We may disclose data in response to lawful requests (e.g., subpoenas, court orders) or to protect rights, safety, or property.
  • Business Transfers: If we undertake a merger, acquisition, or asset sale, personal data may be transferred subject to appropriate protections.

We do not sell personal data.

Data Retention

We retain personal information for as long as your account is active or as needed to provide Services, comply with legal obligations, resolve disputes, or enforce agreements. Cache entries (including TTL caches) are refreshed or purged based on operational requirements. When retention is no longer necessary, we delete or anonymize data.

Security Measures

We implement administrative, technical, and physical safeguards designed to protect personal data, including encryption in transit, access controls, and regular security reviews. Nonetheless, no system is completely secure, and we encourage you to use strong passwords and maintain control of your devices.

International Transfers

Your information may be processed in countries other than where you reside, including the United States, where our service providers (e.g., Supabase, Cloudflare) are located. We apply appropriate safeguards, such as Standard Contractual Clauses, to ensure cross-border transfers comply with applicable law.

Your Rights & Choices

You can access and update many details directly within the app. You may also:

  • Delete your account via Settings > Account > Delete Account; we will permanently delete associated personal data after verifying the request.
  • Request a copy of your data, correct inaccuracies, restrict or object to certain processing, or withdraw consent for optional features (subject to local law).

To exercise rights not available in-app, contact us using the details below. We may need additional information to verify your identity.

Children’s Privacy

QRimb is not directed to children under 16 (or the minimum age required by local law). We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, contact us so we can delete it.

Changes to This Policy

We may update this Privacy Policy periodically. When we make material changes, we will notify you by updating the "Last updated" date and, where appropriate, through in-app notices or email. Your continued use of QRimb after an update constitutes acceptance of the revised policy.

Contact Us

If you have questions or requests regarding this Privacy Policy, please reach out to:

Stiqr Pty Ltd
Richlands, QLD 4077
Australia
Email: privacy@qrimb.com