Privacy — qbirr

Last updated: 2026-05-27

We store the minimum we need to bill you and let you audit your own use:

Your email, business name, country (from signup)
Hashed passwords (Argon2id — we never see plaintext)
API key prefixes + hashed full keys (same — we can't recover keys you've lost)
Verification call logs: provider, reference, expected amount, result, payer name from receipt

We do NOT store: your customers' bank passwords, OTP codes, full account numbers (except receiver-account suffixes used to fetch receipts), or anything that would let us move money on anyone's behalf. We are not a financial institution.

We never sell data. We don't run analytics trackers. We use no third-party JS on dashboard pages besides Tailwind and HTMX CDNs.

Data retention: verification logs are kept for 12 months for billing audit, then aggregated.