Privacy Policy
Last updated: 12 April 2026
Our Privacy Promise
The short version, in plain English:
- We never sell or share your data with advertisers or third parties
- Finders never see your real phone number when you use Premium
- You control exactly what information is shown when your tag is scanned
- We don't use tracking cookies or third-party analytics
- You can delete your account and all your data at any time
- Payments are handled securely by Stripe - we never see your card details
Quick Return Ltd. ("we", "us", "our") operates the Quick Return service at quickreturn.co.uk. This policy explains what personal data we collect, why we collect it, and your rights under UK data protection law including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Data Controller
Quick Return Ltd. is the data controller for personal data processed through our service. If you have questions about this policy, contact us at privacy@quickreturn.co.uk.
2. What Data We Collect
Account information: When you create an account, we collect your email address, full name, and phone number. Your phone number is used to send scan notifications if you are a premium subscriber.
Item information: Details you provide about registered items including name, type, notes, photos, safe drop-off location, and emergency contact details.
Scan events: When someone scans a QR code linked to your item, we record the date and time of the scan. If you have enabled location tracking (premium feature), we also record the approximate GPS location of the scan with their consent.
Payment information: If you purchase products or subscribe to our premium plan, payment is processed securely by Stripe. We do not store your card details. Stripe may collect your name, email, billing address, and shipping address during checkout.
Chat messages: If someone finds your item and uses the chat feature, messages are stored to enable the conversation. Chat messages are automatically deleted after 90 days.
Usage data: We may collect basic usage data such as pages visited and browser type to improve the service.
3. Lawful Basis for Processing
We process your data on the following legal bases:
- Contract: To provide the Quick Return service you signed up for, including sending scan notifications and displaying item information when your QR code is scanned.
- Consent: For optional features such as location tracking of scans. You can enable or disable this per item.
- Legitimate interest: To improve our service, prevent fraud, and ensure security.
4. How We Use Your Data
- To create and manage your account
- To display item information (name, type, contact details, safe drop-off location) when a QR code is scanned
- To send SMS notifications when your items are scanned (premium subscribers)
- To record scan history so you can see when and where your items were found
- To provide phone number masking so people can contact you without seeing your real number (premium subscribers)
- To process subscription payments
- To respond to your enquiries and provide support
5. What People See When They Scan
When someone scans a Quick Return QR code, they see the item name, type, any notes you have added, and your contact details. If you are a premium subscriber with phone masking enabled, your real phone number is hidden and replaced with a secure relay number.
6. Third-Party Services and International Data Transfers
We use the following third-party services to operate Quick Return:
- Supabase: Database, authentication, and file storage. Your data is stored in Supabase's cloud infrastructure.
- Stripe: Payment processing for product purchases and subscriptions. Stripe processes your payment details, billing address, and shipping address. Stripe is certified under the EU-US Data Privacy Framework. Stripe Privacy Policy.
- Twilio: SMS delivery for scan notifications, anonymous phone calls, and chat message relay. Phone numbers are processed by Twilio in the United States under Standard Contractual Clauses (SCCs) and the Data Privacy Framework. Twilio Privacy Notice.
- Resend: Transactional email delivery (order confirmations, dispatch notifications, scan alerts). Resend Privacy Policy.
- Cloudflare: Website hosting, content delivery, and security protection. Cloudflare Privacy Policy.
Each provider processes data under a Data Processing Addendum (DPA) or equivalent contractual safeguards. Some of these providers are based in the United States. Where personal data is transferred outside the UK, it is protected by appropriate transfer mechanisms including Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or the EU-US/UK Extension Data Privacy Framework, as required by UK GDPR.
We do not use any of these services for advertising, profiling, or purposes unrelated to operating Quick Return.
7. Data Sharing
We do not sell your personal data. We share data only:
- With anyone who scans your QR code (limited to the item information you choose to display)
- With the third-party service providers listed above, solely to operate the service
- If required by law or to protect our legal rights
8. Data Retention
We retain your data for as long as necessary to provide the service:
- Account data: Retained while your account is active. Deleted within 30 days of account deletion, except where required by law.
- Item data: Retained while your account is active. Deleted when you delete the item or your account.
- Scan events: Retained for 12 months, then automatically deleted.
- Chat messages: Automatically deleted 90 days after the conversation.
- Order and payment records: Retained for 6 years as required by UK tax law (HMRC).
- Email logs: Records of emails sent (template used, recipient, status) retained for 12 months.
9. Your Rights
Under UK GDPR, you have the right to:
- Access your personal data
- Rectify inaccurate data (you can edit your profile from your dashboard)
- Erase your data ("right to be forgotten")
- Restrict processing in certain circumstances
- Data portability to receive your data in a portable format
- Object to processing based on legitimate interest
- Withdraw consent at any time for consent-based processing
To exercise any of these rights, contact privacy@quickreturn.co.uk.
10. Cookies
We use essential cookies to keep you signed in. We do not use advertising or third-party tracking cookies.
11. Children's Data
Quick Return can be used to help safeguard children's belongings and personal safety. Accounts must be created by a parent or guardian aged 18 or over. We do not knowingly collect data from children under 13 without parental consent.
12. Security
We use industry-standard security measures including encrypted connections (HTTPS), secure authentication, and access controls to protect your data. Phone number masking for premium users ensures your real number is never shown.
13. Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes by email or through a notice on our website. The "Last updated" date at the top shows when this policy was last revised.
14. Complaints
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
15. Contact
Quick Return Ltd.
Email: privacy@quickreturn.co.uk