Privacy Policy

Last updated: 19 March 2026 · Nexlyr Solutions Ltd

Cuaa ("we", "us", "our") is a QR-based profile sharing app operated by Nexlyr Solutions Ltd (Company No. 17062750, England & Wales). This policy explains what data we collect, how we use it, and your rights.

1. What We Collect

We only collect information you voluntarily provide or that is generated through normal app use:

• Profile information — display name, handle, birthday, avatar photo, wishlist items, and any other details you choose to add to your profile.
• Scan events — when someone scans your QR code, we record a timestamp and increment your scan count. We do not collect the scanner's identity unless they have a Cuaa account and are connected to you.
• Authentication — if you sign in, we collect your email address to send a secure magic link. Passwords are never stored by Cuaa.
• Subscription status — if you subscribe to a paid plan, RevenueCat (our payment processor) handles billing. We store only your subscription tier and expiry date.

2. How Your Data Is Stored

• Cloud — profile data is stored in Supabase (hosted PostgreSQL) with Row Level Security (RLS) policies so only you can edit your own profile.
• On device — your profile is cached locally using AsyncStorage for offline access. Sensitive data like authentication tokens are stored in the device's secure keychain (SecureStore).

3. Third-Party Services

We use the following third-party services:

• Supabase — database hosting and authentication (supabase.com/privacy)
• Supabase Auth — passwordless magic link authentication (supabase.com/privacy)
• RevenueCat — subscription management (revenuecat.com/privacy)
• Expo / EAS — app build and update delivery (expo.dev/privacy)

4. How We Use Your Data

• To display your profile when someone scans your QR code
• To sync your profile across your devices
• To manage your subscription and unlock paid features
• To show you scan analytics (how many times your code has been scanned)

We do not sell your data. We do not serve behavioural advertising. We do not track you across other apps or websites.

5. Your Rights (GDPR)

If you are in the UK or EU, you have the right to:

• Access — request a copy of all data we hold about you
• Rectification — correct any inaccurate data (you can do this directly in the app)
• Deletion — request that we delete your account and all associated data. Visit our account deletion page or email us.
• Portability — request your data in a machine-readable format
• Withdraw consent — you can sign out or delete your account at any time

6. Data Retention

Your data is retained for as long as your account is active. If you request account deletion, all your data (profile, scan history, connections) will be permanently removed within 30 days.

7. Children

Cuaa is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

8. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via the app or email. The "last updated" date at the top reflects the most recent revision.

9. Contact Us

For any questions about this policy or your data, contact us at:

contact@nexlyr.uk
Nexlyr Solutions Ltd
Company No. 17062750
England & Wales