Privacy & Cookie Policy
How we collect, use, and protect your personal data
Last updated: 3 July 2026
This policy explains how QSmart ("we", "us", "our") collects, uses, and protects your personal data when you use our website and queue-management services, and the cookies we use. We are committed to protecting your privacy in line with the UK GDPR, the EU GDPR, and the Data Protection Act 2018.
1. Who we are (Data Controller)
The data controller responsible for your personal data is:
- BE YOU 4 U LTD (Company Number 14842501)
- 128 City Road, London, United Kingdom, EC1V 2NX
- Website: www.beyou4u.ltd
- Privacy contact: privacy@qsmart.cc
2. What data we collect
- Account data — name, email address, phone number, country, and city you provide when registering.
- Queue & booking data — the queues you join, appointments, services, and related timestamps.
- Organisation data — if you register a business, its name, type, address, and contact details.
- Payment data — for paid plans, payments are processed by Stripe; we do not store your full card details.
- Technical & usage data — IP address, browser/device information, and pages visited, collected via cookies and analytics with your consent.
- Communications — messages you send us and notification preferences.
3. How we use your data & our lawful basis
| Purpose | Lawful basis (GDPR Art. 6) |
|---|---|
| Create and manage your account; provide the queue service | Performance of a contract |
| Send transactional emails and queue notifications | Performance of a contract |
| Process payments for paid plans | Contract & legal obligation (financial records) |
| Protect the site (reCAPTCHA, brute-force protection) | Legitimate interests (security) |
| Analytics to understand and improve the service | Consent |
| Optional marketing communications | Consent |
4. Cookies & tracking
We use essential cookies that are necessary for the site to function (for example, your login session and security tokens). These do not require consent. We also use non-essential analytics cookies, which load only after you accept them in our cookie banner. You can change your choice at any time via the Cookie settings link in the footer.
| Cookie / tool | Provider | Purpose | Category |
|---|---|---|---|
| Session & CSRF token | QSmart (first-party) | Keeps you logged in; protects forms | Essential |
| Cookie-consent preference | QSmart (first-party) | Remembers your consent choice | Essential |
| Google Analytics (G-3LGZ89C7ZZ) | Aggregate usage statistics | Analytics (consent) | |
| QSmart analytics | marketing-website.com (our own) | First-party usage analytics | Analytics (consent) |
| reCAPTCHA | Protects against bots/abuse | Security |
5. Who we share data with
We share personal data only with service providers ("processors") that help us run the service:
- Google — Analytics, reCAPTCHA, and Firebase Cloud Messaging (push notifications).
- Stripe — payment processing for paid subscriptions.
- Our email/SMTP provider — to send verification and notification emails.
- marketing-website.com — our own first-party analytics platform.
We do not sell your personal data.
6. International transfers
Some providers (e.g. Google, Stripe) may process data outside the UK/EEA. Where that happens, transfers are protected by appropriate safeguards such as Standard Contractual Clauses or an adequacy decision.
7. How long we keep your data
We keep account and queue data for as long as your account is active. If you close your account, we delete or anonymise your personal data within a reasonable period, except where we must retain certain records (e.g. payment records) to meet legal obligations.
8. Your rights
Under the UK/EU GDPR you have the right to:
- Access a copy of your personal data;
- Rectify inaccurate data;
- Erase your data ("right to be forgotten");
- Restrict or object to processing;
- Data portability;
- Withdraw consent at any time (this does not affect prior processing);
- Lodge a complaint with a supervisory authority — in the UK, the Information Commissioner's Office (ICO).
To exercise any of these rights, contact us at privacy@qsmart.cc.
9. How we protect your data
We use encryption in transit (HTTPS), hashed passwords, session-binding, CSRF protection, and brute-force protection. No method of transmission is 100% secure, but we take reasonable steps to safeguard your information.
10. Children
Our service is not directed at children under 16, and we do not knowingly collect their data.
11. Changes to this policy
We may update this policy from time to time. Material changes will be reflected by the "Last updated" date above, and where appropriate we will ask for your consent again.
12. Contact
Questions about this policy or your data? Email privacy@qsmart.cc.