QRCraft

QR Experience Builder

Back home

Security

QRCraft Security Overview

This page summarizes the current security posture that can be supported by the codebase and the present product architecture. It is not a certification or guarantee, but a practical overview of current controls and current gaps.

Last updated

March 30, 2026

Operator

TECHVENTIVE IT SOLUTIONS PRIVATE LIMITED

Contact

connect@techventive.in

1. Controls currently visible in the repository

QRCraft currently relies on a relatively simple architecture: authenticated access through Clerk, server-side persistence through Prisma and Postgres, paid plan workflows through Razorpay, and explicit legal-consent gating for workspace access.

  • Authenticated routes and protected API patterns are enforced through Clerk middleware and server-side auth checks.
  • Workspace actions are scoped to the active workspace or membership context before QR updates or deletion.
  • Legal consent is versioned and re-collected when the published legal version changes.
  • Razorpay webhook signatures are verified before billing state updates are applied.
  • QR routing only redirects active records and deactivates routed QR links once scan limits are exceeded.

2. Important limitations

QRCraft is currently positioned for India plus rest-of-world SMB use. The current repository does not by itself demonstrate enterprise certification, external audit certification, or a regulated-industry assurance package.

  • No public certification claims are made here.
  • No SOC report or ISO certification is implied by this page.
  • No per-record encryption claims beyond provider-standard transport and storage assumptions are made in this repository.
  • Users should avoid storing unnecessary secrets or highly sensitive personal data in QR payloads unless they have independently assessed that risk.

3. Security contact path

Security, abuse, and privacy issues can currently be reported through connect@techventive.in. Security incidents are owned by Directors, with escalation targeted within 1 business day. Legal notices may be sent to 28 Feet Road, Near Electric Office, Vikasnagar, Dehradun, Uttarakhand, India - 248198..