Privacy Policy
Last updated: June 2026
ViralWiFi (viralwifi.app) is an all-in-one platform for venue managers — restaurants, bars, hotels, B&Bs, gyms, beauty salons — that transforms Guest WiFi into a growth tool: free WiFi QR code, negative review protection on Google, TripAdvisor, Booking and Airbnb, email marketing automation and digital loyalty cards. This Privacy Policy describes how we collect, use and protect personal data in compliance with EU Regulation 2016/679 (GDPR).
1. Data Controller
The Data Controller is ViralWiFi (viralwifi.app). For any privacy-related requests, contact us at: privacy@viralwifi.app.
2. Data collected and purposes
We collect the following data to provide the WiFi QR, review management and marketing automation service:
- Account registration data: name, email, venue name, WiFi SSID.
- End customer data of the venue: email and/or phone number (voluntarily collected via WiFi QR at connection).
- Navigation data: IP address (anonymized), pages visited, session duration (via Google Analytics 4).
- Payment data: entirely managed by Stripe Inc. — ViralWiFi does not store card numbers.
- Reviews and ratings: data entered by end customers through the guided review flow.
3. Legal basis for processing
- Contract execution: to provide the WiFi QR, review protection and marketing automation service.
- Legitimate interest: anonymous traffic analysis to improve the platform.
- Consent: for sending promotional communications and use of non-technical cookies.
- Legal obligation: retention of tax data under applicable law.
4. Data retention
Active account data is retained for the duration of the contract and for 12 months after cancellation. End customer data (emails collected via WiFi) is retained for 24 months, unless otherwise indicated by the venue manager. Anonymized navigation data is retained for 14 months (Google Analytics standard).
5. Sharing with third parties
- Stripe Inc.: payment processor (PCI-DSS Level 1).
- Google LLC: Analytics (GA4) and Google Ads for conversion measurement.
- Cloud infrastructure provider: hosting and infrastructure on which the ViralWiFi platform runs.
- We never sell your data to third parties for marketing purposes.
6. Data transfer outside the EU
Some providers (Google, Stripe) process data in the USA. The transfer takes place in compliance with Standard Contractual Clauses approved by the European Commission (SCC) and/or the EU-US Data Privacy Framework.
7. Your rights (GDPR Art. 15-22)
- Right of access: request a copy of the data we process about you.
- Right of rectification: correct inaccurate data.
- Right to erasure ("right to be forgotten"): request deletion of your data.
- Right to portability: receive your data in structured format.
- Right to object: object to processing based on legitimate interest or marketing.
- To exercise your rights: privacy@viralwifi.app — response guaranteed within 30 days.
8. Data security
ViralWiFi adopts appropriate technical and organizational measures to protect personal data: TLS encryption in transit, data access limited to authorized personnel, audit logs of critical operations, daily backups.
9. Cookies
For detailed information on cookie use, see our Cookie Policy.
10. Changes to this Privacy Policy
Any material changes will be communicated to registered users via email with at least 14 days notice. The updated version is always available at viralwifi.app/privacy.
11. Complaints
You have the right to lodge a complaint with your national data protection authority if you believe our data processing violates GDPR.