GDPR Information
Last updated: October 8, 2025
Your rights under the General Data Protection Regulation (GDPR). Clear, actionable, and under your control.
Legal Basis for Processing
Contract Performance
We process data necessary to provide our QR code service as agreed in our Terms of Service.
Examples:
Creating QR codes, hosting dynamic redirects, providing scan analytics, managing your account, processing subscriptions.
Legitimate Interests
We process data for legitimate business purposes, balanced against your rights and interests.
Examples:
Preventing fraud and abuse, improving service security, conducting anonymized usage analytics, optimizing performance.
Legal Obligations
We process data to comply with legal requirements.
Examples:
Tax and accounting records, responding to law enforcement requests, enforcing Terms of Service, protecting our legal rights.
Consent
We process certain data only with your explicit, freely given consent.
Examples:
Marketing emails, optional analytics cookies, newsletter subscriptions, platform usage tracking.
Right to Access
You have the right to know what personal data we hold about you and receive a copy.
What You Can Access
You can access all your personal data including: account information (email, name, profile), all QR codes you've created, complete scan analytics for your QR codes, subscription and billing history, API keys and usage logs, and all settings and preferences.
How to Exercise This Right
Log in to your dashboard and navigate to Settings > Privacy & Data > Export My Data. Click 'Download All My Data' to receive a complete copy in JSON format. The export includes all data categories listed above. Export is available instantly for Pro and Business plans, within 24 hours for Free plans.
Data Format
Data is provided in machine-readable JSON format, making it easy to review or transfer to another service. Large exports may be split into multiple files and provided as a ZIP archive.
Right to Rectification
You can correct inaccurate or incomplete personal data.
What You Can Update
You can update: your name and email (Settings > Account), QR code names, descriptions, and target URLs (Dashboard > QR Codes), project names and organization details, billing information (Settings > Billing), and notification preferences.
How to Exercise This Right
Most data can be updated directly through your account dashboard. For fields that cannot be changed directly, contact support at [email protected] with your correction request. We will update your data within 72 hours.
Verification
For security reasons, we may ask you to verify your identity before making changes to sensitive information like email addresses or billing details.
Right to Erasure
You can request deletion of your personal data in certain circumstances.
What Gets Deleted
When you delete your account, we permanently remove: your account information, all QR codes you created, all scan analytics data (subject to plan retention), API keys and logs, subscription history (except legally required records for 7 years), and all personal preferences and settings.
How to Exercise This Right
To delete your account: Go to Settings > Account > Delete Account. Review the warning about data loss (this cannot be undone). Type 'DELETE' to confirm. Click 'Permanently Delete My Account'. Data is deleted within 30 days. Active subscriptions must be cancelled first.
What We Retain
We may retain certain data if required by law: billing records for tax purposes (7 years), fraud prevention records, data needed for legal claims or compliance. Anonymized, aggregated analytics (no personal identifiers) may be retained for service improvement.
Exceptions
We may refuse erasure requests if: we have a legal obligation to retain the data, the data is needed for legal claims, you have an outstanding payment obligation, or the data is required for fraud prevention. We will explain our reasoning if we cannot fulfill your request.
Right to Data Portability
You can receive your data in a structured, commonly used format.
What You Can Export
You can export all your data in machine-readable formats: QR codes (JSON with all metadata, SVG files), analytics data (CSV or JSON), account information (JSON), project data (JSON), and API usage logs (CSV).
Export Formats
JSON: Complete data with all relationships and metadata. CSV: Analytics data, scan logs, and usage statistics (ideal for Excel/Google Sheets). SVG: Vector graphics for all QR codes. ZIP: Large exports are compressed for easy download.
How to Exercise This Right
Settings > Privacy & Data > Export My Data. Choose export format (JSON, CSV, or Both). Select data categories to include. Click 'Generate Export'. Download link sent to your email (instant for small datasets, up to 24 hours for large ones).
Transfer to Another Service
Our export format follows industry standards, making it easy to import into other QR code services or analytics platforms. We provide documentation on the data structure to help with migration.
Right to Restriction
You can limit how we use your data in certain circumstances.
When You Can Restrict Processing
You can request restriction if: you contest the accuracy of your data (while we verify), processing is unlawful but you don't want erasure, we no longer need the data but you need it for legal claims, or you've objected to processing (while we verify legitimate grounds).
What Restriction Means
When processing is restricted: we store your data but don't use it, QR codes may stop redirecting (dynamic QR codes become inactive), analytics collection pauses, API access may be limited, and we only process data with your consent or for legal reasons.
How to Exercise This Right
Contact us at [email protected] with your restriction request and reason. We will respond within 72 hours. If approved, restriction takes effect immediately. We will notify you before lifting the restriction.
Right to Object
You can object to certain types of data processing.
What You Can Object To
You can object to: processing for direct marketing (we'll stop immediately), processing based on legitimate interests, analytics and profiling for service improvement, and automated decision-making.
Marketing Communications
We do not send marketing emails without consent. If you receive marketing emails, you can opt out instantly by: clicking 'Unsubscribe' in any email, going to Settings > Notifications > Disable Marketing Emails, or contacting [email protected].
Analytics Objection
You can object to platform analytics (how you use our service) in Settings > Privacy > Disable Analytics. This does not affect QR code scan analytics, which is a core service feature. You cannot object to essential processing required to provide the service (authentication, billing, QR code hosting).
How to Exercise This Right
For marketing: Instant opt-out via account settings or email links. For other objections: Contact [email protected] with your objection and grounds. We will respond within 30 days and stop processing unless we have compelling legitimate grounds.
Right to Withdraw Consent
You can withdraw consent for processing based on consent at any time.
Consent-Based Processing
We process some data based on your explicit consent: optional analytics cookies, marketing communications, platform usage analytics, and newsletter subscriptions. You can withdraw consent at any time without affecting service functionality.
How to Withdraw Consent
Settings > Privacy & Data > Manage Consents. Toggle off any consent you wish to withdraw. Changes take effect immediately. You can re-enable at any time. Withdrawing consent does not affect the lawfulness of processing before withdrawal.
Impact of Withdrawal
Withdrawing consent may limit some features: disabling analytics cookies removes platform usage insights (your QR scan analytics still work), unsubscribing from emails means you'll miss product updates (you'll still receive essential service emails), and opting out of optional features may reduce personalization.
Right to Lodge a Complaint
You can file a complaint with a data protection authority.
Your Supervisory Authority
If you're in the EU/EEA, you have the right to lodge a complaint with your local data protection authority. You can find your authority at https://edpb.europa.eu/about-edpb/board/members_en.
When to File a Complaint
You can file a complaint if: we don't respond to your GDPR request within required timeframes, you're unsatisfied with how we handle your data, we refuse a request without proper justification, or you believe we're violating GDPR.
Try Contacting Us First
Before filing a formal complaint, we encourage you to contact us at [email protected]. We're committed to resolving issues quickly and transparently. Most concerns can be resolved within a few days. If you're still unsatisfied, you have the right to escalate to your supervisory authority.
Our Commitment
We take GDPR compliance seriously and view complaints as opportunities to improve. We will cooperate fully with supervisory authorities and implement any required changes promptly.
Response Timeframes
Data access requests: Instant for Pro/Business plans, within 24 hours for Free plans
Rectification requests: Within 72 hours of verification
Erasure requests: Account deleted within 30 days, confirmation sent immediately
Data portability: Instant for small datasets, up to 24 hours for large exports
Other requests: Within 30 days (we aim for 7 days)
Exercise Your GDPR Rights
Need to exercise any of your rights? Contact our Data Protection Officer or use your account dashboard.
Data Protection Officer: