Privacy Policy
Last updated: October 8, 2025
Your privacy is important to us. This policy explains how we collect, use, and protect your data.
Information We Collect
Account Information
When you create an account, we collect your email address and name through Google OAuth authentication. We do not store your password as authentication is handled securely by Google.
QR Code Data
We store the QR codes you create, including the name, type, destination URL, design settings, and any tags you add. This data is necessary to provide our service.
Analytics Data
When someone scans your QR code, we collect: IP address (anonymized after 90 days), device type, operating system, browser, approximate location (country, region, city), referrer URL, and UTM parameters. This data helps you understand how your QR codes are performing.
Usage Information
We collect information about how you interact with our service, including pages visited, features used, and API calls made. This helps us improve the platform.
Payment Information
Payment processing is handled by Stripe. We do not store your credit card details. We only store your Stripe customer ID, subscription status, and plan information.
How We Use Your Information
Service Delivery
We use your information to provide, maintain, and improve our QR code generation and analytics services, including creating dynamic QR codes, tracking scans, and generating analytics reports.
Account Management
We use your email to manage your account, send service notifications, subscription updates, and important security alerts.
Analytics & Insights
Scan data is processed to provide you with detailed analytics about QR code performance, including geographic distribution, device types, and engagement metrics.
Billing & Subscriptions
We process subscription and payment information to manage your billing, handle upgrades/downgrades, and prevent fraud.
Product Improvement
Aggregated, anonymized usage data helps us understand how users interact with our platform and identify areas for improvement.
Data Storage & Security
Where We Store Your Data
Your data is stored on secure servers provided by Vercel (hosting) and our database provider. All data is encrypted in transit using TLS/SSL and at rest using industry-standard encryption.
Data Retention
Account data: Retained as long as your account is active. QR codes: Retained until you delete them. Scan analytics: Free plan (30 days), Pro plan (1 year), Business plan (unlimited). Deleted data is removed from our systems within 30 days.
Security Measures
We implement industry-standard security practices including encrypted connections, secure authentication via Google OAuth, regular security audits, API rate limiting, and automated backups.
Data Anonymization
IP addresses in scan analytics are anonymized after 90 days to protect user privacy while maintaining useful analytics data.
Data Sharing & Third Parties
Service Providers
We share data with trusted third-party service providers: Google (authentication), Stripe (payment processing), Vercel (hosting), and our database provider (data storage). All providers are contractually obligated to protect your data.
API Access
If you use our API, you control what data you share through API calls. API keys are encrypted and can be revoked at any time.
Legal Requirements
We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.
Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred. You will be notified of any such change.
No Selling of Data
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
Your Rights & Choices
Access & Export
You can access all your data through your account dashboard. You can export your QR codes and analytics data at any time in CSV or JSON format.
Correction & Update
You can update your account information, QR code settings, and preferences at any time through the dashboard.
Deletion
You can delete individual QR codes or your entire account. Account deletion removes all associated data within 30 days, except data we're required to retain for legal or accounting purposes.
Data Portability
You can download your data in machine-readable formats (JSON, CSV) to transfer to another service.
Opt-Out
You can opt out of non-essential emails through your account settings. Service-critical emails (security alerts, billing) cannot be disabled.
API Control
You can create, revoke, and manage API keys with specific permissions to control data access.
International Data Transfers
Cross-Border Processing
Our services are hosted on servers that may be located in different countries. By using our service, you consent to your data being transferred to and processed in these locations.
GDPR Compliance
For users in the European Economic Area (EEA), we comply with GDPR requirements including lawful data processing, data minimization, and your rights to access, rectify, and erase your data.
Data Protection
We ensure that international data transfers are protected through appropriate safeguards such as standard contractual clauses and adequate data protection agreements.
Children's Privacy
Age Restriction
Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.
Parental Rights
If you believe we have collected information from a child under 13, please contact us immediately and we will delete such information.
Questions About Privacy?
If you have questions about this Privacy Policy or how we handle your data, we're here to help.