QRmaker

Privacy Policy

Last updated: June 2026

This Privacy Policy explains what QRmaker ("we", "us") collects, why, and your choices. By using qrmkr.io you agree to this policy. We aim to collect the minimum data needed to run the service.

Note: this is a good-faith template. Have it reviewed by legal counsel for your jurisdiction (GDPR, UK GDPR, CCPA/CPRA, etc.) before relying on it commercially.

1. Information we collect

Account information

  • Your email address and (optionally) your name.
  • A one-way hash of your password — we never store your password in plain text.

Content you create

  • The QR codes you generate and their destination URLs.
  • A history of destination changes (for security and abuse prevention).

Scan analytics

When someone scans one of your dynamic QR codes, we log:

  • Timestamp of the scan.
  • Approximate location (country and, where available, city) derived from the network request — we do not store full IP addresses. We keep only a salted, one-way hash of the IP for counting and abuse prevention.
  • Device type, operating system, and browser (from the user-agent).
  • Referring URL, where provided.

Payment information

Payments are processed by Stripe. We do not see or store your full card details. We store your Stripe customer ID and subscription status to manage your plan.

2. How we use information

  • To provide the service: generate codes, run the redirect layer, and power your analytics dashboard.
  • To process payments and manage subscriptions.
  • To protect users: we check destination URLs against threat databases (e.g. Google Safe Browsing) and detect abuse.
  • To send essential service emails (e.g. account, billing). Marketing emails, if any, are opt-out.

3. How we share information

We do not sell your personal data. We share data only with service providers that help us operate, including:

  • Stripe — payment processing.
  • Hosting and database providers — to run the application.
  • Google Safe Browsing — destination URLs are checked for threats.
  • Authorities where required by law.

4. Cookies

We use a single essential, http-only session cookie to keep you logged in. We do not use advertising cookies. Any privacy-friendly analytics we run is aggregate and does not track you across other sites.

5. Data retention

We keep account and code data while your account is active. Scan events are retained to power your analytics; you can delete codes (and their scans) at any time. When you delete your account, we delete or anonymize your personal data within a reasonable period, except where we must retain records for legal or accounting reasons.

6. Your rights

  • Access and export your data (scan data is exportable as CSV in the dashboard).
  • Correct or delete your data, including deleting your account.
  • Object to or restrict certain processing, where applicable law provides for it.

To exercise any of these, email hello@qrmkr.io.

7. Security

We use industry-standard measures (encryption in transit, hashed passwords, hashed IPs, scoped access). No system is perfectly secure, but we work to protect your data.

8. Children

The service is not directed to children under 16, and we do not knowingly collect their data.

9. Changes

We may update this policy. Material changes will be posted here with a new "last updated" date.

10. Contact

Questions about privacy? Email hello@qrmkr.io.

Privacy Policy · QRmaker