Skip to main content

Privacy Policy

Last updated: 11/7/2025

1. Information We Collect

We collect the following types of information:

Personal Information

  • Account Information: Email address, name, and profile information when you create an account
  • Payment Information: Billing address and payment details (processed securely through Stripe)
  • QR Code Data: Content you input to generate QR codes, including URLs, text, and custom settings
  • Communication Data: Information you provide when contacting our support team

Browser Extension Data

  • Extension Usage Data: URLs or text you provide to generate QR codes through our browser extensions
  • Personal Access Tokens: API authentication tokens you create (stored locally in your browser, not on our servers)
  • Extension Settings: Your preferences and configuration settings (stored locally in your browser)
  • Optional Tracking Data: When you choose to create tracked QR codes, the same scan analytics data as described above

Important: Personal Access Tokens are stored locally in your browser's secure storage. We only receive the token during API authentication. You can revoke tokens at any time from your profile page.

Usage Information

  • Analytics Data: How you use our service, including QR code generation patterns and feature usage
  • Scan Data: Aggregated and anonymized information about QR code scans (timestamps, device types, locations)
  • Technical Data: IP address, browser type, device information, and cookie data

2. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on:

  • Contract Performance: To provide our QR code services and fulfill our terms of service
  • Legitimate Interest: To improve our services, prevent fraud, and ensure security
  • Consent: For marketing communications and optional features (where applicable)
  • Legal Obligation: To comply with applicable laws and regulations

3. How We Use Your Information

We use your personal information for the following purposes:

  • Provide and maintain our QR code generation and tracking services
  • Process payments and manage your subscription
  • Analyze QR code usage patterns to improve our services
  • Send important service updates and security notifications
  • Provide customer support and respond to your inquiries
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations and enforce our terms of service
  • Enable browser extension functionality and API access for authenticated users

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your data in the following limited circumstances:

  • Service Providers: Third-party services that help us operate (Stripe for payments, analytics providers)
  • Legal Requirements: When required by law or to protect our legal rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Consent: With your explicit consent for specific purposes

5. Your Rights Under GDPR

If you are located in the European Union, you have the following rights:

  • Access: Request a copy of your personal data we hold
  • Rectification: Correct inaccurate or incomplete personal data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Limit how we process your personal data
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent for consent-based processing

To exercise these rights, please contact us at privacy@qrtracker.io

6. Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations:

  • Account Data: Until you delete your account or request deletion
  • QR Code Data: Until you delete individual QR codes or your account
  • Payment Data: As required by financial regulations (typically 7 years)
  • Analytics Data: Aggregated data may be retained indefinitely after anonymization

7. International Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions for countries with equivalent data protection laws
  • Certification schemes and codes of conduct where applicable

8. Data Security

We implement comprehensive security measures to protect your personal information:

  • Encryption of data in transit and at rest
  • Regular security assessments and vulnerability testing
  • Access controls and authentication mechanisms
  • Employee training on data protection and security best practices
  • Incident response procedures for data breaches
  • Browser extension tokens stored locally using browser's secure storage APIs
  • API tokens can be revoked instantly through your profile settings

9. Browser Extensions

We offer browser extensions for Chrome and other browsers (with more coming soon) to enhance your QR code generation experience:

What the Extensions Do

Our browser extensions allow you to generate QR codes directly from your browser without visiting our website. You can create both untracked QR codes (no account needed) and tracked QR codes (requires API authentication).

Data Collection

The browser extensions only collect data that you explicitly provide:

  • URLs or text you enter to generate QR codes
  • Optional: Name and destination URL for tracked QR codes
  • Extension settings and preferences (stored locally)

Local Storage

Personal Access Tokens and extension settings are stored locally in your browser using the browser's secure storage APIs. This data never leaves your device except when making authenticated API requests.

API Communication

When you create a tracked QR code, the extension communicates securely with the QRTracker API using your Personal Access Token. The API communication is encrypted using HTTPS and follows the same security standards as our web application.

Required Permissions

Our browser extensions require the following permissions:

  • Storage: To save your API token and extension settings locally
  • Active Tab: To read the current page URL when generating QR codes
  • Host Permissions: To communicate with api.qrtracker.io for tracked QR code creation

Optional Features

Tracking is completely optional. You can:

  • Generate untracked QR codes without creating an account or providing an API token
  • Generate tracked QR codes by enabling tracking and authenticating with a Personal Access Token

Token Management

You maintain full control over your API tokens:

  • Create tokens in your profile settings with custom scopes
  • Revoke tokens instantly at any time
  • Monitor token usage and last used timestamps
  • Set token expiration dates for enhanced security

Multi-Browser Support

Our extensions are designed to work across multiple browsers including Chrome, Firefox, Edge, Safari, and others. The privacy practices described here apply to all browser versions of our extensions.

10. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Required for basic site functionality and security
  • Analytics Cookies: To understand how you use our service (with your consent)
  • Preference Cookies: To remember your settings and preferences

You can control cookie preferences through your browser settings.

11. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16.

12. Contact Us

For any questions about this Privacy Policy or to exercise your rights, please contact us:

Email: privacy@qrtracker.io

Support: support@qrtracker.io

Data Protection Officer: dpo@qrtracker.io

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also send you an email notification.