QR Genie QR Genie
Log in Create QR code
Legal

Privacy Policy

We respect your privacy and handle your data with care. This policy explains exactly what we collect, why, and how long we keep it.

Last updated: June 2025

1. What data we collect

Account data

When you sign up for QR Genie, we collect your name, email address, and a hashed password. We use this to identify you, send important service emails (receipts, security notices), and enable you to log in securely.

Billing data

If you subscribe to a paid plan, payments are processed by our payment provider (Stripe). QR Genie stores only a subscription reference and plan tier — we never see or store your full card number, CVC, or bank details.

QR code content & hosted pages

We store the content you enter when creating QR codes (URLs, vCard details, menus, etc.) and any hosted landing pages you publish. This data is yours — you can export or delete it at any time from Settings → Export my data.

Scan analytics

When one of your dynamic QR codes is scanned, we log a scan event that includes:

  • IP-derived country and city — the IP address itself is not stored; it is used only to look up an approximate location and is discarded immediately after.
  • Device type and operating system — derived from the User-Agent string (e.g. "mobile / iOS 17"). The raw User-Agent string is not stored long-term.
  • Scan timestamp — when the scan occurred (UTC).
  • Referrer — the HTTP Referer header, if present, to indicate the source of the scan.

We do not track individual users across scans. Each scan is an anonymous event.

Usage data & logs

Our servers generate standard access logs (method, path, status code, response time). These are used for debugging and security monitoring and are retained for up to 30 days.

2. How we use your data

We use your data for the following purposes:

  • Providing the service — creating, storing, and redirecting your QR codes; serving your hosted landing pages.
  • Analytics — aggregating scan events into the dashboard you see under Analytics. We never sell this data or share it with advertisers.
  • Billing & account management — processing payments, sending invoices, and notifying you of plan changes.
  • Security & abuse prevention — detecting unusual access patterns, preventing spam, and keeping the platform safe.
  • Product improvement — understanding how features are used in aggregate, so we can improve QR Genie. We use no third-party behavioral tracking (no Hotjar, no Mixpanel, no Meta Pixel).

3. Cookies

QR Genie uses only essential cookies and browser-local storage:

NamePurposeExpiry
qrgenie_jwt Stores your authentication token in localStorage so you stay logged in. Until logout

We do not use advertising cookies, analytics cookies, or any third-party tracking cookies.

4. Data retention

  • Account data is retained as long as your account is active. When you delete your account, all personal data is erased within 30 days.
  • QR code content and landing pages are retained until you delete them. Cancelling a subscription moves dynamic codes to safe mode but does not delete them.
  • Scan analytics are retained for 24 months from the date of each scan, after which they are permanently deleted.
  • Server access logs are retained for 30 days.
  • Billing records are retained for 7 years as required by EU accounting regulations.

5. Your rights

Under GDPR you have the right to access, correct, delete, restrict processing of, and receive a portable copy of your personal data. See our GDPR statement for the full list and how to exercise each right. You can also download everything in one click from Settings → Export my data.

6. Who we share data with

We do not sell your data. We share it only with the minimal set of sub-processors required to operate the service. See our GDPR statement for the current sub-processor list.

7. Security

All data is transmitted over HTTPS (TLS 1.2+). Passwords are stored as bcrypt hashes. Database backups are encrypted at rest. We apply the principle of least privilege to all internal access. No security system is perfect, but we do our best and will notify you within 72 hours if a breach affects your personal data.

8. Children

QR Genie is not directed at children under 16. We do not knowingly collect data from anyone under that age. If you believe we have done so, please contact us and we will delete it promptly.

9. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the "Last updated" date at the top of this page. Continuing to use QR Genie after changes take effect means you accept the revised policy.

10. Contact

For any privacy-related questions or requests, please email us at privacy@qrgenie.io. You can also reach our general support at hello@qrgenie.io.

GDPR Statement Export my data