Privacy Policy — QR Code Designer

Last updated June 2026. These are good-faith starter documents tailored to QR Code Designer — have a lawyer review them before relying on them commercially, especially for your jurisdiction’s consumer and data-protection rules.

1. Scope

This policy explains what QR Code Designer collects, how we use it, and your choices. It covers our website, app, and the dynamic-code redirect and landing pages we host.

2. Information we collect

• Account: your name and email, password (stored hashed), and plan/billing status.
• Payments: handled by Stripe. We receive your subscription status and the last four digits/brand of your card — we never see or store full card numbers.
• Scan analytics: when someone scans a dynamic code we log the time, a hashed IP address (we don’t keep raw IPs), an approximate location (country/region/city derived from IP), device type, browser/user-agent, and referrer.
• Content you provide: code destinations, landing-page text, uploaded logos/PDFs, and templates.
• AI inputs: text or prompts you submit to AI features.
• Essential cookies: a session cookie to keep you logged in and a CSRF token. We don’t use advertising or cross-site tracking cookies.

3. How we use it

To run your account, generate and serve your codes and landing pages, show you analytics, process payments, send service emails (verification, password reset, receipts, optional scan/digest alerts you can turn off), provide support, and keep the Service secure. We don’t sell your personal data.

4. Who we share it with (subprocessors)

We share data only with providers that help us run the Service:

• Hosting — our web host stores the application and database.
• Stripe — payments and subscriptions.
• Email provider — to deliver transactional email.
• IP geolocation — to turn a scan’s IP into an approximate location.
• AI providers — when you use AI features, your input is sent to the relevant provider (e.g. Anthropic for text, and, if enabled, OpenAI for images or Replicate for artistic codes) to generate the result.

We may also disclose information if required by law or to protect rights and safety.

5. Data retention

We keep account and code data while your account is active. Scan events are retained to power your analytics; you can delete a code (and its scans) anytime. When you close your account we delete or anonymize your data within a reasonable period, except where we must retain records (e.g. tax/billing).

6. Security

Passwords are hashed (bcrypt), scan IPs are hashed, traffic is served over HTTPS, and access is role-based. No system is perfectly secure, but we work to protect your data and will notify you of a material breach as required by law.

7. Your rights

Depending on where you live (e.g. GDPR/UK GDPR/CCPA), you can access, correct, export, or delete your data, and object to or restrict certain processing. You can edit your profile, export or delete your codes, and close your account in-app, or email support@qrcodedesigner.com for any data request. We won’t discriminate against you for exercising these rights.

8. International transfers & children

Our providers may process data in other countries; we rely on their safeguards for such transfers. The Service isn’t directed to children under 16, and we don’t knowingly collect their data.

9. Changes & contact

We’ll post changes here with a new date. For any privacy question, email support@qrcodedesigner.com.