Privacy Policy
Effective date: March 8, 2026
Overview
QrVerloz ("we", "us", or "our") operates the QR code management platform QrVerloz. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and the rights you have over your data. We are committed to handling your data responsibly and in compliance with applicable privacy laws including the GDPR and CCPA.
1. Information We Collect
Account Information
When you create an account we collect your email address. We use passwordless magic-link authentication — no password is ever stored. Your email is used to send you sign-in links, billing receipts, scan-alert notifications, and important service communications.
QR Code and Redirect Data
We store the data you provide when creating QR codes: destination URLs, labels, custom branding settings (colours, logo), scheduled redirect rules, and password hashes for password-protected codes. This data is stored securely and associated with your account.
Scan Analytics Data
Each time one of your QR codes is scanned, we automatically collect and store the following event data:
- IP address — used transiently to derive approximate location; we store the derived location data, not the raw IP
- Country and city — derived from the IP address using a GeoIP lookup service
- Device type, operating system, and browser — parsed from the HTTP User-Agent header
- Referrer — the URL or source that triggered the QR scan, if present in the request
- Timestamp — date and time of the scan
This scan data belongs to your account and is shown in your analytics dashboard. As the QR code owner, you are the data controller for this information and are responsible for disclosing this collection to your end-users where required by law.
Payment Information
Payments for paid plans are processed by Stripe. We do not store your full credit card number, CVV, or bank account details. Stripe shares with us limited billing data (last 4 digits of card, card brand, billing email, subscription status) that we use to manage your subscription.
API Keys
If you generate API keys, we store only a SHA-256 hash of each key. We display a short prefix (e.g. qv_live_xxxx...) for identification. The full key is shown only once at creation and is never retrievable again.
Usage and Log Data
We may collect server logs for security, debugging, and abuse prevention purposes. These logs may include IP addresses and HTTP request metadata and are retained for a limited period.
2. How We Use Your Information
- To create and manage your account and provide the Service
- To process payments and manage your subscription
- To send you transactional emails (sign-in links, receipts, payment failures)
- To send scan-alert notifications when your QR code exceeds a scan threshold (you can configure or disable these in your dashboard)
- To display analytics data on your dashboard
- To enforce our Terms of Service and prevent abuse
- To improve and maintain the platform
- To comply with legal obligations
We do not use your data for advertising or sell your personal data to third parties.
3. Data Sharing and Third-Party Services
We share data only with trusted sub-processors required to operate the Service:
| Service | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing | Email, billing details |
| Resend | Transactional email delivery | Email address, email content |
| GeoIP provider | Location from IP at scan time | Scanner IP address (transient) |
| Hosting / cloud | Infrastructure and database hosting | All stored data (encrypted at rest) |
We may disclose your data if required by law, court order, or governmental authority, or to protect the rights, safety, or property of QrVerloz, its users, or the public.
4. Data Retention
We retain your account data and QR code data for as long as your account is active. Scan analytics data is retained for the duration of your account unless you delete it from the dashboard.
When you delete your account, we will delete or anonymise your personal data within a reasonable period (typically 30 days), except where we are required to retain it for legal or compliance purposes (e.g. billing records).
5. Security
We use industry-standard security measures including TLS encryption in transit, encryption at rest for the database, hashed storage of sensitive values (API keys, QR code passwords), and regular security reviews. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
6. Your Privacy Rights
Depending on where you are located, you may have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you
- Correction — ask us to correct inaccurate or incomplete data
- Deletion — request deletion of your personal data (“right to be forgotten”)
- Portability — receive your data in a structured, machine-readable format
- Objection / restriction — object to or restrict certain processing activities
- Withdraw consent — where processing is based on consent, you may withdraw it at any time
To exercise any of these rights, email us at [email protected]. We will respond within 30 days.
7. Cookies and Local Storage
We use a small number of strictly necessary cookies and browser storage items to operate the Service:
- Session cookie — an encrypted, HttpOnly cookie that keeps you signed in after authenticating via magic link. This is essential for the Service to function.
- CSRF token — a short-lived token used to protect against cross-site request forgery attacks.
We do not use advertising cookies or third-party tracking cookies. We do not use Google Analytics or similar behavioural tracking services.
8. Children's Privacy
The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us and we will delete it.
9. International Data Transfers
Your data may be processed in countries outside your own, including by our sub-processors (Stripe, Resend). Where required, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) to ensure your data receives equivalent protection.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email and will update the effective date at the top of this page. We encourage you to review this policy periodically.
11. Contact Us
If you have questions, requests, or complaints about this Privacy Policy or our data practices, please contact us at:
QrVerloz
Email: [email protected]