Privacy Policy

Effective July 12, 2026

The short version

We store what we need to run your account and count scans of your codes — nothing more. We don't sell data, we don't run ad trackers, and we deliberately avoid collecting anything about the people who scan your codes beyond anonymous, aggregate-friendly fields.

Data we hold about you (account holders)

  • Email address and a hashed password (or magic-link login) — via Supabase Auth.
  • The QR codes you create: name, destination URL, design settings.
  • Plan and billing status. Card details are held by Stripe, never by us.
  • Standard server logs (kept briefly for security and debugging).

Data recorded when someone scans a code

For each scan of a dynamic code we record:

  • Timestamp
  • Country and region (derived from the network by our host; the IP itself is not stored)
  • Coarse device class (mobile / tablet / desktop) and operating system family
  • Referring page, when the browser sends one

We do not store IP addresses in scan records, set cookies on scanners, or fingerprint devices. Scanners are never identified individuals to us.

Free generator tools

Static QR codes (link, text, WiFi, vCard) are generated entirely in your browser. The content you type — including WiFi passwords — never reaches our servers.

Processors we rely on

  • Supabase — database and authentication (US region)
  • Stripe — payments and invoices
  • Vercel — hosting and privacy-friendly, cookieless site analytics

Your controls

  • Export everything (codes + scan data) from your account page, any time.
  • Delete your account from the account page — codes, scan history, and login are removed immediately and permanently.
  • Cancel billing self-serve via the billing portal.

Contact

Privacy questions: email soomrozaid@gmail.com. We'll answer plainly.