Privacy Policy

Last updated: 6/18/2025

Our Privacy-First Approach

QRbly is designed with privacy in mind. We collect only the minimal data necessary to provide our service, and we never use invasive tracking or show disruptive cookie banners when you scan QR codes.

✅ No cookie banners when scanning QR codes
✅ Minimal data collection by default
✅ Enhanced analytics only with your consent
✅ Full control over your data

What Data We Collect

1. Basic QR Code Functionality (No Consent Required)

Under legitimate interest for service functionality and fraud prevention, we collect:

  • Scan count: Total number of times a QR code is scanned
  • Country-level location: Country only (for fraud prevention)
  • Basic device type: Mobile, tablet, or desktop (for redirect rules)
  • Anonymized IP: Last octet removed (e.g., 192.168.1.xxx)

2. Enhanced Analytics (With Your Consent)

For QR code owners who want detailed insights, we collect additional data only with explicit consent:

  • Detailed location: City, region, timezone
  • Device details: Brand, model, operating system
  • Browser information: Browser type and version
  • Referrer data: Where the scan came from
  • Scan timing: When scans occur for trend analysis

3. Account Information

When you create an account, we collect:

  • Email address: For account access and important notifications
  • Name: Optional, for personalization
  • Password: Securely encrypted for account security
  • Subscription status: For billing and feature access

Legal Basis for Processing

Legitimate Interest

  • • Basic scan counting
  • • Fraud prevention
  • • Service functionality
  • • Security monitoring

Consent

  • • Detailed analytics
  • • Marketing communications
  • • Optional features
  • • Enhanced tracking

Data Retention

  • Basic scan data: 12 months for free users, 24 months for Pro users
  • Account data: Until account deletion or 3 years of inactivity
  • Analytics data: 30 days for free users, 12 months for Pro users
  • Anonymized data: May be retained longer for service improvement

Your Rights

Data Rights (GDPR/CCPA)

  • • Access your data
  • • Correct inaccurate data
  • • Delete your data
  • • Export your data
  • • Object to processing
  • • Withdraw consent

How to Exercise Rights

  • • Dashboard privacy settings
  • • Account deletion tool
  • • Data export feature
  • • Email: [email protected]

Data Security

We implement industry-standard security measures:

  • Encrypted data transmission (TLS/SSL)
  • Secure password storage (bcrypt hashing)
  • Regular security audits and updates
  • Limited access controls
  • IP address anonymization

Third-Party Services

Payment Processing (Stripe)

Payment data is processed securely by Stripe and never stored on our servers.

Geolocation (IP-API)

Country-level location data for fraud prevention. No personal data shared.

International Transfers

Your data may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers.

Updates to This Policy

We may update this privacy policy from time to time. We'll notify you of significant changes via email or through the service. Continued use constitutes acceptance of the updated policy.

Contact Us

For privacy-related questions or to exercise your rights: