QR Maker
QR MakerPro
Legal

Privacy Policy

Last updated: May 8, 2026 · Effective: May 8, 2026

✓ CCPA Compliant✓ GDPR Compliant✓ We never sell your data

The short version

  • We collect your email and usage data to operate QR Maker.
  • We never sell your data to advertisers or third parties.
  • We use Supabase and Vercel to run the platform.
  • You can delete your account and all data at any time.
  • California and EU residents have additional rights — see below.

1. Overview

QR Maker ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights — written in plain English, not legalese. By using qr-maker.dev, you agree to the practices described in this policy.

2. Information we collect

We collect information in three ways:

Account information — When you sign up, we collect your email address and (optionally) your full name. If you sign in with Google, we receive your name and email from Google's OAuth service.

Usage information — When you use QR Maker we automatically collect browser type, device type, IP address, pages visited, and time spent on pages. This helps us improve the product.

QR scan analytics — For dynamic QR codes, we collect aggregate scan data including total scans, unique scans, device type, browser, operating system, country, city, and time of scan. We do not collect the personal data of people who scan your QR codes.

3. How we use your information

We use your data to:

• Provide and operate the QR Maker platform

• Send you transactional emails (account confirmation, password reset)

• Provide scan analytics dashboards for your dynamic QR codes

• Improve the product based on aggregate usage patterns

• Detect and prevent abuse, fraud, or security issues

• Respond to your support requests

• Send product update emails (you can unsubscribe anytime)

We do not use your data to serve advertisements and we do not sell your data to any third party — ever.

4. Data sharing & sub-processors

We share your data only with service providers necessary to operate QR Maker. Each is contractually bound to protect your data and may not use it for their own purposes.

• Supabase — Authentication and database hosting (United States)

• Vercel — Website hosting and serverless functions (United States)

• Resend — Transactional email delivery (United States)

• PostHog — Product analytics, anonymised (United States)

We do not share your data with advertisers, data brokers, or any other third party outside of the above.

5. Cookies

We use a small number of cookies strictly necessary to operate the site:

• Session cookie — Keeps you logged in between page loads

• CSRF token — Protects your account from cross-site request forgery

We do not use advertising cookies, tracking pixels, or third-party retargeting cookies. You can disable cookies in your browser but this will prevent you from staying logged in.

6. Data retention

We retain your account data for as long as your account is active. If you delete your account, we permanently delete all associated data within 30 days, except where we are legally required to retain records.

Scan analytics data is retained for 24 months. QR codes and associated data are retained as long as your account exists.

7. Security

We take reasonable measures to protect your data. All data is encrypted in transit using TLS 1.2+. Passwords are hashed using bcrypt and never stored in plain text. Access to production databases is restricted to authorised personnel only. We perform regular security reviews.

No method of transmission over the internet is 100% secure. If you discover a security vulnerability, please contact us at [email protected].

8. CCPA rights (California residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to know — You can request a copy of the personal information we hold about you.

• Right to delete — You can request that we delete your personal information.

• Right to opt out — We do not sell personal information. There is nothing to opt out of.

• Right to non-discrimination — We will not discriminate against you for exercising these rights.

To exercise any of these rights, email [email protected]. We will respond within 45 days.

9. GDPR rights (EEA & UK users)

If you are located in the European Economic Area or United Kingdom, you have rights under GDPR including: the right to access your data, right to rectification, right to erasure ("right to be forgotten"), right to restrict processing, right to data portability, and right to object to processing.

Our lawful basis for processing is: contract performance (operating your account), legitimate interests (product improvement and security), and consent (marketing emails).

To exercise your rights, email [email protected].

10. Children's privacy

QR Maker is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected data from a child under 13, please contact us at [email protected] and we will delete it promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address associated with your account) and update the "Last updated" date at the top of this page. Continued use of QR Maker after changes constitutes acceptance of the updated policy.

12. Contact us

Questions, requests, or concerns about this Privacy Policy? We are happy to help.

Email: [email protected]

Website: qr-maker.dev/contact

We aim to respond to all privacy-related inquiries within 5 business days.

Terms of Service →Contact us →