Privacy Policy

Last updated: June 12, 2026

QRStatix is built privacy-first. This policy explains what we collect, why, and the controls you have. The short version: static QR codes are generated in your browser and never touch our servers; dynamic codes log anonymized scan events; free-tier uploads are auto-deleted after 30 days.

1. Information we collect

Account data: when you sign up (including via Google), we receive your name, email address and profile photo from the identity provider. We never see or store your Google password.

Content you create: QR designs, destinations, campaigns and uploads you choose to save to your account. Static codes generated without saving are processed entirely in your browser.

Scan events (dynamic codes only): when someone scans a dynamic QR code, we record timestamp, approximate location (country/city derived from IP), device type, operating system and browser. The IP address itself is hashed and never stored in raw form. We do not collect names, contacts or any identity of people who scan codes.

2. How we use information

To provide the service: hosting your codes, redirecting dynamic links, rendering analytics dashboards and processing subscriptions via PayPal.

To improve the platform: aggregate, de-identified usage statistics guide product decisions. We do not sell personal data to anyone.

Advertising: free-tier pages may display ads (e.g., Google AdSense). Ad providers may use cookies subject to their own policies β€” see our Cookie Policy for controls.

3. Data retention

Free accounts: uploaded files (images, logos, generated QR assets) are automatically deleted 30 days after upload by a scheduled cleanup job.

Premium accounts: files are retained until you delete them. You can delete any file, QR code or your entire account at any time from the dashboard.

Scan analytics are retained for the lifetime of the associated QR code and deleted with it.

4. Your rights

You can access, export, correct or delete your data at any time. EU/EEA users have rights under GDPR (access, rectification, erasure, portability, objection); California residents have equivalent CCPA rights. Contact privacy@qrstatix.com to exercise any right and we'll respond within 30 days.

5. Security

All traffic is encrypted with TLS. Passwords are handled by Firebase Authentication and never stored by us. Database access is restricted and credentialed, and uploads are stored with unguessable identifiers.

6. Contact

Privacy questions: privacy@qrstatix.com. We may update this policy and will note material changes on this page with a new effective date.