Privacy Policy

From visitors (no account): if you generate a QR code without an account, the code is created in your browser and we do not store it or collect personal information about you, beyond standard server logs (IP address, browser type, pages visited) kept for security and performance.

From account holders: when you register we collect your first and last name, email address, and password, and optionally your company name and role. When you subscribe to Pro, payment is processed by Stripe — we receive your subscription status and a customer reference, but we never see or store your full card number.

From people who scan dynamic QR codes: when a dynamic code is scanned, we log the time of the scan, the device’s user agent (browser and device type), the referrer if any, and an approximate country derived from the IP address. We use the IP address only to derive the country and do not store the raw IP with the scan record. This data powers the scan analytics shown to the code’s owner. If you scanned a QRZen code, the code’s owner can see aggregate scan data, but not your identity.

• To provide the Service: accounts, dashboards, redirects, analytics.
• To process subscription payments (via Stripe).
• To send transactional email: receipts, verification, important account or policy notices.
• To send occasional product updates to account holders, which you can opt out of with one click in any such email.
• To prevent abuse, fraud, and misuse of the Service.

We do not sell your personal information. We do not use your data for third-party advertising.

We use a small number of service providers to operate QRZen:

• Supabase — database and authentication hosting.
• Stripe — payment processing and tax handling. Stripe’s handling of your payment data is described in Stripe’s own privacy policy.
• Hosting and infrastructure providers that serve the website.

These providers process data only on our behalf. We may also disclose information if required by law or to protect the Service from abuse.

We use essential cookies to keep you logged in and remember preferences. We do not use third-party advertising or cross-site tracking cookies.

Account data is kept while your account is active. If you delete your account, we delete your personal data within 30 days, except records we must keep for legal or accounting reasons (such as payment records). Scan analytics are retained while the associated QR code exists.

Depending on where you live (including the EU/EEA, UK, and California), you may have the right to access, correct, delete, or export your personal data, object to or restrict certain processing, and withdraw consent. To exercise any of these rights, email support@qrzen.co — we will respond within 30 days. You also have the right to complain to your local data protection authority.

QRZen is operated from the United States and data is processed there. If you use the Service from outside the U.S., you understand your data is transferred to and processed in the U.S.

The Service is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, contact us and we will delete it.

We use industry-standard measures to protect your data, including encryption in transit, hashed passwords, and access controls. No system is perfectly secure; we will notify affected users of any breach as required by law.

We may update this policy as the Service evolves. Material changes will be announced by email or in-app notice before they take effect.

Privacy questions or requests: support@qrzen.co.

See also our Terms of Service.