QRlytics

Privacy Policy

Last updated: January 2026

1. Introduction

QRlytics ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our QR code generation and analytics service.

2. Information We Collect

2.1 Personal Information

When you register for an account, we collect:

  • Email address
  • Full name (optional)
  • Phone number (optional)
  • Company name (optional)
  • Website URL (optional)
  • Payment information (processed securely by Stripe)

2.2 QR Code Scan Data

When someone scans a QR code created through our service, we collect:

  • IP address (anonymized after 30 days)
  • Approximate geographic location (country and city level)
  • Device type (mobile, desktop, tablet)
  • Browser and operating system information
  • Date and time of the scan
  • Referrer URL (if available)

3. How We Use Your Information

We use the collected information to:

  • Provide and maintain our service
  • Generate analytics reports for your QR codes
  • Process payments and manage subscriptions
  • Send service-related communications
  • Send marketing communications (with your consent)
  • Improve our service and develop new features
  • Detect and prevent fraud or abuse

4. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your data based on:

  • Contract: Processing necessary to provide our service to you
  • Consent: For marketing communications and optional data collection
  • Legitimate Interest: For service improvement and security
  • Legal Obligation: For tax and regulatory compliance

5. Data Sharing

We do not sell your personal data. We may share data with:

  • Stripe: Payment processing
  • Supabase: Database and authentication services
  • Google Cloud: Hosting infrastructure
  • IP Geolocation services: For location-based analytics

All third-party services are GDPR-compliant and have appropriate data processing agreements.

6. Your Rights (GDPR)

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your personal data
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a portable format
  • Object: Object to processing based on legitimate interest
  • Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at privacy@qrlytics.eu or use the settings in your account.

7. Data Retention

We retain your personal data for as long as your account is active. Scan analytics data is retained for 2 years. After account deletion, we retain minimal data for 30 days for recovery purposes, then permanently delete it. Some data may be retained longer for legal and regulatory compliance.

8. Data Security

We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.3)
  • Encryption at rest (AES-256)
  • Regular security audits
  • Access controls and authentication
  • Secure development practices

9. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies. Analytics cookies are only used with your consent.

10. International Transfers

Your data may be transferred to and processed in countries outside the EU/EEA. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

  • Email: privacy@qrlytics.eu
  • Data Protection Officer: dpo@qrlytics.eu