Privacy Policy

Last updated: December 25, 2025

Contents

1. Information We Collect

QRStar collects information to provide and improve our QR code generation services. We collect:

Account Information

  • Email address (for account creation and communication)
  • Authentication data (managed securely through our authentication provider)

QR Code Data

  • Content encoded in QR codes (URLs, text, or other data you provide)
  • QR code settings (size, colors, format, error correction level)
  • Short codes for dynamic QR codes

Scan Analytics (Dynamic QR Codes Only)

When someone scans a dynamic QR code, we collect:

  • Timestamp of the scan
  • IP address (used to derive geographic location)
  • User agent string (browser and device information)
  • Approximate geographic location (country and city, derived from IP)
  • Device type (mobile, desktop, tablet)

Billing Information

  • Payment method details are collected and processed by Stripe. We do not store your full credit card number.
  • Usage data for billing purposes (number of QR codes generated, scans tracked)

API Usage Data

  • API key identifiers (we store hashed versions of your keys)
  • Request logs (endpoints accessed, timestamps, response codes)

2. How We Use Your Information

We use the information we collect to:

  • Provide QR code generation and analytics services
  • Process payments and manage your subscription
  • Send transactional emails (welcome messages, API key notifications, billing alerts)
  • Monitor and improve service performance and reliability
  • Detect and prevent fraud, abuse, and security issues
  • Comply with legal obligations

3. Data Sharing and Third Parties

We share data with the following service providers who help us operate QRStar:

Supabase

Database hosting, user authentication, and file storage. Your data is stored securely in their infrastructure.

Stripe

Payment processing and subscription management. Stripe handles all payment card data according to PCI-DSS standards.

Datadog

Application monitoring and logging. Used for debugging, performance monitoring, and error tracking.

Resend

Transactional email delivery for account notifications and billing alerts.

Vercel

Application hosting and content delivery.

We do not sell your personal information to third parties. We may disclose information if required by law or to protect our rights and safety.

4. Data Retention

We retain your data as follows:

  • Account data: Retained while your account is active and for a reasonable period afterward for legal and business purposes.
  • QR codes: Retained indefinitely while your account is active. Deleted upon account deletion.
  • Scan analytics: Retained indefinitely while your account is active to provide historical analytics. Deleted upon account deletion.
  • Billing records: Retained as required for tax and legal compliance (typically 7 years).
  • Logs: Application logs are retained for up to 30 days for debugging purposes.

5. Your Rights

Depending on your location, you may have the following rights:

For All Users

  • Access: Request a copy of your personal data
  • Deletion: Request deletion of your account and associated data
  • Correction: Update or correct inaccurate information
  • Portability: Export your QR code data

For EU/EEA Residents (GDPR)

You have additional rights under GDPR including the right to object to processing and the right to restrict processing. Our legal basis for processing is contract performance (providing the service) and legitimate interests (improving the service and preventing fraud).

For California Residents (CCPA)

You have the right to know what personal information we collect and how it's used, the right to delete your information, and the right to opt-out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, contact us at support@qrstar.app.

6. Cookies

We use minimal cookies necessary for the service to function:

  • Authentication cookies: Required to keep you logged in
  • Session cookies: Required for security and site functionality

We do not use advertising or tracking cookies. We may use analytics to understand aggregate usage patterns.

7. Security

We implement industry-standard security measures to protect your data:

  • All data transmitted over HTTPS/TLS encryption
  • API keys are hashed using bcrypt before storage
  • Database access is restricted and monitored
  • Regular security reviews and updates

While we strive to protect your data, no method of transmission or storage is 100% secure. Please notify us immediately if you suspect any security issues.

8. Children's Privacy

QRStar is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our website or sending you an email. Your continued use of QRStar after changes become effective constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

QRStar

Operated by Small Dev Shop Inc

support@qrstar.app