Last updated: January 2025
At QRCraft, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our QR code generation and analytics platform.
We collect information you provide directly to us when registering for an account, including your name, email address, and password. When you make a purchase, our payment processor Stripe collects your payment information — we do not store credit card details on our servers. We also collect usage data automatically, including IP addresses, browser type, device characteristics, operating system, language preferences, referring URLs, and timestamps.
When someone scans a QR code created through QRCraft, we collect anonymous scan data including: approximate geographic location (derived from the scanner's IP address), device type (mobile, tablet, desktop), browser name and version, operating system, and timestamp. This data is used to provide analytics to QR code owners. Scanner IP addresses are not shared with QR code owners — only aggregate location data (country/city level) is displayed.
We use the information we collect to: (a) create and manage your account; (b) process payments and subscriptions; (c) provide, maintain, and improve our services; (d) generate analytics reports for your QR codes; (e) send you technical notices, updates, and support messages; (f) respond to your comments, questions, and customer service requests; (g) monitor and analyze trends, usage, and activities; and (h) detect, investigate, and prevent security incidents.
Your data is stored securely using MongoDB with encryption at rest and in transit. We implement appropriate technical and organizational security measures including HTTPS encryption for all connections, bcrypt password hashing, secure session management, and regular security audits. While we strive to protect your personal information, no method of transmission over the Internet is 100% secure.
We use the following third-party services that may collect information: Stripe for payment processing (subject to Stripe's Privacy Policy), Google for OAuth authentication (subject to Google's Privacy Policy), and ip-api.com for anonymous IP geolocation of QR code scans. Each of these services has their own privacy policy governing the use of your information.
We use cookies and similar technologies to maintain your authentication session, remember your preferences, and improve your experience. Essential cookies are required for the Service to function and cannot be disabled. We do not use third-party advertising cookies. You can control cookie settings through your browser preferences.
We retain your personal information for as long as your account is active or as needed to provide you services. Scan analytics data is retained for the duration of your subscription. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes. Anonymized and aggregated data may be retained indefinitely.
You have the right to: (a) access, correct, or delete your personal data through your account settings; (b) export your data in a portable format; (c) withdraw consent for data processing at any time; (d) object to processing of your personal data; (e) lodge a complaint with a data protection authority. To exercise these rights, contact us at privacy@qrcraft.com or manage your data through your dashboard Settings page.
Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information. If you are a parent or guardian and believe your child has provided us with personal data, please contact us.
Our services are hosted in the United States. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States. By using the Service, you consent to the transfer of your information to the United States.
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically for any changes.
If you have any questions about this Privacy Policy or our data practices, please contact us at privacy@qrcraft.com.