Privacy Policy

Last Updated: February 27, 2025

[Your QR Generator App Name] (“we,” “us,” or “our”) operates a web-based QR code generation service (the “Service”). We prioritize transparency and compliance with global privacy laws, including the California Online Privacy Protection Act (CalOPPA), General Data Protection Regulation (GDPR), and California Consumer Privacy Act (CCPA/CPRA). This policy explains how we collect, use, and protect your data.
By using the Service, you agree to the terms below. For GDPR compliance, our EU/UK representative is [Name/Email].

1. Information We Collect

a. Provided by You

• QR Code Content: URLs, text, or data input to generate QR codes. Static QR content is processed in real-time and not stored unless you opt for dynamic QR codes (see §8).
• Account Data:Name, email, password, and payment details (processed via Stripe/PayPal; we do not store credit card numbers).
• Communications: Support inquiries submitted via email or forms.

b. Collected Automatically

• Usage Data: IP address, device type, browser, OS, timestamps, and pages visited.
• Analytics: Session duration, clicks, and interactions via tools like Google Analytics.
• Cookies: Session/persistent cookies for functionality and preferences (see §6).

c. Dynamic QR Codes (If Enabled)

• Scan Data: Timestamps, locations, device types, and scan counts (stored only for dynamic codes).

2. How We Use Your Data

• Generate, customize, and deliver QR codes.
• Process payments and manage accounts.
• Improve Service functionality and user experience.
• Send updates or marketing emails (opt-out available).
• Comply with legal obligations (e.g., tax reporting, subpoenas).

3. Data Sharing & Disclosure

We do not sell or rent your data. Limited sharing occurs with:

• Service Providers: Payment processors (Stripe), hosting services (AWS), and analytics tools. These partners are contractually bound to confidentiality.
• Legal Requirements: To comply with laws or protect rights.

4. Your Rights

a. GDPR (EU/UK Users)

• Access, correct, or delete your data.
• Restrict processing or object to data use.
• Data portability (request machine-readable exports).

b. CCPA (California Users)

• Know what personal data is collected.
• Opt-out of data sales (we do not sell data).
• Delete personal information (exceptions apply).

c. General Rights

• Opt out of marketing via unsubscribe links.
• Disable cookies via browser settings (may limit functionality).

5. Data Retention

• Static QR Codes: Content is transient and not stored after generation.
• Dynamic QR Codes: Scan analytics retained until account deletion.
• Account Data: Deleted upon request (where legally required).
• Aggregated Data: Non-identifiable usage statistics retained indefinitely.

6. Cookies & Tracking

• Purpose: Enhance functionality, remember preferences, and analyze traffic.
• Third-Party Cookies: Google Analytics tracking (see Cookie Settings).
• Do Not Track (CalOPPA): We do not respond to DNT signals due to lack of industry standards.

7. Security Measures

• Encryption: TLS/SSL for data transit; AES-256 for data at rest.
• Access Controls: Role-based permissions and MFA for staff.
• Audits:Regular vulnerability assessments and penetration testing.

8. Dynamic QR Codes

• Scan Analytics: Track timestamps, locations, and devices (user consent required).
• User Responsibility: You must inform end-users scanning your QR codes about data collection practices.

9. International Data Transfers

• Data Transfer: Data may be transferred to the U.S., UK, or other regions.
• GDPR Compliance: Ensured via Standard Contractual Clauses (SCCs) with vendors.
• Privacy Framework: EU-U.S. Data Privacy Framework certifications.

10. Childrens Policy

The Service is not intended for users under 13 (16 in the EU/UK). We do not knowingly collect minors’ data.

11. Policy Updates

Changes will be posted here with a revised `Last Updated` date. Material changes trigger email/app notifications.

12. Contact Us

• Email: privacy@yourdomain.com
• Address: [Your Business Address]
• EU/UK Representative: gdpr-representative@yourdomain.com

Key Compliance Enhancements

• Static vs. Dynamic QR Codes: Explicitly clarified data retention differences.
• ISO 27001 Certification: Added reference to security standards (if applicable).
• Cookie Management: Linked to a dedicated Cookie policy.
• CalOPPA Compliance: Detailed DNT and third-party disclosure practices.
• GDPR/CCPA Rights: Streamlined user rights sections for clarity.

This policy balances legal compliance with user transparency, reflecting best practices from QR Tiger, Bitly, and regulatory guidelines.