Your Data Stays Yours

If you use the free generator without an account: we collect no personal information whatsoever. No name, no email, no IP address is stored or logged in connection with your QR code activity.

If you create a registered account, we collect only what is necessary to operate that account:

• Email address (used to identify your account and send essential notifications)
• Password (stored as a one-way cryptographic hash — we cannot see it)
• Display name (optional, used within the dashboard)
• QR code metadata you choose to save (title, type, destination URL, creation date)
• Aggregate scan counts associated with your dynamic QR codes

We do not collect payment card details directly. If a paid plan is introduced, payments will be handled by a PCI-compliant third-party processor and no card data is stored on our servers.

Information collected from registered users is used exclusively to:

• Authenticate you and provide access to your account and saved QR codes
• Enable dynamic QR redirect functionality
• Provide aggregate scan analytics within your dashboard
• Send transactional emails (password reset, account security alerts)
• Respond to support requests you initiate

This is the core of our privacy approach. The QR code generator on QwikQR runs entirely within your web browser using client-side JavaScript. Specifically:

• The text, URL, phone number, or any other content you type into the generator is processed locally in your browser's memory.
• Any logo or image you upload for the QR center is read and rendered locally — it is never transmitted over the network.
• The generated QR code PNG files are created in-browser and downloaded directly to your device.
• No network request is made to QwikQR servers during the generation or download process.

Dynamic QR codes (available to registered users) work differently: the QR code itself encodes a short redirect URL on our servers, and scan data (timestamp and approximate country, derived from the scanner's request) is logged so we can display your analytics dashboard. The destination URL you set is stored on our servers to perform the redirect.

Unregistered visitors: We do not set any cookies and do not use local storage for tracking purposes. The free QR generator tool operates without any persistent browser storage.

Registered users: We set a single, essential session cookie upon login. This cookie:

• Contains an encrypted session token — not your email or password
• Is marked HttpOnly and Secure, preventing JavaScript access and requiring HTTPS
• Expires when you log out or after 30 days of inactivity
• Is strictly necessary for the authenticated dashboard to function — you cannot opt out of this cookie while remaining logged in

We do not use analytics cookies, advertising cookies, or any third-party tracking pixels on this site.

We use a small number of third-party services to deliver the product:

• Google Fonts — loads the Lato typeface. Google's servers receive a request for the font file, which may include your IP address. See Google's Privacy Policy.
• cdnjs (Cloudflare) — serves the QR code JavaScript library. Cloudflare may log the request. See Cloudflare's Privacy Policy.
• Hosting provider — our infrastructure provider processes standard server logs (IP, timestamp, URL path) for operational purposes. Logs are retained for up to 30 days.

We retain your account data for as long as your account is active. If you delete your account, all associated data — including saved QR codes, destinations, and scan analytics — is permanently deleted from our systems within 30 days.

Server access logs (containing IP addresses of web requests) are retained for a maximum of 30 days for security and diagnostic purposes, then automatically purged.

For dynamic QR scan logs, aggregate counts are kept indefinitely as part of your dashboard data. Individual scan event records (timestamp + country) are retained for 12 months, after which they are removed while the aggregate count remains.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate or incomplete data
• Deletion — request erasure of your account and associated data ("right to be forgotten")
• Portability — receive your data in a structured, machine-readable format
• Objection — object to processing where we rely on legitimate interests as a legal basis
• Restriction — request that we restrict processing of your data in certain circumstances

To exercise any of these rights, contact us at the address in the Contact section below. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

QwikQR is not directed at children under the age of 13 (or 16 in the EU/EEA). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately and we will delete such information from our records.

We implement industry-standard security measures to protect account data:

• All data in transit is encrypted using TLS 1.2 or higher (HTTPS enforced site-wide)
• Passwords are hashed using bcrypt with an appropriate work factor — plaintext passwords are never stored or logged
• Session tokens are cryptographically random and rotated on login
• Database access is restricted to application servers via private networking

No method of transmission over the internet is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you in accordance with applicable law.

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For significant changes, we will notify registered users via email at least 14 days before the changes take effect.

Your continued use of QwikQR after changes become effective constitutes acceptance of the revised policy. If you do not agree with any changes, you may close your account before they take effect.