Privacy Policy
1. Who we are
This service is operated as a personal/small-business tool for managing QR code scan events via physical devices. Details about who we are and what we do can be found here. Questions regarding this policy can be sent to the contact address provided here. This service operates in Romania and is subject to Romanian law and EU Regulation 2016/679 (GDPR).
2. Personal data we collect
We collect only the minimum data necessary to provide the service:
- Email address — used to create and identify your account, send verification codes, password reset links, and QR code delivery emails.
We do not collect names, phone numbers, payment data, or any other personal identifiers. Tags and custom data you associate with QR codes are stored on our servers solely to provide the service to you.
3. Legal basis for processing
- Contract performance (Art. 6(1)(b) GDPR) — processing your email is necessary to provide the account and service you requested.
- Legitimate interest (Art. 6(1)(f) GDPR) — basic security measures such as login attempt limiting and session management.
4. How we use your data
- Account creation and authentication
- Sending verification codes and password reset links
- Delivering QR code information to recipients you designate
- Security and abuse prevention (rate limiting, lockouts)
We do not sell, share, or transfer your data to third parties for any other purposes.
5. Data retention
Your data is retained for as long as your account exists. Temporary data (verification codes, password reset tokens) is automatically purged after expiry. When you delete your account, all associated data — including devices, QR codes, scan history, and email address — is permanently and immediately removed from our systems.
6. Your rights
Under GDPR you have the right to:
- Access — request a copy of the data we hold about you (contact us).
- Rectification — correct inaccurate data, e.g. request changing your email address (contact us).
- Erasure — delete your account and all associated data at any time directly from the dashboard ("Delete account" option). Delete associated qr code data directly from the dashboard ("Manage QR codes", "Manage groups" options).
- Restriction / Objection — contact us to restrict or object to certain processing.
- Portability — export your qr code scan data at any time using the built-in export function from the dashboard ("View QR scans" -> Filter -> Export).
- Lodge a complaint — you may contact the Romanian supervisory authority, ANSPDCP (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal).
7. Cookies & sessions
We use session cookies for authentication and, if you choose "Remember me", a persistent cookie to keep you logged in. Details on all cookies used by this service are described in our Cookie Policy.
8. Security
Passwords are stored exclusively as bcrypt hashes. All communication occurs over HTTPS. Access tokens and verification codes are time-limited and invalidated after use.
9. Changes to this policy
If this policy changes materially, we will update the "Last updated" date at the top. Continued use of the service after changes constitutes acceptance of the updated policy.