Privacy Policy
Last updated: 2026-05-09. This is a placeholder while the service is in pre-launch — a full version reviewed by counsel will replace this before public launch. The substance below is the actual practice we intend to maintain.
Who we are
inQRable is an independent QR code studio. Contact: [email protected].
What we collect
- Anonymous QR generation: payload not stored, not logged beyond type and length.
- Registered users: email, name (optional), generated QRs you choose to save (payload encrypted at rest).
- Dynamic QR scans: timestamp, country, device type, hashed IP for deduplication. Raw IPs are never stored.
- Logs: server logs (request URL, status, latency, hashed IP) retained for 30 days.
What we do with it
Operate the service, send transactional email (sign-in links, receipts, support replies), aggregate scan analytics for users on dynamic QRs they own, and protect against abuse. We do not sell or share your data. We do not run third-party advertising.
Your rights
Under GDPR / CCPA / similar regimes you can request export, correction, or deletion of your data. Email [email protected]. Account deletion via the dashboard hard-deletes user data within 30 days; tax-mandated invoice records are retained 7 years (US law) but personally-identifiable fields are anonymized.
Subprocessors
- Cloudflare — DNS, CDN, DDoS protection, edge proxy
- Resend — transactional email delivery
- Stripe — payments (when active)
- Sentry — error tracking
- PostHog — product analytics (privacy-respecting, with consent)
Security disclosures
Report security issues to [email protected]. See /security for our policy and /.well-known/security.txt.