NQR

Privacy Policy

Last updated June 17, 2026

This policy explains what data NQR collects, why, and the choices you have. It covers both account holders and the people who scan codes.

Data we collect

Account data. When you register we store your name, email address, and a hashed password. We store the codes you create and their settings (destinations, titles, tags, logos, schedules).

Scan analytics (dynamic codes). When someone scans a dynamic code, the redirect records the time of the scan and derives a coarse country, device type, and operating system from the request. We store the referrer where the browser provides one. We do not store raw IP addresses alongside scans; instead we derive a salted, anonymized visitor fingerprint to estimate unique visitors. Static codes encode their content directly and are not tracked.

Site analytics. We use Google Analytics 4 (GA4) on our website to understand aggregate traffic — things like how many people visit a page and which features get used. We do not build per-user browsing-history profiles, and this is separate from per-code scan data and is not tied to your account.

Billing data. When you buy a paid plan, payment is handled by Paddle, our payment provider and Merchant of Record. Paddle collects the billing details and card information needed to process your payment — we never see or store your full card number. We receive only what we need to manage your subscription (such as your plan, billing country, and the last digits of your card). See Paddle’s privacy notice for how they handle payment data.

How we use it

  • To operate the Service: authenticate you, store your codes, and perform redirects.
  • To show you scan analytics for your own dynamic codes.
  • To process payments and manage your subscription on paid plans.
  • To secure the Service and prevent abuse.
  • To contact you about your account (e.g. email verification, password resets, billing notices).

We do not sell your personal data, and we do not share it for advertising.

Legal basis & retention

Where the GDPR applies, we process account data to perform our contract with you, and scan analytics under our legitimate interest in providing usage insights — using anonymized fingerprints rather than raw identifiers. We retain data while your account is active; deleting a code removes its scan records, and closing your account removes your data, subject to any legal retention obligations.

Your rights

Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal data, and to object to certain processing. You can edit or delete your codes at any time from your dashboard, and you can request account deletion by contacting us.

Sharing

We share data only with the service providers needed to run the Service — for example our hosting provider, Paddle for payments, and Google Analyticsfor aggregate website analytics — and where required by law. These providers process data on our behalf, or as the seller of record in Paddle’s case, under appropriate safeguards. We don’t share your data for anyone else’s advertising.

Changes

We may update this policy from time to time. Material changes will be reflected by the “Last updated” date above.

Contact

For privacy questions or to exercise your rights, email contact@nqr.app.