Privacy Policy

1. Scope and controller

This Privacy Policy explains how QR-ZY collects, uses, stores, and protects personal data when you browse the site, create QR codes, register an account, use paid features, or contact support.

This notice applies to visitors, authenticated users, guest-session users, and subscribers unless a separate written agreement states otherwise.

2. Data we collect

• Account data: email address, hashed password, Google sign-in identifier if you use Google authentication, and account timestamps.
• QR content and settings: payloads, destination URLs, names, styles, templates, generated slugs, activation status, and project metadata saved in your cabinet.
• Dynamic QR operational data: scan timestamps, counters, hashed IP data when available, user agent, referrer, and country-level metadata.
• Subscription and billing records: selected plan, interval, trial eligibility, subscription period, status, and payment-related references needed to manage access.

3. Cookies, local storage, and guest session IDs

• We use a language cookie to remember your selected interface language.
• We use a guest-session identifier in local storage and a browser cookie to save and recover anonymous dynamic QR items before login.
• We use local storage for authentication tokens and certain cabinet or billing preferences so the app can keep your session and current state.
• Optional analytics and marketing cookies, including Google Analytics and Google Ads, are controlled by your cookie consent choices.

4. How we use data

• Provide and maintain the QR-ZY service, including account access, QR generation, redirects, analytics, billing, and support.
• Secure the platform, detect abuse, investigate incidents, and enforce our legal terms.
• Communicate with you about service operations, transactions, support requests, and important product or policy updates.

5. Legal bases and compliance

Depending on your location, we process personal data based on contract performance, legitimate interests, legal obligations, consent where required, and other lawful bases available under applicable law.

6. Sharing and disclosures

• We may share data with infrastructure, analytics, authentication, payment, and support providers that help us operate the service under appropriate safeguards.
• We may disclose data when required by law, to protect rights and safety, to investigate fraud or abuse, or as part of a merger, sale, or restructuring.

7. Retention

We retain personal data for as long as needed to provide the service, comply with legal requirements, resolve disputes, enforce our agreements, and protect the platform.

Guest-session QR records may be retained until they are deleted, migrated to an authenticated account, or removed during routine cleanup.

8. Security

We use reasonable technical and organizational measures to protect data, including account authentication controls, hashed password storage, and restricted administrative access where appropriate.

No internet service can guarantee absolute security. You remain responsible for protecting your own devices, passwords, and account access methods.

9. Your rights and choices

• Request access to personal data we hold about you.
• Request correction of inaccurate or incomplete data.
• Request deletion where applicable, subject to legal or security retention requirements.
• Object to or restrict certain processing where applicable law provides that right.
• Request portability of certain data where technically feasible and legally required.

10. Children and updates

QR-ZY is not intended for children under the age required by applicable law to provide valid consent. If you believe a child submitted personal data without authorization, contact us so we can review and remove it where appropriate.

We may update this Privacy Policy from time to time. Material updates will be reflected on this page with a revised effective date.