FlashQR← Back to home

Legal

Privacy Policy

Last updated: March 15, 2026

1. Introduction

FlashQR (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our QR code management platform at flashqr.io (the “Service”). Please read this policy carefully. By using the Service, you consent to the practices described here.

2. Information We Collect

2.1 Account Information

When you register, we collect your name, email address, and a hashed password. We never store your password in plain text.

2.2 QR Code Data

We store the QR codes you create, including their names, destination URLs, content type, and design settings (colors, format).

2.3 Scan Analytics

Each time one of your QR codes is scanned, we may automatically collect:

  • Browser name and version
  • Operating system and version
  • Device type (desktop, mobile, tablet)
  • Country and city (derived from IP address — the IP itself is not stored)
  • HTTP referrer
  • Timestamp of the scan

This data is attributed to your QR code, not to the individual scanner, and is used solely to provide you with analytics.

2.4 Payment Information

Billing and payment processing is handled entirely by Stripe. We do not store credit card numbers or banking details on our servers. We receive and store a Stripe customer ID and subscription status to manage your plan.

2.5 Usage and Log Data

We may collect standard server log data such as request timestamps, pages visited, and error events for operational and security purposes. This data is retained for a limited period and is not sold or shared.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Service
  • Authenticate your account and keep it secure
  • Display scan analytics on your dashboard
  • Process payments and manage subscriptions
  • Send transactional emails (account creation, billing receipts, subscription changes)
  • Respond to support inquiries
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

We do not use your data to serve third-party advertising, and we do not sell your personal information to any third party.

4. Cookies and Tracking

We use strictly necessary cookies to maintain your authenticated session. We do not use advertising cookies or cross-site tracking technologies. Specifically:

  • Session cookie: Used to keep you logged in. Expires when you sign out or after an extended period of inactivity.
  • CSRF token: Used to protect form submissions from cross-site request forgery.

5. Data Sharing and Third Parties

We share data only as described below:

  • Stripe: Payment processor. Subject to Stripe’s own privacy policy.
  • Hosting infrastructure: Our servers are hosted on cloud infrastructure providers. Data is stored within the EU/US depending on deployment configuration. All providers are subject to appropriate data processing agreements.
  • Legal requirements: We may disclose information if required to do so by law, court order, or governmental authority.

6. Data Retention

We retain your account data and QR code data for as long as your account is active. Scan analytics are retained for a rolling period of up to 24 months. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or financial compliance purposes.

7. Data Security

We implement industry-standard security measures including HTTPS encryption for all data in transit, hashed passwords (bcrypt), and access controls. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate personal data
  • Request deletion of your personal data
  • Object to or restrict certain processing
  • Data portability (receive a copy of your data in a machine-readable format)

To exercise any of these rights, contact us at privacy@flashqr.io. We will respond within 30 days.

9. Children’s Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal information from anyone under 16. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice in your dashboard. The “Last updated” date at the top of this page reflects the most recent revision. Continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us:

FlashQR

Email: privacy@flashqr.io