Privacy Policy
1. Who we are
QRBYT ("we", "us", "our") operates the website www.qrbyt.com and the QR code generation service. If you have any questions about this Privacy Policy or your data, contact us at contact@qrbyt.com.
2. What data we collect
Account data
When you create an account, we collect your email address, first name, and last name. If you register with email, your password is securely encrypted — we never store or have access to your plain-text password. If you sign in with Google, we receive your name, email address, and profile picture. No password is created or stored.
QR code data
When you use the service, we store the content you encode in your QR codes (such as URLs, text, Wi-Fi credentials, contact information, SMS or email details), your design settings (colors, patterns, frames), and any logos you upload.
Scan analytics
When someone scans a dynamic QR code created through QRBYT, we collect the scan timestamp, device type, operating system, browser, and approximate geographic location. This data is associated with the QR code, not with the person scanning it. We never collect names, emails, or other personal details from those scanning your QR codes.
Contact form
When you submit the contact form, we receive your name, email address, subject, and message. This data is sent to us via Mailtrap (our email delivery provider) and is used solely to respond to your inquiry.
Abuse report form
When you submit the abuse report form, we receive your email address, the URL you are reporting, the type of abuse, and a description of the issue. This data is sent to us via Mailtrap and is used solely to investigate and act on the report.
Payment data
Payments are processed entirely by Stripe. We never receive, see, or store your credit card number or banking details. We receive only transaction confirmations and subscription status from Stripe.
Data we collect automatically
We automatically collect certain data when you visit our website:
- Google Analytics — pages visited, session duration, device type, browser, and approximate location. This data is governed by Google's Privacy Policy.
- Cloudflare — as our CDN and DNS provider, Cloudflare processes your IP address and request metadata to deliver and protect the site. See Cloudflare's Privacy Policy.
- Cloudflare Turnstile — used on the contact and abuse report forms to verify you are not a bot. No personal data is collected beyond the verification token.
3. How we use your data
We use your data to:
- Operate and maintain the QR code service
- Process payments and manage subscriptions
- Respond to contact form inquiries
- Investigate and act on abuse reports
- Analyze site usage to improve the service (via Google Analytics)
- Prevent abuse and ensure security (rate limiting, bot protection)
We process your data to provide the service, maintain security, and improve our service. Where required, we rely on your consent (e.g., analytics or sign-in options).
We do not use your data for advertising, profiling, or automated decision-making. We do not sell your data to third parties.
4. Cookies
We use a minimal set of cookies. Analytics cookies are set only with your consent. You can withdraw consent at any time through the cookie settings on our website.
| Cookie | Purpose | Type |
|---|---|---|
| Session cookie | Keeps you logged in | Essential |
| _ga, _gid | Google Analytics | Analytics |
5. Third-party services we use
We share data with the following third parties, only as necessary to operate the service:
| Service | Purpose | Data shared |
|---|---|---|
| Cloudflare | CDN, DNS, bot protection | IP address, request metadata |
| Google Analytics | Usage analytics | Anonymized usage data |
| Stripe | Payment processing | Payment details (sent directly to Stripe) |
| Mailtrap | Contact and abuse report email delivery | Name, email, subject, message (contact form); email, URL, abuse type, description (abuse report form) |
| Google OAuth | Authentication (sign in with Google) | Name, email, profile picture |
6. How we store and secure your data
- Your data is stored on servers located in Frankfurt, Germany (EU).
- Passwords are securely encrypted and never stored in plain text.
- Session cookies cannot be accessed by third-party scripts.
- All connections are encrypted via HTTPS.
- We do not sell, rent, or trade your personal data.
Some third-party services we use (Google, Stripe, Mailtrap) may process data outside the EU/EEA. These providers operate under Standard Contractual Clauses (SCCs) or equivalent safeguards approved by the European Commission.
7. Data retention
| Data type | Retention |
|---|---|
| Account data | Retained while your account is active. Deleted upon request. |
| QR code data & designs | Retained while your account is active. |
| Scan analytics | Retained while the associated QR code exists. |
| Contact form and abuse report messages | Delivered via email and not retained on our servers. |
| Google Analytics data | Per Google's retention policy (14 months by default). |
8. Your rights
Under the General Data Protection Regulation (GDPR), you have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate or incomplete data
- Erasure — request deletion of your account and data
- Data portability — receive your data in a structured, machine-readable format
- Object — object to processing based on legitimate interests
- Withdraw consent — where processing is based on consent, withdraw it at any time
To exercise any of these rights, email us at contact@qrbyt.com. We will respond within one month.
You also have the right to lodge a complaint with your local data protection authority.
9. Children
QRBYT is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at contact@qrbyt.com and we will delete it.
10. Changes to this policy
We may update this Privacy Policy from time to time. We will update the effective date at the top of this page when changes are made.