Privacy Policy

Last updated: April 12, 2026

1. Who we are

QRBYT ("we", "us", "our") operates the website www.qrbyt.com and the QR code generation service. If you have any questions about this Privacy Policy or your data, contact us at contact@qrbyt.com.

2. What data we collect

Account data

When you create an account, we collect your email address, first name, and last name. If you register with email, your password is securely encrypted — we never store or have access to your plain-text password. If you sign in with Google, we receive your name, email address, and profile picture. No password is created or stored.

QR code data

When you use the service, we store the content you encode in your QR codes (such as URLs, text, Wi-Fi credentials, contact information, SMS or email details), your design settings (colors, patterns, frames), and any logos you upload.

Scan analytics

When someone scans a dynamic QR code created through QRBYT, we collect the scan timestamp, device type, operating system, browser, and approximate geographic location. This data is associated with the QR code, not with the person scanning it. We never collect names, emails, or other personal details from those scanning your QR codes.

Contact form

When you submit the contact form, we receive your name, email address, subject, and message. This data is sent to us via Mailtrap (our email delivery provider) and is used solely to respond to your inquiry.

Abuse report form

When you submit the abuse report form, we receive your email address, the URL you are reporting, the type of abuse, and a description of the issue. This data is sent to us via Mailtrap and is used solely to investigate and act on the report.

Payment data

Payments are processed entirely by Stripe. We never receive, see, or store your credit card number or banking details. We receive only transaction confirmations and subscription status from Stripe.

Data we collect automatically

We automatically collect certain data when you visit our website:

  • Google Analytics — pages visited, session duration, device type, browser, and approximate location. This data is governed by Google's Privacy Policy.
  • Cloudflare — as our CDN and DNS provider, Cloudflare processes your IP address and request metadata to deliver and protect the site. See Cloudflare's Privacy Policy.
  • Cloudflare Turnstile — used on the contact and abuse report forms to verify you are not a bot. No personal data is collected beyond the verification token.

3. How we use your data

We use your data to:

  • Operate and maintain the QR code service
  • Process payments and manage subscriptions
  • Respond to contact form inquiries
  • Investigate and act on abuse reports
  • Analyze site usage to improve the service (via Google Analytics)
  • Prevent abuse and ensure security (rate limiting, bot protection)

We process your data to provide the service, maintain security, and improve our service. Where required, we rely on your consent (e.g., analytics or sign-in options).

We do not use your data for advertising, profiling, or automated decision-making. We do not sell your data to third parties.

4. Cookies

We use a minimal set of cookies. Analytics cookies are set only with your consent. You can withdraw consent at any time through the cookie settings on our website.

Cookie Purpose Type
Session cookie Keeps you logged in Essential
_ga, _gid Google Analytics Analytics

5. Third-party services we use

We share data with the following third parties, only as necessary to operate the service:

Service Purpose Data shared
Cloudflare CDN, DNS, bot protection IP address, request metadata
Google Analytics Usage analytics Anonymized usage data
Stripe Payment processing Payment details (sent directly to Stripe)
Mailtrap Contact and abuse report email delivery Name, email, subject, message (contact form); email, URL, abuse type, description (abuse report form)
Google OAuth Authentication (sign in with Google) Name, email, profile picture

6. How we store and secure your data

  • Your data is stored on servers located in Frankfurt, Germany (EU).
  • Passwords are securely encrypted and never stored in plain text.
  • Session cookies cannot be accessed by third-party scripts.
  • All connections are encrypted via HTTPS.
  • We do not sell, rent, or trade your personal data.

Some third-party services we use (Google, Stripe, Mailtrap) may process data outside the EU/EEA. These providers operate under Standard Contractual Clauses (SCCs) or equivalent safeguards approved by the European Commission.

7. Data retention

Data type Retention
Account data Retained while your account is active. Deleted upon request.
QR code data & designs Retained while your account is active.
Scan analytics Retained while the associated QR code exists.
Contact form and abuse report messages Delivered via email and not retained on our servers.
Google Analytics data Per Google's retention policy (14 months by default).

8. Your rights

Under the General Data Protection Regulation (GDPR), you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your account and data
  • Data portability — receive your data in a structured, machine-readable format
  • Object — object to processing based on legitimate interests
  • Withdraw consent — where processing is based on consent, withdraw it at any time

To exercise any of these rights, email us at contact@qrbyt.com. We will respond within one month.

You also have the right to lodge a complaint with your local data protection authority.

9. Children

QRBYT is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at contact@qrbyt.com and we will delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will update the effective date at the top of this page when changes are made.