Data Policy

QRCodeGeneratr sets the standard for a privacy-first approach to data. This data policy describes how we treat the data we collect in performance of our services.

  • QRCodeGeneratr is GDPR and CCPA compliant.
  • QRCodegeneratr securely transports data to our MS Azure servers located in the US
  • QRCodeGeneratr does not collect or store sensitive or Personally Identifiable Information (PII)
  • QRCodeGeneratr anonymizes traffic data / IP Address prior to database storage
  • QRCodeGeneratr does not collect user IDs or other pseudonymous identifiers
  • QRCodeGeneratr does not fingerprint devices
  • QRCodeGeneratr does not build profiles of visitors
  • QRCodeGeneratr does not attempt to identify visitors
  • QRCodeGeneratr does not accumulate patterns of an individuals activity and geospatial information
  • QRCodeGeneratr does not run third-party tracking services or third-party cookies on your campaigns
  • QRCodeGeneratr does not track cross-domain
  • QRCodeGeneratr does not facilitate supercookies
  • QRCodeGeneratr does not facilitate third-party advertising cookies for re-targeting
  • QRCodeGeneratr does not use your data for advertising purposes
  • QRCodeGeneratr does not share your data*
  • QRCodeGeneratr does not sell your data

QRCodeGeneratr as a data processor.

In order for QRCodeGeneratr to produce reports, we analyze a variety of sources of data, including data from the users who access your campaign links, none of them considered personal data under GDPR - save for IP address. In this scenario, QRCodeGeneratr is considered the data processor on behalf of our customers, who are individual data controllers. In order to report on location, QRCodeGeneratr tracks and stores the IP address of visitors to your campaigns. While an IP address can be considered personal data, we never store full IP addresses. We anonymize IP address as soon as technically feasible by replacing the last octet of your visitor’s IP address with a ‘0’. By stripping the octet from IPs, we eliminate the collection of your campaign visitors' personal data. This occurs before any data storage; the full IP address is never written to the disk.

Notice to EU Users: As no personal data whatsoever is stored in the case of using the default method to determine location, we believe QRCodeGeneratr reports are not subject to GDPR laws. If the optional method of Device GPS Location is activated by you, your reports/data may be subject to GDPR laws. GDPR acknowledges location data’s unique position as identifiable information by making it part of its definition of “personal data” in Article 4 (1). Under GDPR, subjects of personal data are granted extended rights, including a right to access and a right to erasure.


What information is collected?

QRCodeGeneratr captures and securely transports data the following information related to your campaigns for storage and reporting to QRCodeGeneratr’s MS Azure servers located in the US.

  • Visit Date & Time Stamp
  • Location
    • IP Address. The default method of determining location uses IP Address. IP Address is anonymized before storage or reporting.
    • Device GPS. An optional method of determining location requires the permission of the user. With the users explicit OPT-IN, location is deteremined by device GPS (if activated). In this case, Latitude & Longitude is made available with a level of accuracy. If permission is not granted, IP address is used.
  • Device User Agent String, Type of device/OS/browser
  • Language that the device is set to

Location-based services.

To provide location-based services, QRCodeGeneratr collects, uses, and shares anonymized location data, including the approximate geographic location of devices when campaigns are accessed.

As example, with the scan of a QR code or click of a Short URL, IP-based location data is collected to determine a devices’ approximate location. Further, when activated by the campaign account owner, accepted by the device owner, and available to the device, more precise location-based services may use GPS, Bluetooth, and your IP Address, along with crowd-sourced Wi-Fi hotspot and cell tower locations, and other technologies to determine a devices’ approximate location. This location data is collected anonymously in a form that does not personally identify. The location data is used by QRCodeGeneratr to provide and improve location-based content and services.

The default method used by QRCodeGeneratr to determine location is IP Address. IP Address is anonymized prior to database storage.

  • IP Addresses are typically accurate to the city or state/province level.
  • IP Addresses that can only be identified at the country level do not appear on the map.
  • IP Addresses for which we have no geolocation data do not appear on the map.

What happens if the "Device GPS Location" method is activated?

Campaigns can be configured at the campaign account owners discretion to display a prompt that requests permission to determine location through GPS. If permission is granted, location and location accuracy is determined by device GPS. Latitudes and Longitudes are approximate and based on a mix of commercially-licensed and open-source IP Lookup data. If permission is not granted, location is determined by the default location method.

True visits.
QRCodeGeneratr attempts to report only those visits that originate from “real” people engaging your campaign. Visits generated by computer programs and bots are in many cases identified and removed from your report. In some cases, applications send additional server-based visits that cannot be removed. In other cases, where visits flow though the server of an intermediate service or application, activity will appear clustered around the location of that server.


How is this information used?

This information allows QRCodeGeneratr to:

  1. Provide intelligent redirection services e.g., redirect by device OS, by country, and by device language,
  2. Generate reports with date & time stamp, geolocation, device OS and language, and
  3. Identify and remove non-human, bot and spam traffic from reports. 

It is against our Terms of Service for customers to create or use URLs that contain any type of personal information. In the case that customers wish to pass personal data through the URL in any way (such as by including it in the domain name, the URL slug or in forwarding parameters) it's the customer's responsibility to notify us as well as their own customers.

Reports are private & secure by default, accessible only to the account owners running the campaign and QRCodeGeneratr under secure login. Account owners / users can, however,

  1. Choose to share their annonomized reports with others.
  2. Send select data to third party analytics platform by way of URL-based campaign parameters e.g.; Google Analytics UTM Parameters.
  3. Determine how long data remains in the QRCodeGeneratr system. Account owners / users can choose to delete their reports & underlying data at anytime.

* QRCodeGeneratr does not share your data with any third parties with two exceptions:

  1. We securely send location data to Google APIs to generate the maps used in your reports.
  2. We reserve the right to share anonymized, aggregate insights e.g., 52.7% of all QR code scans across the QRCodeGeneratr platform originate from iOS devices.

This Data Policy was last updated on 23 Jan 2022.