Privacy Policy | QR Code Pro

1. Introduction

QR Code Pro ("we," "our," or "us") is operated by Allsorts Web Designers, a company registered in South Africa. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our QR code generation and analytics platform (the "Service").

We are committed to protecting your privacy and complying with applicable data protection laws, including the Protection of Personal Information Act (POPIA) of South Africa and the General Data Protection Regulation (GDPR) for users in the European Economic Area.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

Name and email address
Password (stored in encrypted form)
Company name (optional)
Billing information for paid subscriptions

2.2 QR Code Content

We store data related to your QR codes:

URLs and destination links
QR code names and metadata
Design configurations and custom styling
vCard, WiFi, and other QR content types

2.3 Analytics Data

When someone scans your QR code, we collect:

Timestamp of the scan
Approximate geographic location (city/country level)
Device type and operating system
Browser information
Referrer information (where applicable)

2.4 Technical Data

We automatically collect:

IP addresses (anonymized for analytics)
Browser type and version
Operating system
Pages visited and actions taken on our platform
Cookies and similar tracking technologies

3. How We Use Your Information

We use the information we collect to:

Provide our Service: Create and manage QR codes, process redirects, and display analytics
Process payments: Handle subscriptions and billing through our payment processors
Communicate with you: Send service updates, security alerts, and support messages
Improve our Service: Analyze usage patterns to enhance features and user experience
Ensure security: Detect and prevent fraud, abuse, and security threats
Comply with legal obligations: Meet regulatory and legal requirements

4. Legal Basis for Processing (GDPR)

For users in the EEA, we process personal data based on:

Contract performance: Processing necessary to provide our Service
Legitimate interests: Improving our Service, security, and fraud prevention
Consent: Where you have given explicit consent (e.g., marketing communications)
Legal obligation: Compliance with applicable laws

5. Data Sharing and Disclosure

We may share your information with:

5.1 Service Providers

Trusted third parties who assist in operating our Service, including cloud hosting providers, payment processors, and analytics services. These providers are contractually obligated to protect your data.

5.2 Legal Requirements

We may disclose information when required by law, court order, or government request, or when necessary to protect our rights, property, or safety.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.

We do not sell your personal information to third parties.

6. Data Security

We implement industry-standard security measures to protect your data:

Encryption in transit (TLS/SSL) and at rest
Secure password hashing using bcrypt
Regular security audits and vulnerability assessments
Access controls and authentication mechanisms
Secure data centers with physical access controls

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but strive to protect your data using commercially acceptable means.

7. Data Retention

We retain your data as follows:

Account data: Retained while your account is active and for 30 days after deletion request
QR code data: Retained while associated with an active account
Analytics data: Aggregated and anonymized after 24 months
Billing records: Retained for 7 years as required by law

8. Your Rights

Under POPIA and GDPR, you have the following rights:

Access: Request a copy of your personal data
Rectification: Correct inaccurate or incomplete data
Erasure: Request deletion of your data ("right to be forgotten")
Portability: Receive your data in a machine-readable format
Restriction: Limit how we process your data
Objection: Object to processing based on legitimate interests
Withdraw consent: Withdraw previously given consent at any time

To exercise these rights, contact us at [email protected]

9. Cookies and Tracking

We use cookies and similar technologies for:

Essential cookies: Required for the Service to function (authentication, security)
Analytics cookies: Help us understand how you use our Service
Preference cookies: Remember your settings and preferences

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect Service functionality.

10. International Data Transfers

Our servers are located in secure data centers. If we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission and compliance with POPIA's cross-border transfer requirements.

11. Children's Privacy

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or prominent notice on our platform. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related inquiries or to exercise your rights:

Allsorts Web Designers

Trading as QR Code Pro

Email: [email protected]

South Africa

For South African users: You have the right to lodge a complaint with the Information Regulator if you believe your privacy rights have been violated.