Privacy policy

Short version: we collect the minimum we need to keep the Service running. We don’t sell your data, we don’t use third-party ad trackers, and we don’t store raw IP addresses.

What we collect

• Account — email address + auth metadata (Supabase).
• QRs you create — target URL, title, rules, short code, timestamps.
• Scan events — coarse country + device family + browser, plus a salted SHA-256 hash of IP+UA per day (so we can count unique visitors without storing identifying info). No raw IPs, no cookies.
• Billing — tier, subscription status, credit ledger (we don’t store card details; Razorpay holds those).

What we don’t collect

• Raw IP addresses.
• Precise location (no GPS, no city-level unless the IP lookup happens to return one).
• Fingerprinting signals beyond the coarse device family.
• Third-party ad pixels.

Who sees it

Only you and anyone on your team you’ve invited. We don’t share individual data with anyone except the service providers required to run the app (Supabase for data storage, Razorpay for payments), all bound by their own terms.

How long we keep it

Scan events: retained according to your tier’s analytics retention (30 days on free, 90 on Starter, 365 on Pro, unlimited on Studio). Account + QR metadata: until you delete your account, at which point everything is removed immediately.

Your rights

You can export your data, correct it, or delete it from your account page. If you need help, email info@qrshop.io.

Cookies

We use a single session cookie (Supabase Auth) to remember you’re signed in. No analytics cookies, no ad cookies, no trackers.

Contact

info@qrshop.io