PureQR

Privacy Policy for the PureQR Application

1. Data Controller

The data controller is Jakub Schmidt, ID No.: 11643897, with registered office at Tovární 1112, Chrudim, Czech Republic (hereinafter "Controller"). Contact: [email protected].

2. What Data We Collect and Why (Purpose and Legal Basis)

One-time Generation (FREE)

We do not store any personal data or input data (URL, vCard text). The process runs in memory and data is immediately deleted after the code is generated.

Dynamic QR Codes

When users scan a Dynamic QR link, we log basic metrics (timestamp, general location, and user-agent details) solely for providing scan analytics in your dashboard. We also store the target URL for redirection purposes.

Bulk Generation (Free Tier)

The input file (CSV/Excel) and the resulting archive (ZIP) are temporarily stored on our server for a maximum of 10 minutes to enable download. They are then permanently deleted. The legal basis is contract fulfillment.

Bulk Generation (Paid) & Subscription

  • We process your email address (for sending the download link and invoice) and payment information (transaction ID, amount).
  • The resulting file (ZIP) containing your generated codes is stored on a secure server for 24 hours so you can download it. It is then automatically and permanently deleted.
  • We retain payment information and email in our database for the purpose of fulfilling our tax and accounting obligations (up to 10 years).

User Accounts (Basic & OAuth)

We process your email, password (in encrypted form) or identification tokens from third-party providers (Google/GitHub) for the purpose of managing your subscription and history.

3. Third-Party Sharing (Processors)

We do not sell personal data. We use the following trusted partners (processors) to operate the service:

  • Stripe, Inc.: For secure payment processing. We do not have access to your credit card details.
  • Google Ireland Ltd.: We use Google Analytics for traffic measurement and Google AdSense for marketing. We respect your consent settings for cookies.
  • Brevo (Sendinblue): For delivering transactional emails (verification, download links).
  • Cloudflare, Inc. (R2 Storage): For secure temporary storage of your generated files.
  • Hetzner Online GmbH: Hosting infrastructure provider for the application and database.

4. Your Rights

Under the GDPR, you have the right to access, rectify, erase (unless prevented by legal archival obligations for invoices), restrict processing, and the right to lodge a complaint with the relevant supervisory authority.