PrismaQRPrismaQR
Back to home

Privacy Policy

Last updated: April 5, 2026

1. Who we are

PrismaQR (“we,” “us,” or “our”) provides a dynamic QR code platform that lets businesses and individuals create, manage, and track QR codes. This Privacy Policy explains what information we collect, why we collect it, and how you can manage it.

2. Information we collect

2.1 Account information

When you create a PrismaQR account, we collect your name, email address, and a hashed version of your password. If you sign in with Google, we receive your name, email, and profile picture from Google—nothing more.

2.2 QR code and content data

We store the QR codes you create, including destination URLs, titles, styling preferences, and any uploaded logos or images. This data is necessary to generate and serve your QR codes.

2.3 Scan analytics

When someone scans one of your QR codes, we collect anonymized analytics data: approximate geographic location (country and city derived from IP), device type, operating system, browser, and referrer. We do not store raw IP addresses—each IP is irreversibly hashed to calculate unique scan counts and then discarded.

2.4 Usage and technical data

We collect standard log data when you interact with our platform: pages visited, features used, browser type, device information, and timestamps. This helps us understand how people use PrismaQR so we can improve the experience.

2.5 Payment information

If you subscribe to a paid plan, payment processing is handled entirely by our third-party payment provider. We never see, store, or have access to your full credit card number. We only receive a confirmation of your subscription status and billing history.

3. How we use your information

  • Deliver the service: Generate and serve your QR codes, process redirects, and display scan analytics in your dashboard.
  • Improve the product: Analyze aggregate usage patterns to prioritize new features, fix bugs, and optimize performance.
  • Communicate with you: Send transactional emails (password resets, billing receipts) and occasional product updates. You can opt out of non-essential emails at any time.
  • Prevent abuse: Detect and block spam, phishing, and other misuse of our QR code redirect infrastructure.

4. How we share your information

We do not sell your personal data. Period. We share data only in these limited circumstances:

  • Service providers: Trusted third parties that help us run PrismaQR—hosting (Vercel), database (Supabase), payment processing, and email delivery. Each provider is contractually bound to use your data solely for delivering their service to us.
  • Legal requirements: If we are compelled by law, court order, or regulatory authority to disclose information, we will do so—and we will notify you unless legally prohibited.
  • Business transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred. We will provide notice before your data becomes subject to a different privacy policy.

5. Cookies and tracking

PrismaQR uses essential cookies to keep you signed in and remember your preferences (like dark mode). We do not use third-party advertising cookies or cross-site trackers. Scan analytics are collected server-side without placing cookies on the scanner’s device.

6. Data retention

We retain your account data and QR codes for as long as your account is active. Scan analytics are kept for the lifetime of the associated QR code. If you delete your account, we remove your personal data within 30 days, except where we are legally required to retain it (e.g., billing records).

7. Your rights

Depending on your location, you may have the right to:

  • Access, correct, or delete the personal data we hold about you.
  • Export your QR codes and analytics data in a portable format.
  • Object to or restrict certain types of data processing.
  • Withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at our contact page. We will respond within 30 days.

8. Data security

We take reasonable technical and organizational measures to protect your data: encryption in transit (TLS), encrypted storage for sensitive fields, secure authentication via Supabase Auth, and regular access reviews. No system is perfectly secure, but we are committed to industry best practices and will notify you promptly in the unlikely event of a data breach.

9. Children’s privacy

PrismaQR is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a prominent notice on our platform. Your continued use of PrismaQR after a change takes effect constitutes acceptance of the revised policy.

11. Contact us

If you have questions about this Privacy Policy or how we handle your data, reach out through our contact page. We are happy to help.