PlatformQR

Legal

Privacy Policy

Last updated: 30 April 2026

PlatformQR acts as a data controller for account, billing, and service usage data under UK GDPR and the Data Protection Act 2018. This policy explains what we collect, why we use it, who we share it with, and the rights you have.

What We Collect

  • Account data: name, email address, authentication identifiers.
  • Service data: QR code content/settings, creation dates, and edit history.
  • Destination data: URLs, campaign labels, and settings you choose to attach to QR codes.
  • Analytics data: scan time, hashed IP address, device/browser/operating system, approximate country/city, language, and referrer where available.
  • Billing data: Stripe customer/subscription identifiers, payment status, invoices, billing country, and subscription history.
  • Support data: messages, email metadata, and information you provide when contacting us.
  • Security and log data: IP addresses, user agents, request data, error logs, and abuse-prevention signals.

Legal Bases

  • Performance of contract: delivering QR generation, redirects, analytics, and subscription features.
  • Legitimate interests: platform security, abuse prevention, and service reliability.
  • Legal obligation: accounting, tax, and fraud prevention requirements.
  • Consent: optional cookies, marketing preferences, or other consent-based processing where applicable.

What You Should Not Upload

PlatformQR is not intended for storing sensitive personal data, special category data, protected health information, payment card numbers, government identifiers, passwords, private keys, or confidential third-party data. You are responsible for ensuring the content and destinations you add to PlatformQR are lawful and suitable.

How Long We Keep Data

  • Active account data is retained while your account is active.
  • Subscription records are retained as required for tax/accounting compliance.
  • QR codes and analytics are retained while needed for service functionality or until deleted by you, subject to backups, fraud prevention, security, accounting, and legal retention requirements.
  • Support messages and security logs are retained as long as reasonably needed to resolve issues, prevent abuse, and protect the service.

Processors, Sharing, and Transfers

We use trusted providers to operate PlatformQR, including Supabase for authentication/database/storage, Stripe for payments and billing, Vercel for hosting/deployment, Resend and email providers for transactional email, and infrastructure or analytics providers where enabled. We may share data with these providers, professional advisers, regulators, law enforcement, or other parties where necessary for service operation, security, legal compliance, fraud prevention, or business transfers. Providers may process data outside the UK; we rely on appropriate safeguards such as contractual clauses and provider compliance commitments.

Security

We use reasonable technical and organisational measures to protect personal data, including hosted infrastructure providers, access controls, hashed scan IP analytics, secure authentication, and payment processing through Stripe. No internet service can be guaranteed completely secure, and you are responsible for keeping your account credentials and API keys safe.

Cookies and Tracking

We use necessary cookies for authentication, security, and session management. Optional analytics or marketing cookies are disabled unless you opt in. See our Cookie Policy for more information and controls.

Children

PlatformQR is not directed at children under 13 and should not be used by children without appropriate consent or supervision where required by law.

Your Rights

You may request access, correction, deletion, restriction, objection, or portability of your personal data. You may also withdraw consent where processing is based on consent. Some requests may be limited where we must keep data for legal, accounting, fraud prevention, security, or contractual reasons. You may lodge a complaint with the UK Information Commissioner's Office (ICO).

Changes to This Policy

We may update this Privacy Policy as PlatformQR changes. The latest version will always be posted on this page with the updated date.

Contact

Privacy requests: support@platformqr.com