Privacy Policy

This Privacy Policy describes how QRCraft ("we," "our," or "us") collects, uses, processes, and protects your personal information when you use our QR code generation service, including both our free and paid subscription tiers. We are committed to protecting your privacy and ensuring transparency about our data practices.

By using QRCraft, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with any part of this policy, please do not use our service.

This policy complies with applicable privacy laws including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant privacy regulations.

Interpretation and Definitions

Interpretation

The words with an initial capital letter have meanings defined under the following conditions. These definitions shall have the same meaning whether they appear in singular or plural.

Definitions

For the purposes of this Privacy Policy:

• Account: A unique account created for you to access our Service or certain parts of our Service.
• Company: (referred to as "QRCraft", "we", "us", or "our") is the provider of this Service.
• Cookies: Small files placed on your device that save details of your browsing history on our Website.
• Data Controller: QRCraft, as the entity that determines the purposes and means of processing personal data.
• Data Processor: Third-party services that process data on our behalf (e.g., payment processors, analytics providers).
• Device: Any device that can access the Service such as a computer, cellphone, or digital tablet.
• Free Tier: Our basic service tier that allows limited QR code generation without payment.
• GDPR: General Data Protection Regulation, the privacy law applicable to EU residents.
• Personal Data: Any information that relates to an identified or identifiable individual.
• Processing: Any operation performed on personal data, including collection, storage, use, and deletion.
• Service: Refers to the QRCraft website and the online services provided by QRCraft.
• Subscription: Our paid service tiers (Basic and Pro) that provide additional features and capabilities.
• Usage Data: Data collected automatically, either generated by the use of the Service or from the Service infrastructure itself.
• Website: QRCraft, accessible from https://qrcraft.online.
• You: The individual accessing or using the Service, or the company, or other legal entity on whose behalf such individual is accessing or using the Service.

Information We Collect

Personal Information You Provide

We collect the following personal information when you:

• Create an account: Email address, name, and authentication information
• Subscribe to paid services: Billing information, payment details (processed securely by Stripe)
• Contact us: Name, email address, and message content
• Generate QR codes: Content you input for QR code generation (text, URLs, contact information, etc.)

Automatically Collected Information

We automatically collect certain information when you use our Service:

• Usage Data: Pages visited, features used, time spent on the service, QR codes generated
• Device Information: IP address, browser type and version, operating system, device type
• Performance Data: Page load times, error reports, service availability metrics
• Authentication Data: Login timestamps, session information, security logs

Subscription and Payment Information

For paid subscribers, we collect:

• Subscription tier and status
• Payment history and transaction records
• Billing preferences and invoicing information
• Usage limits and quota tracking for different subscription tiers

QR Code Content

We temporarily process the content you input for QR code generation. For free tier users, this data is processed in real-time and not stored permanently. For paid subscribers, we may temporarily cache generated QR codes to improve service performance, but we do not permanently store the content unless explicitly requested by you for account features.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track activity on our Service and hold certain information. The technologies we use may include:

• Cookies or Browser Cookies: These are small files placed on your device. You can instruct your browser to refuse all cookies, but some parts of our Service may not function properly.
• Web Beacons: Sections of our Service or emails may include small electronic files that help count users and record statistics.

Cookies can either be "Persistent" or "Session" Cookies. Session Cookies exist only during an active session and are deleted when you close your browser, while Persistent Cookies remain until they are manually cleared.

We use Cookies for various purposes, including:

• Necessary / Essential Cookies: These cookies are essential to provide you services and include session cookies and other temporary cookies.
• Preference Cookies: Cookies that enable us to remember user preferences.
• Analytics Cookies: Cookies used to collect information on how our Service is used, aiding us to improve functionality.

How We Use Your Information

We use your personal information for the following purposes, based on legitimate business interests and, where required, your consent:

• Service Provision: To provide, maintain, and improve our QR code generation service
• Account Management: To create and manage your account, including authentication and access control
• Subscription Management: To process payments, manage subscriptions, handle upgrades/downgrades, and send billing-related communications
• Feature Access: To enforce subscription tier limitations and provide appropriate service features
• Customer Support: To respond to your inquiries, provide technical support, and resolve issues
• Service Analytics: To analyze usage patterns, improve service performance, and develop new features
• Security: To protect against fraud, unauthorized access, and security threats
• Legal Compliance: To comply with applicable laws, regulations, and legal processes
• Marketing (with consent): To send promotional emails about new features, updates, and relevant offers (you may opt out at any time)

Legal Bases for Processing (GDPR)

For EU residents, we process your personal data based on:

• Contractual necessity: To provide the service you've requested
• Legitimate interest: For service improvement, security, and business operations
• Consent: For marketing communications and non-essential features
• Legal obligation: To comply with applicable laws

Data Sharing and Third-Party Services

We share your personal information only in the following circumstances:

Service Providers

• Stripe: Payment processing and subscription management (PCI DSS compliant)
• Clerk: Authentication and user management services
• Vercel/Netlify: Hosting and content delivery services
• Email Services: For transactional and marketing communications (if consented)

Legal Requirements

We may disclose your information when required by law, such as:

• In response to valid legal requests or court orders
• To protect our rights, property, or safety, or that of our users
• To prevent fraud or security threats
• To comply with applicable laws and regulations

Business Transfers

In the event of a merger, acquisition, or sale of our business, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

No Sale of Personal Data

We do not sell, rent, or lease your personal information to third parties for their marketing purposes.

Your Privacy Rights

General Rights

You have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal data (subject to legal obligations)
• Portability: Request a copy of your data in a machine-readable format
• Objection: Object to processing based on legitimate interests
• Restriction: Request limitation of processing in certain circumstances

GDPR Rights (EU Residents)

If you are in the European Union, you have additional rights under GDPR:

• Right to withdraw consent at any time
• Right to lodge a complaint with your local supervisory authority
• Right to data portability for data provided based on consent or contract

CCPA Rights (California Residents)

If you are a California resident, you have rights under the CCPA:

• Right to know what personal information we collect and how it's used
• Right to delete personal information (subject to exceptions)
• Right to opt-out of the sale of personal information (we don't sell data)
• Right to non-discrimination for exercising your privacy rights

How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@qrcraft.online or through your account settings. We will respond to your request within the timeframes required by applicable law (typically 30 days).

Data Retention and Security

Retention Periods

We retain your personal data for the following periods:

• Account Data: Until you delete your account or request deletion
• Subscription Data: For 7 years after subscription ends (for tax and legal compliance)
• Usage Logs: 2 years for security and analytics purposes
• QR Code Content: Immediately after generation for free users; up to 30 days cache for paid users
• Marketing Data: Until you unsubscribe or withdraw consent

Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption: Data in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Strict access controls and authentication for our systems
• Regular Security Reviews: Ongoing security assessments and updates
• Incident Response: Procedures for detecting and responding to security incidents
• Third-Party Security: We ensure our service providers maintain appropriate security standards

While we strive to protect your personal data, no internet-based service can guarantee 100% security. We encourage you to use strong passwords and enable two-factor authentication where available.

International Data Transfers

Your personal data may be processed in countries other than your country of residence. These countries may have different data protection laws than your country.

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Certification schemes and codes of conduct

Children's Privacy

Our Service does not target anyone under the age of 13. We do not knowingly collect personal data from children under 13. If you believe that we have collected personal data from a child under 13, please contact us.

Links to Other Websites

Our Service may include links to other websites not operated by QRCraft. We advise you to review the privacy policies of those sites as we do not control their content.

Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by updating the "Last updated" date on this page and through prominent notices on our Website. You are encouraged to review this Privacy Policy periodically.