Registration Login

Privacy Policy — WebQR.io

Last updated: March 24, 2026

1. Introduction

This Privacy Policy describes what personal data WebQR.io collects, for what purposes, and how it is stored and protected, as well as the rights you have regarding your data. By using the Service, you confirm your agreement to this Policy. If you do not agree, please stop using the Service.

2. Definitions

WebQR.io (the Service, we) — a web platform for generating QR codes, accessible at webqr.io.
User (you) — an individual aged 16 or over who uses the Service.
Personal Data — any information that directly or indirectly identifies you as an individual.
Cookie — a small data file stored by a browser on your device.
IP Address — a unique numerical address assigned to your device when connecting to the internet.
GDPR — the EU General Data Protection Regulation (Regulation (EU) 2016/679).

3. Data We Collect

We collect only the data necessary for the operation of the Service:

  • Account data: email address, name (upon registration).
  • Social login data: if you register or log in via a third-party provider (Google, Facebook, or Apple), we receive your name, email address, and profile identifier from that provider.
  • Payment data: when paying for a paid plan — data is processed directly by the payment provider; we retain only the fact and date of the transaction.
  • Technical data: IP address, browser type, operating system, referring page, time of visit.
  • Usage data: history of QR codes created, selected parameters and formats.
  • Location data: if GPS tracking is enabled by the QR code owner, precise coordinates may be collected from individuals who scan the QR code — only with their explicit browser consent.
  • Cookies: session identifiers, interface preferences, analytics identifiers.

We do not collect biometric data or special categories of personal data.

4. Purposes and Legal Bases for Processing

We process your data on the following legal bases (Article 6 GDPR):

  • Performance of a contract — providing access to the Service, processing payments, sending account notifications.
  • Legitimate interests — ensuring security, detecting abuse, improving the technical operation of the Service.
  • Consent — marketing updates, optional analytics cookies. Consent may be withdrawn at any time.
  • Legal obligation — retaining data in cases required by Georgian law.

5. Data Retention Periods

  • Account data — retained while the account is active.
  • After account deletion — data is deleted within 30 days, except where we are legally required to retain it.
  • Technical logs — no longer than 90 days.
  • Payment records — in accordance with Georgian tax law requirements (generally 6 years).

6. Sharing Data with Third Parties

We do not sell your personal data. Data may be shared with third parties only in the following cases:

  • Payment providers (Stripe) — to process payments for paid plans. Stripe may collect payment card details directly; we do not store card numbers.
  • Analytics services (e.g. Google Analytics) — for anonymised analysis of Service usage.
  • Cloud storage providers (Cloudflare) — for hosting user-uploaded files and generated QR code images.
  • Advertising networks (Google AdSense) — displayed to users on the free plan on dynamic QR pages and short-link redirect pages. These services may set their own cookies and collect data in accordance with their own privacy policies.
  • Authentication providers (Google, Facebook, Apple) — to verify your identity if you choose to log in via a social account.
  • As required by law — upon request from authorised Georgian state authorities.

Where data is transferred outside Georgia, we ensure an adequate level of protection in accordance with GDPR requirements (standard contractual clauses or adequacy decisions).

7. Cookies

  • Essential — necessary for the Service to function (session, authentication). Cannot be disabled.
  • Analytical — help us understand how users interact with the Service (Google Analytics or equivalent). Activated with your consent.
  • Functional — remember your interface preferences. Activated with your consent.
  • Advertising — used by third-party advertising networks (Google AdSense) on the free plan to display relevant advertisements. Activated with your consent.

You can manage cookie preferences in your browser settings or via the consent banner on the website. Disabling optional cookies does not affect the core functionality of the Service. For full details on the cookies we use, see the Cookies section of this Privacy Policy.

8. Data Security

We implement technical and organisational measures to protect your data:

  • encryption of data in transit (HTTPS/TLS);
  • storage of passwords in hashed form;
  • restricted database access (only necessary personnel);
  • regular backups.

We cannot guarantee the absolute security of data transmitted over the internet. In the event of a data breach affecting your rights, we will notify you within the timeframes required by applicable law.

9. Your Rights under GDPR

If you are located in the European Economic Area, you have the following rights:

  • Right of access — to receive a copy of your personal data.
  • Right to rectification — to request correction of inaccurate data.
  • Right to erasure — to request deletion of data ("right to be forgotten").
  • Right to restriction of processing — to limit how your data is used.
  • Right to data portability — to receive your data in a machine-readable format.
  • Right to object — to object to processing based on legitimate interests.
  • Right to withdraw consent — at any time, without affecting the lawfulness of processing prior to withdrawal.
  • Right to lodge a complaint — with the data protection supervisory authority in your country.

To exercise any right, contact us at support.io. We will respond within 30 days. You may also export your data at any time via the account settings page; data is provided in JSON format.

10. Age of Users

The Service is intended for individuals aged 16 or over. We do not knowingly collect data from persons under 16. If you become aware that a child under 16 has provided us with personal data, please notify us at support.io — we will delete that data without delay.

11. Links to Third-Party Sites

The Service may contain links to third-party websites. We are not responsible for their privacy policies or data processing practices. We recommend reviewing the privacy policy of each third-party resource before using it.

12. Changes to This Policy

We reserve the right to amend this Privacy Policy. We will notify you by email at least 30 days before any changes take effect. The current version is always available at webqr.io/privacy.

13. Data Collected from QR Code Scanners

When an individual scans a QR code or follows a short link generated through the Service, certain data may be collected even if that individual is not a registered User:

  • IP address and approximate geographic location derived from it;
  • device type, browser, and operating system;
  • date and time of the scan or click;
  • precise GPS coordinates — only if the QR code owner has enabled GPS tracking and the user scanning the QR code grants explicit browser permission. GPS data is never collected without active consent.

This data is used to provide scan analytics to the QR code owner. It is processed on the legal basis of the legitimate interests of the QR code owner (Article 6(1)(f) GDPR). We do not use this data for our own marketing purposes.

Scan analytics data is retained for the same period as the associated QR code. If the QR code is deleted, scan data is removed within 30 days.

Contact

For all questions relating to the processing of personal data:

We aim to respond to all requests within 30 days.