Privacy Policy
Last updated: 21 May 2026
Placeholder. This Privacy Policy will be replaced with the
Termly-generated document before public launch. The text below is a
reasonable interim plain-language summary.
What we collect
- Account info: email, name, hashed password
- Your QR data: products, dynamic links, app links, files you upload
- Scan events: when someone scans your dynamic QR, we log timestamp + user-agent + IP + referer to power your analytics
- Billing info (Pro users): handled by Stripe — we never see your card details
What we don't do
- No advertising tracking pixels
- No selling data to anyone, ever
- No "analytics" services on the dashboard (no GA, no Mixpanel, etc.)
- No data sharing with third parties beyond what's needed to run the service (SendGrid for email, Stripe for billing)
How long we keep it
Account data: as long as your account is active. Delete your account → all data is removed within 30 days.
Scan analytics: 30 days on Free plan (auto-deleted). Unlimited on Pro until you delete the dynamic link.
Cookies
One session cookie (httpOnly, secure, samesite=lax) to keep you signed in. No tracking cookies. No third-party cookies.
Your rights
You can export, download, or permanently delete your account and all associated data at any time from your account settings. Email hello@qrstack.io if anything's unclear.
Where it lives
Hostinger VPS, US datacenter. Encrypted in transit via Let's Encrypt SSL. Daily database backups + VPS-level snapshots taken by Hostinger.
Contact
Privacy questions: use our contact form or email hello@qrstack.io.