LinkToQR.co

Legal · Privacy

Your privacy at LinkToQR

A clear account of what we process when you create QR codes, use your account, or scan a dynamic QR code.

Effective and last updated: July 11, 2026

Static QR codes

The public generator works in your browser. Content is not sent to us unless you save it to an account.

Dynamic QR analytics

We collect limited scan data for QR owners. Scan records do not store raw IP addresses or full user-agent strings.

No data sales

We do not sell personal information or use it for third-party behavioral advertising.

1. Scope and who is responsible

This policy applies to LinkToQR.co, its website, account dashboard, hosted dynamic QR redirects, support, and billing features (the “Service”). LinkToQR.co is responsible for the personal information described here. We do not control websites a QR code links to; their privacy policies apply after you leave our Service.

2. Information we process

Information you provide

  • Account: email address, optional name, authentication details, and information received if you choose Google sign-in. Passwords are handled by our authentication provider; we cannot read them.
  • Saved QR content: QR name, destination or payload, short alias, design settings, status, folders, and account activity. Dynamic destinations must be stored so redirects work.
  • Billing: plan, billing email, customer, subscription and transaction identifiers, payment status, invoice details, and upgrade requests. Paddle processes payment-card details; LinkToQR.co does not store them.
  • Communications: your name, email, message, and other information you send us.

Information processed automatically

  • Dynamic scans: scan time, referring page when supplied, UTM source/medium/campaign, general device type, browser and operating-system names, and approximate country, region, and city derived from network headers. One-way hashes derived from IP address and user agent help estimate unique scans; the raw values are not stored in scan records.
  • Service and security logs: hosting, database, authentication, and security providers may process IP address, user agent, request path, timestamps, and diagnostics to deliver and protect the Service.
  • Sessions: authentication cookies and short-lived security values used to sign you in, prevent abuse, and maintain necessary state.

Dynamic QR owners can see scan counts and aggregated breakdowns by date, source, device, browser, operating system, and approximate location. We do not give them a scanner’s raw IP address.

3. How and why we use information

We use information to create and manage accounts and QR codes, resolve dynamic links, report scan analytics, process subscriptions, send service messages, provide support, secure the Service, prevent fraud and abuse, troubleshoot, comply with law, and improve reliability.

Where a legal basis is required, we rely on performing our contract with you, legitimate interests in operating and protecting the Service, legal obligations, and consent where requested. Consent can be withdrawn without affecting earlier processing.

4. Service providers and sharing

We share information only as needed with the providers that operate the Service:

  • Supabase for database services and authentication;
  • Vercel for hosting, delivery, and network request handling;
  • Cloudflare Turnstile for abuse-prevention checks;
  • Paddle for checkout, payments, tax, subscriptions, and invoices; and
  • Web3Forms for contact-form delivery.

If you use Google sign-in, Google and Supabase process the authentication information needed to sign you in under their own terms and privacy commitments.

We may disclose information to comply with law, protect rights or safety, investigate abuse, or complete a merger, financing, acquisition, or asset sale. We do not sell or rent personal information or share it for cross-context behavioral advertising.

5. Cookies and browser storage

We use essential cookies for authentication, session continuity, security, and sign-in flows. The public generator may use browser storage for functional state. We do not currently use advertising cookies. Turnstile, Google sign-in, and Paddle checkout may use their own necessary cookies when you interact with them.

6. How long we keep information

We keep account and saved QR information while your account is active or as needed to provide the Service. Deleted QR codes may first be marked deleted and made unavailable. Scan analytics, logs, audit records, support messages, and backups are kept as reasonably needed for analytics, security, disputes, and continuity. Billing records may be kept longer for tax, accounting, fraud-prevention, or legal obligations.

When information is no longer required, we delete or anonymize it. Backup copies may remain until overwritten in the normal backup cycle.

7. Your choices and privacy rights

You can update your name in Account settings, manage or delete saved QR codes in the dashboard, and use the public static generator without an account. Depending on where you live, you may request access, correction, deletion, restriction, objection, or portability, and may complain to your local data-protection authority.

To make a privacy request or close your account, use our contact form and submit the request using the email address connected to your account. We may verify your identity. We may retain information required by law or needed for security, fraud prevention, or legal claims.

8. Security and international processing

We use reasonable safeguards including authenticated access, database row-level protections, secure session cookies, restricted administrative access, and hashed scan identifiers. No online service is completely secure, so use a unique password and protect your email account.

Providers may process information outside your country. Where required, we rely on recognized transfer mechanisms and provider safeguards.

9. Children’s privacy

The Service is not directed to children under 13, and we do not knowingly collect their personal information. A higher local age for independent consent applies where required. Parents or guardians can contact us to request review and appropriate deletion.

10. Changes and contact

We may revise this policy as the Service, providers, or legal requirements change. We will post the revision here, update the date above, and provide additional notice for material changes when appropriate.

Questions or privacy requests

Send LinkToQR.co a message through our contact page.