Privacy Policy

Last Updated: February 24, 2026

1. Introduction

InsightQR ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our QR code analytics service ("Service").

By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

Account Information:

  • Email address (required)
  • Name (optional)
  • Business name (optional)
  • Phone number (optional)
  • Billing address (for paid plans)

QR Code Content:

  • Destination URLs you assign to QR codes
  • QR code names and descriptions
  • Logos and images you upload
  • Campaign names and notes
  • Custom settings (colors, sizes, etc.)

2.2 Automatically Collected Information

Scan Data: When someone scans your QR code, we collect:

  • Timestamp of scan
  • IP address (for geolocation)
  • Device type (mobile, tablet, desktop)
  • Operating system and browser
  • Approximate geographic location (city, state, country)
  • Referrer URL (if applicable)
  • Session identifier (to track unique visitors)

Usage Data:

  • Login times and activity
  • Features accessed
  • Pages viewed
  • Actions performed within the Service
  • Technical data (browser type, screen resolution)

2.3 Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain your login session
  • Remember your preferences
  • Analyze how you use the Service
  • Track QR code scans for analytics

You can control cookies through your browser settings. Disabling cookies may limit some functionality.

3. How We Use Your Information

3.1 To Provide the Service

  • Create and manage your account
  • Generate QR codes based on your specifications
  • Track scans and provide analytics
  • Display dashboards and reports
  • Enable campaign management features
  • Process exports and downloads

3.2 To Process Payments

  • Process subscription payments via Stripe
  • Manage billing and invoices
  • Detect and prevent fraud
  • Handle refund requests

3.3 To Communicate With You

  • Send transactional emails (password resets, receipts, etc.)
  • Provide customer support
  • Send service announcements and updates
  • Send marketing communications (with your consent)
  • Request feedback or reviews

3.4 To Improve the Service

  • Analyze usage patterns and trends
  • Develop new features
  • Fix bugs and technical issues
  • Optimize performance
  • Conduct research and analytics

3.5 For Legal and Security Purposes

  • Comply with legal obligations
  • Enforce our Terms of Service
  • Protect against fraud and abuse
  • Respond to legal requests
  • Protect our rights and property

4. Third-Party Services

We use the following third-party services that may collect information:

4.1 Payment Processing

Stripe: We use Stripe for payment processing. Stripe collects and processes your payment information. We do not store your full credit card numbers. See Stripe's Privacy Policy.

4.2 Cloud Storage

Amazon S3: We store QR code images and user uploads on Amazon S3. See AWS Privacy Policy.

4.3 Email Service

Resend: We use Resend to send transactional and marketing emails. See Resend's Privacy Policy.

4.4 IP Geolocation

IPinfo: We use IPinfo to convert IP addresses to geographic locations for analytics. See IPinfo's Privacy Policy.

4.5 Database Hosting

Supabase: We use Supabase for database hosting. See Supabase's Privacy Policy.

4.6 Error Monitoring

Sentry: We use Sentry to track and fix errors. See Sentry's Privacy Policy.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in these limited circumstances:

5.1 With Your Consent

We may share information when you explicitly authorize us to do so.

5.2 With Service Providers

We share data with third-party providers who help us operate the Service (as listed in Section 4). These providers are contractually obligated to protect your data.

5.3 For Legal Reasons

We may disclose information if required to:

  • Comply with laws, regulations, or court orders
  • Respond to legal requests from authorities
  • Enforce our Terms of Service
  • Protect our rights, privacy, safety, or property
  • Prevent fraud or abuse

5.4 Business Transfers

If InsightQR is acquired or merged with another company, your information may be transferred to the new owner.

5.5 Aggregated Data

We may share aggregated, anonymized data that cannot identify individual users for research, marketing, or analytics purposes.

6. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of sensitive data at rest
  • Secure password hashing (bcrypt)
  • Regular security audits and updates
  • Access controls and authentication
  • Automated backups
  • Employee security training

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your data for as long as necessary to provide the Service:

7.1 Active Accounts

  • Account data: Retained while your account is active
  • QR code data: Retained while QR codes exist
  • Scan data: Retained indefinitely for analytics (unless you request deletion)

7.2 Closed Accounts

  • Most data deleted within 30 days of account closure
  • Some data retained for legal/business purposes (up to 7 years)
  • Backups may contain deleted data for up to 90 days

7.3 Legal Requirements

We may retain data longer if required by law or to resolve disputes, enforce agreements, or protect our legal rights.

8. Your Rights and Choices

8.1 Access and Portability

You have the right to:

  • Access your personal data
  • Export your data in CSV or PDF format
  • Request a copy of all data we hold about you

8.2 Correction and Deletion

You can:

  • Update your account information in settings
  • Delete QR codes and campaigns
  • Request deletion of specific scan data
  • Close your account and request full data deletion

8.3 Marketing Communications

You can opt out of marketing emails by:

  • Clicking "unsubscribe" in any marketing email
  • Updating preferences in your account settings
  • Contacting support@insightqr.com

Note: You cannot opt out of transactional emails (receipts, password resets, etc.).

8.4 Cookie Management

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent.

8.5 Do Not Track

Our Service does not currently respond to "Do Not Track" browser signals.

9. GDPR Rights (European Users)

If you are located in the European Economic Area, you have additional rights under GDPR:

  • Right to Access: Request confirmation of what data we process
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request deletion ("right to be forgotten")
  • Right to Restriction: Limit how we use your data
  • Right to Data Portability: Receive your data in machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time
  • Right to Lodge a Complaint: File a complaint with your data protection authority

Legal Basis for Processing: We process your data based on:

  • Contractual necessity (to provide the Service)
  • Legitimate interests (analytics, fraud prevention, improvement)
  • Legal obligations (compliance, tax, etc.)
  • Your consent (marketing communications)

10. CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act:

  • Right to Know: What personal information we collect, use, and share
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of sale of personal information (we do not sell data)
  • Right to Non-Discrimination: Equal service regardless of exercising privacy rights

To exercise these rights, contact us at support@insightqr.com. We will respond within 45 days.

11. Children's Privacy

The Service is not intended for children under 18. We do not knowingly collect data from children. If you believe we have collected information from a child, please contact us immediately and we will delete it.

12. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) with service providers
  • Certification under recognized privacy frameworks
  • Compliance with applicable data protection laws

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do:

  • We will update the "Last Updated" date
  • We will notify you via email for material changes
  • Continued use after changes constitutes acceptance

We encourage you to review this policy periodically.

14. Contact Us

For questions, concerns, or to exercise your rights, contact us:

  • Email: support@insightqr.com
  • Privacy Officer: privacy@insightqr.com
  • Mail: InsightQR, [Your Address], Chicago, IL

We will respond to your request within 30 days (45 days for California residents).

By using InsightQR, you acknowledge that you have read and understood this Privacy Policy.