myqr.dev

Privacy

Plain version: we collect scan analytics — without names or contact details — so you can see how your QR codes are doing. We never mix one customer's scan data into another customer's analytics, we never build profiles of the people who scan, and we never sell scan data. The longer version is below.

Last updated 2 July 2026. If we change anything that matters, we'll flag it here with a new date — never edit it quietly.

What we collect when someone scans your QR

Each scan records: the country, region, and city it came from (worked out from the network, not from the scanner's phone), the device type, operating system, browser, language, the page that referred it (if any), and the time. We also store a one-way hash of the scanner's IP address so we can tell a repeat visit from a new one — never the IP itself.

Before hashing, we cut off the last part of the IP address, and the hash is salted with a key that rotates every day and is deleted within a few days. After that, the salted hash can no longer be traced back to an IP address. The rest of the scan record (like city, device, and time) is kept so your analytics keep working.

We do notcollect names, email addresses, GPS or street-level location, or any account identity of the people who scan. City is the most precise location we ever see, and it comes from the network, not from anyone's phone. We don't set advertising cookies on the redirect, and we don't track scanners across other websites.

What we collect when you have an account

Your email address (so we can send you a sign-in link), the QR codes you create, and the scan analytics for those codes. That's it. No password — we use one-time sign-in links instead.

How we use it

We use this data to run MyQR: to redirect your codes, show you your analytics, keep the service secure and working, prevent abuse, and improve the product over time. We also look at aggregate, non-identifying totals across the whole service (like how many scans happened today) to run and improve MyQR. When we add features like an AI marketing assistant, it works on your own scans, on your behalf — it doesn't mix your analytics with another customer's.

Your scan data is yours, not ours to sell

This is the line we won't cross: we never mix one customer's scan data into another customer's analytics, we never build cross-customer profiles of the people who scan, and we never sell scan data to third parties. (We do look at aggregate, non-identifying totals across the service to run and improve MyQR.) Your account's analytics are yours to view, export, and delete at any time. MyQR also uses scan data in its own right to run, secure, and improve the service — always as described on this page.

If you ever use audience or marketing features we add later, they stay scoped to your own scanners and your own connected ad accounts. A person who scanned your QR could only ever see marketing from you — never from some other brand who bought a list. We don't build or sell that list.

Who helps us run the service

We use a small set of well-known providers to operate MyQR, and they only process what they need to:

  • Vercel — hosts the website and dashboard.
  • Supabase — stores the database and handles sign-in.
  • Cloudflare — DNS and the redirect edge for your QR codes.
  • Resend — sends our sign-in emails and product updates.

Your controls

From your account page you can download everything we hold about you as a single file, and you can delete your account — along with every QR code and all scan history — in one step, instantly. No support ticket, no cooling-off period.

Changes & contact

If we change this policy in a way that matters, we'll say so plainly rather than quietly editing it. Questions, requests, or a privacy concern? Email me@makais.app.