Last Updated: May 20, 2026. Review how we manage data collections, cookies, and privacy rights across our systems.
Welcome to QR Studio ("we," "our," "us"). Your privacy and trust are paramount to us. This Privacy Policy details how we collect, store, share, and protect your information when you visit our landing pages, utilize our high-resolution static vector generators, or map dynamic redirects in our Creation Lab dashboard.
By accessing our services, you consent to the methods described in this document. We are committed to maintaining SOC2 security frameworks and strictly adhering to GDPR and CCPA compliance boundaries.
1. Information We Collect
At QR Studio, we collect personal and operational data to support your QR experiences. This includes:
- **Account Credentials**: Name, email address, profile image, and authentication tokens (e.g., via NextAuth/Google).
- **QR Code Content**: Payloads, target URLs, Wi-Fi credentials, or vCard details you choose to encode.
- **Redirection Logs (Metadata)**: Anonymized IP addresses (for location lookup), date/time stamps, user-agent details (device type, operating system, browser brand), and referrer headers. We do not store personally identifying information of the scanning end-user in raw redirection logs.
2. Cookies, Tracking & Google AdSense Requirements
We utilize standard cookies and local storage tokens to maintain authenticated sessions and optimize browser theme preferences.
**Crucial Third-Party Notice regarding Google AdSense:**
- Google, as a third-party vendor, uses cookies to serve ads on our site.
- Google's use of advertising cookies enables it and its partners to serve ads to our users based on their visit to our site and/or other sites on the Internet.
- Users may opt out of personalized advertising by visiting Google's Ads Settings (https://www.google.com/settings/ads) or by visiting the Network Advertising Initiative opt-out portal (http://www.networkadvertising.org/choices/).
- Third-party ad networks or servers may also place cookies on scanning bridges. We do not have access to or control over these third-party trackers.
3. How We Secure and Store Data
All account data and dynamic redirect routing profiles are stored in encrypted, high-availability clusters within the MongoDB infrastructure. Communication between your browser, our servers, and the end-user's device during scans is securely encapsulated inside TLS 1.3/HTTPS sessions.
We retain logs for analytics optimization and threat prevention. Redirection logs are aggregated and automatically pruned of precise structural identifiers after 90 days.
4. GDPR and CCPA Data Subject Rights
Depending on your location (specifically if you reside within the European Economic Area or California), you possess explicit structural rights over your personal data:
- **Right to Access**: Request a comprehensive transcript of all personal data we hold about you.
- **Right to Rectification**: Correct any inaccurate or incomplete details on your account dashboard.
- **Right to Erasure ('Right to be Forgotten')**: Request complete deletion of your account and related dynamic routing targets.
- To invoke any of these rights, please contact our designated privacy officer at compliance@qrstudio.co.
Questions or Compliance Requests?
If you have any questions regarding our handling of cookies, integration of Google AdSense, or wish to submit a data erasure request, please reach out to our privacy compliance desk.