Privacy Policy

Last updated: July 2026

This policy explains what QR Today collects, how we use it, and the choices you have. We keep it short and plain so you actually know what happens with your data. QR Today is operated by Agents Autonomous LLC, a Delaware limited liability company, which is the data controller for the personal data described here; you can reach us anytime at [email protected].

What we collect

We collect only what we need to run your account and your codes. That means the email address you sign up with and the QR codes you create, along with their destinations and labels.

  • Your account email, used to sign you in and send essential notices.
  • The QR codes you create, including their target links and any names you give them.
  • Aggregated, anonymous counts of how often your codes are scanned.
  • Billing status shared by our payment processor (never your card details).
  • Messages you send us through the contact page or by email.

How we use your data

We use your data to provide the service, and for nothing else. Where the GDPR or similar laws apply, our legal bases are: performance of our contract with you (running your account, codes, and redirects), our legitimate interests (keeping the service secure, preventing abuse, and understanding aggregate usage), and legal obligations (tax and accounting records). We do not sell or rent personal data, we do not share it with third parties for their own marketing, and we do not use it for advertising or cross-site tracking.

How scan analytics work

When someone scans one of your codes, we record a few coarse, aggregated details so you can see how your codes perform. We do not collect personal data about the people who scan, we do not capture precise location, and we never use this for cross-site tracking or advertising.

  • The time of the scan.
  • A rough device type, such as phone or desktop.
  • An approximate country, derived from the network, never a precise location.
  • The referrer, when one is available.

Scans of paused codes are treated with extra care: when a code's trial or subscription has lapsed and a scan lands on the reactivation page, we record only an aggregate count and coarse device type — no network address, no location, no referrer.

If you scan a code made with our service

Dynamic codes route through our redirect for a fraction of a second before landing on the creator's destination. During that redirect we log only the coarse, aggregated details listed above. The destination itself belongs to the person who made the code, not to us — once you leave our redirect, their site's own privacy practices apply, and we don't control or vouch for them.

Payments

Payments are processed by Stripe. We never see or store your card details; Stripe shares with us only what we need to run your subscription, such as its status and renewal date. Stripe processes your payment data under its own privacy policy.

Service providers

We use a small number of service providers to run the platform — hosting and infrastructure, payment processing (Stripe), and transactional email delivery. Each processes data only on our instructions and only as needed to provide their service to us. Some of these providers operate in the United States; where data leaves the EEA or UK, transfers rely on recognized safeguards such as standard contractual clauses.

Emails

We send account emails (verification, password reset), trial reminders, and service notices such as the final warning before codes pause and yearly renewal notices. Every trial reminder includes a one-click unsubscribe. Service notices about your account can't be disabled because your codes depend on them.

Cookies

We use a single essential session cookie to keep you signed in while you move around the app. We do not set advertising or tracking cookies. You can read more in our cookie policy.

Security

We protect your data with industry-standard measures: encryption in transit, hashed passwords, and access limited to what's needed to operate the service. No system is perfectly secure, but if a breach ever affects your personal data, we'll notify you and the relevant authorities as the law requires.

Data retention

While your account is active we keep your codes and their aggregated scan counts so your analytics stay useful. If your trial or subscription lapses, your paused codes and account are retained for 90 days so subscribing brings everything back; after that we may delete them. If you close your account yourself, we remove your data after a short wind-down period, keeping only what tax and accounting law requires us to hold.

Your rights

You stay in control. You can access or export your account data, and you can delete your account at any time from your Account settings. Deleting your account removes your codes and the analytics tied to them.

Depending on where you live, you may also have legal rights to access, correct, delete, or receive a copy of your personal data, to object to or restrict certain processing, and to withdraw consent. If you're in the EEA or UK, you can lodge a complaint with your local data protection authority. If you're a California resident, note that we do not sell or share personal information as defined by the CCPA/CPRA, and we honor the rights it grants you. To exercise any of these rights, email us and we'll respond within the timeframe the law requires.

Children

QR Today is not directed at children under 13 (or the higher minimum age where you live), and we don't knowingly collect personal data from them. If you believe a child has given us personal data, contact us and we'll delete it.

Changes to this policy

We may update this policy as the product evolves. When we do, we'll change the date at the top of this page, and if a change meaningfully affects your rights we'll tell you by email or an in-app notice before it takes effect.

Questions about your privacy? You can get in touch or email us at [email protected].