Privacy Policy

Last updated: March 16, 2026

01 Introduction

QRShift ("we," "our," or "us") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the QRShift website and services (the "Service").

By creating an account or using the Service, you agree to the collection and use of information as described in this policy. If you do not agree with our practices, please do not use the Service.

02 Information We Collect

Account Information

When you register for a QRShift account, we collect the following information:

  • Username — a display name you choose during registration.
  • Email address — used for account identification, login, and essential communications.
  • Password — stored as a secure one-way hash. We never store your password in plain text and cannot retrieve it.

If you sign in through Google, we receive your name and email address from Google. We do not receive or store your Google password.

QR Code Data

When you create and manage QR codes, we store:

  • Destination URLs you configure for each QR code.
  • Labels and names you assign to your QR codes.
  • Style customizations including foreground color, background color, margin settings, and logo images you upload.
  • Expiration rules and automated action preferences you configure.
  • URL change history for each QR code.

Scan Analytics

When someone scans one of your QR codes, we collect the following data to provide analytics:

  • Country — determined via IP-based geolocation at the time of the scan.
  • Device type — whether the scan originated from a mobile or desktop device, derived from the User-Agent header.
  • Anonymized identifier — a one-way hash derived from the scanner's connection, used solely for unique visitor counting. The original IP address is never stored.
  • Timestamp — the date and time the scan occurred, used for time-based analytics and peak hour calculations.
Important: We do NOT store raw IP addresses. The scanner's IP address is immediately converted into a one-way hash that cannot be reversed to reveal the original IP. This hash is used exclusively to count unique visitors and is never shared with third parties.

03 How We Use Information

We use the information we collect for the following purposes:

  • Providing the Service — to create and manage your QR codes, process redirects, and deliver scan analytics.
  • Improving the Service — to understand usage patterns, identify issues, and develop new features.
  • Analytics and reporting — to generate the scan statistics, geographic breakdowns, device reports, and PDF performance reports you access through your dashboard.
  • Security — to detect and prevent abuse, fraud, and unauthorized access to accounts and the platform.
  • Communication — to send essential account-related notifications such as password reset emails. We do not send marketing emails unless you explicitly opt in.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

04 Cookies

QRShift uses a limited number of cookies that are essential to the operation of the Service:

  • Session cookies — used to maintain your authenticated session after you log in. These cookies expire when you log out or after a set period of inactivity.
  • Security tokens — used to protect against unauthorized form submissions. These are security cookies that do not track your browsing behavior.

We do not use tracking cookies or set cookies for advertising purposes directly. However, third-party services embedded on our site (described in the next section) may set their own cookies as governed by their respective privacy policies.

05 Third-Party Services

QRShift integrates with the following third-party services:

  • Google Analytics — we use Google Analytics to understand how visitors interact with our website. Google Analytics collects anonymous usage data such as pages visited, session duration, and referral sources. This data is governed by Google's Privacy Policy.
  • Google AdSense — we display advertisements through Google AdSense to support the free Service. AdSense may use cookies and collect data to serve personalized ads. You can manage your ad preferences through Google Ads Settings.
  • Google Sign-In — if you choose to sign in with Google, we use Google's authentication service. We receive only your name and email address. Your Google credentials are never transmitted to or stored on QRShift's servers.

We encourage you to review the privacy policies of these third-party services to understand their data practices.

06 Data Retention

We retain your data for as long as your account is active and the Service is being used:

  • Account data — retained for the lifetime of your account. When you delete your account, your personal information is removed from our active systems.
  • QR code data — retained while the associated QR code exists. Soft-deleted QR codes and their data may be retained for a reasonable period before permanent removal.
  • Scan analytics — retained for as long as the associated QR code exists to provide historical analytics and reporting.

If you request account deletion, we will remove your personal information, QR codes, and scan data within a reasonable timeframe. Some data may be retained in anonymized or aggregated form for internal analytics, and certain information may be preserved as required by applicable law or legitimate business needs such as fraud prevention.

07 Data Security

We take the security of your data seriously and implement industry-standard measures to protect it:

  • Encryption in transit — all data transmitted between your browser and QRShift's servers is encrypted using HTTPS (TLS).
  • Password hashing — user passwords are securely hashed before storage. We never store passwords in plain text.
  • Anonymized scan data — scanner identifiers are converted to irreversible one-way hashes before storage. Raw IP addresses are never persisted.
  • Access controls — your QR codes and analytics are accessible only through your authenticated account. We implement session management and security protections to prevent unauthorized access.
  • Input validation — all destination URLs are validated and screened for abuse before being accepted by the system.

While we strive to use commercially acceptable means to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any vulnerabilities or incidents.

08 Your Rights

You have the following rights regarding your personal data:

  • Access — you may request a copy of the personal data we hold about you.
  • Correction — you may update or correct inaccurate information in your account settings or by contacting us.
  • Deletion — you may request the deletion of your account and all associated data. Upon request, we will remove your personal information, QR codes, and scan analytics from our active systems.
  • Data portability — you may request an export of your QR code data and analytics in a machine-readable format.
  • Objection — you may object to certain processing of your data, such as analytics collection by third-party services, by adjusting your browser settings or contacting us.

To exercise any of these rights, please contact us at support@qrshift.top. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

09 Children's Privacy

QRShift is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal data from a child under 13, we will take immediate steps to delete that information from our systems.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at support@qrshift.top so we can take appropriate action.

10 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Service after any modifications to this policy constitutes your acceptance of the updated terms.

11 Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

support@qrshift.top