Privacy Policy

This Privacy Policy explains what information QR Lift collects, how we use it, and the choices you have. It applies to qrlift.codes and our app.

• Account data: email address, display name, password hash.
• Content you create: QR code names, target URLs, colors, logos.
• Scan analytics: when someone scans your QR code we record timestamp, approximate location (city / country derived from IP), device type, browser, OS, and referrer. We do not store the full IP address long-term in a way tied to the scanning user.
• Billing data: processed by Stripe. We store only a customer ID and subscription metadata — never card numbers.
• Cookies: a session cookie to keep you signed in. No third-party ad tracking.

• To provide and operate the Service.
• To send transactional emails (account verification, password reset, billing).
• To detect abuse and enforce our Acceptable Use Policy.
• To comply with legal obligations.

We do not sell your personal data.

We share data only with processors required to run the Service:

• Stripe — payments
• Supabase — database and authentication hosting
• Cloudflare — hosting and CDN

We may disclose information if required by law or to protect rights and safety.

Account data is kept while your account is active. Scan analytics are retained according to your plan (7 days on Free, 365 days on Pro, 3 years on Business and Team). When you delete your account we delete your data within 30 days, except where retention is required by law.

Depending on where you live (e.g. EU/UK GDPR, California CCPA), you have rights to access, correct, export, and delete your personal data, and to object to or restrict certain processing. Email admin@stephenhaydesign.com to exercise any of these rights. You can also delete your account at any time from your account settings.

We use industry-standard encryption in transit (TLS) and at rest, hashed passwords with leaked-password detection, and role-based access controls. No system is perfectly secure — please use a strong, unique password.

Your data may be processed in the United States and other countries where our providers operate. We rely on standard contractual clauses where required.

The Service is not directed to children under 16 and we do not knowingly collect their data.

We may update this policy. Material changes will be notified via email or in-app notice.

Data controller: QR Lift. Email admin@stephenhaydesign.com.