QRLoom

Privacy Policy

Last updated: June 23, 2026

1. Introduction

This Privacy Policy explains how QRLoom (“QRLoom”, “we”, “us”) collects, uses, and shares information when you use our website and QR code services (the “Service”). By using the Service, you agree to the practices described here.

2. Data We Collect

We collect the following categories of data:

  • Account information. When you sign up, we collect your email address and authentication details needed to create and secure your account.
  • QR code content. The data you put into your QR codes (such as destination URLs, text, Wi-Fi details, or contact information) and the design settings you choose.
  • Scan analytics. When someone scans a dynamic QR code, we record the scan event, including the time, approximate location (derived from IP address, not precise GPS), and basic device and browser information (such as device type, operating system, and referrer). This is used to give you scan statistics.
  • Usage and page-view data. We collect basic analytics about how the Service is used, such as pages viewed and interactions, to maintain and improve the product.
  • Billing data. Pro subscriptions are billed through Stripe. Payment card details are entered with and stored by Stripe — we do not store your full card number. We receive limited billing information from Stripe (such as subscription status and the last four digits of your card) to manage your account.

3. How We Use Your Data

  • To provide, operate, and secure the Service.
  • To generate the QR codes and scan analytics you request.
  • To process Pro subscriptions and billing through Stripe.
  • To communicate with you about your account, support requests, and important service changes.
  • To monitor, troubleshoot, and improve the Service.
  • To comply with legal obligations and prevent abuse.

4. Sub-processors and Service Providers

We rely on a small number of trusted third-party providers to run the Service. These providers process data only on our behalf and under their own privacy and security commitments:

  • Supabase — database and authentication hosting (stores your account data, QR codes, and analytics).
  • Vercel — application hosting and content delivery.
  • Upstash — rate limiting and caching.
  • Stripe — payment processing and subscription billing.
  • Google AdSense — advertising on parts of the Service. Google may use cookies to serve and measure ads; see Google’s own privacy and advertising policies for details.

5. Cookies and Tracking

We use cookies and similar technologies for essential functions (such as keeping you signed in) and for basic analytics. Third-party providers, including Google AdSense, may set their own cookies. You can control cookies through your browser settings, though disabling them may affect how the Service works.

6. Data Retention

We retain your account data and QR codes for as long as your account is active. Scan analytics are retained to provide you with historical statistics. If you delete your account or specific QR codes, the associated data is removed from our active systems, subject to reasonable backup and legal-retention periods. Billing records may be retained by Stripe and by us as required for accounting and legal purposes.

7. How We Protect Your Data

Your data is hosted on Supabase and Vercel and is transmitted over encrypted connections (HTTPS/TLS). Data is stored in a Supabase (PostgreSQL) database protected by row-level security so that accounts can only access their own data. We never sell your data. Payments are handled by Stripe, a PCI-compliant payment processor. No system can be guaranteed to be completely secure, but we take reasonable measures to safeguard your information.

8. Your Rights

You can access and update your account information at any time, and you can delete your QR codes or your account. Depending on your location, you may have additional rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise these rights, contact us using the details below.

9. Children’s Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal data from them.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above. Significant changes may be communicated through the Service.

11. Contact

If you have questions about this Privacy Policy or your data, contact us at shop.mellotopup@gmail.com.

    Privacy Policy | QRLoom