Legal
Privacy Policy
Last updated 16 July 2026
QRFunk (“we”, “us”, “our”) operates the website and platform at qrfunk.com. This policy explains what personal data we process, why we process it, and the choices you have.
Who we are
QRFunk provides programmable QR codes: physical codes link to a short URL where the owner can choose and update what scanners experience (vCard, microsite, file download, and similar functions).
Privacy questions: privacy@qrfunk.com.
Data we collect
Account & claim flow
- Email address — to create your account, send claim activation links, and service messages.
- Password — stored hashed; we never store plain-text passwords.
- Handle / public URL — the slug you choose for your code (e.g. qrfunk.com/your-name).
- Function content — the details you enter in editors (contact info, text, links, uploaded file references, etc.).
Scan & usage data
- Server logs — IP address, user agent, request time, and pages visited for security and reliability.
- Scan events — when a code is scanned we may record timestamp and coarse metadata to help owners understand usage.
Third-party sign-in
If you sign in with Google, we receive your name, email, and profile identifier from Google according to your Google account settings and Google’s privacy policy.
How we use data
- Provide, operate, and improve the QRFunk service.
- Authenticate users and secure accounts.
- Send transactional email (claim activation, password reset, function-related messages you trigger).
- Prevent abuse, fraud, and security incidents.
- Comply with legal obligations.
We do not sell your personal data.
Legal bases (EEA/UK)
Where GDPR applies, we rely on:
- Contract — to provide the service you signed up for.
- Legitimate interests — security, analytics at aggregate level, product improvement.
- Consent — where required (e.g. optional marketing, if offered).
Cookies & local storage
We use essential cookies and session storage for login, CSRF protection, theme preference, and claim-flow state. We do not use third-party advertising cookies on the core platform.
Retention
We keep account and function data while your account is active. You may delete content via the dashboard where available. Logs are retained for a limited period for security and debugging.
Sharing
We share data only with:
- Infrastructure providers — hosting, email delivery, and database services under data-processing terms.
- Authentication providers — e.g. Google OAuth when you choose that login method.
- Legal requirements — when required by law or to protect rights and safety.
Content you publish on a claimed code is public to anyone who scans or visits the URL. Do not publish sensitive personal data you are not entitled to share.
Your rights
Depending on your location, you may have rights to access, rectify, erase, restrict, or port your data, and to object to certain processing. Contact privacy@qrfunk.com. You may also lodge a complaint with your local supervisory authority.
Children
QRFunk is not directed at children under 16. We do not knowingly collect their data.
International transfers
Data may be processed in countries outside your own. Where required, we use appropriate safeguards such as standard contractual clauses.
Changes
We may update this policy. Material changes will be posted on this page with an updated date. Continued use after changes constitutes acceptance where permitted by law.