Privacy & Cookie Policy

This Privacy & Cookie Policy explains how DuoQR collects, uses, shares, and protects information when people visit our website, create accounts, use the QR dashboard, subscribe to updates, pay for a plan, scan DuoQR-powered QR codes, or interact with our support team. DuoQR is operated by DuoQR, LLC, a Delaware limited liability company.

Summary. We collect information needed to run DuoQR, process payments, support users, prevent abuse, and provide QR analytics. We do not sell personal information. Contact support@duoqr.com for privacy requests.

1. Information we collect

We collect information in the following categories:

• Account and workspace information: name, email address, login details, verification status, organization or workspace information, membership roles, and account settings.
• Authentication information: email/password authentication data, password reset and verification records, session information, and Google OAuth profile information such as name, email address, profile image, provider ID, and OAuth tokens where provided by Google.
• QR content: QR names, destination URLs, files, images, videos, logos, vCards, Wi-Fi details, app links, WhatsApp details, review links, styling, and other content submitted through the QR constructor.
• Scan analytics: timestamp, QR code, destination version, short domain, approximate location from infrastructure headers, referrer origin, device type, browser, operating system, bot signals, and an IP-derived hash used for security and analytics.
• Billing information: subscription, checkout, invoice, payment status, customer identifiers, and related payment metadata processed through Stripe. We do not store full card numbers.
• Support and communications: messages you send to us, email preferences, transactional emails, and newsletter or product-update interactions.
• Technical data: log data, IP address, user agent, device information, cookie or local storage data, error data, security events, and similar operational records.

2. How we use information

We use information to:

1. Provide, operate, secure, maintain, and improve DuoQR.
2. Create and manage accounts, workspaces, QR codes, destinations, uploads, and analytics.
3. Resolve QR scans and provide scan analytics to the account or workspace that created the QR code.
4. Process subscriptions, trials, invoices, taxes, refunds, payment failures, and fraud checks.
5. Send transactional emails, support replies, product updates, and marketing messages where allowed.
6. Detect, investigate, prevent, and respond to abuse, spam, malware, phishing, fraud, security incidents, and Terms violations.
7. Comply with legal obligations and enforce our rights.

3. QR scanners

When someone scans a dynamic DuoQR code, we process scan information so the QR code can resolve and so the QR owner can understand scan activity. QR owners may see aggregated or event-level analytics depending on the product features available to them.

Customers are responsible for giving their own notices and obtaining any permissions required for their QR campaigns, destinations, and audiences.

4. Cookies, local storage, and analytics

We use cookies, local storage, and similar technologies for authentication, security, remembering in-progress QR drafts, operating the dashboard, measuring product usage, and improving the Service.

We may use PostHog for product analytics. PostHog helps us understand how the website and app are used so we can improve onboarding, product flows, and reliability. If we use non-essential analytics or marketing cookies in a region where consent is required, we will provide the required consent controls.

You can control cookies through your browser settings. Blocking essential cookies or storage may prevent sign-in, checkout, QR draft recovery, or other features from working.

5. How we share information

We share information with service providers that help us operate DuoQR, including providers for hosting, database, storage, caching, email delivery, payments, analytics, authentication, security, observability, and support.

Current core providers may include Vercel, Neon, Upstash, Cloudflare R2, Resend, Stripe, Google, and PostHog. We aim to use Europe-based infrastructure where available, but some providers may process data globally or in other regions as described in their own terms.

We may also share information if required by law, to protect rights and safety, to investigate abuse or fraud, or in connection with a merger, acquisition, financing, reorganization, or sale of assets.

6. Data retention

We keep information for as long as reasonably needed to provide the Service, operate accounts and subscriptions, maintain QR analytics, comply with legal, tax, accounting, and payment obligations, resolve disputes, enforce agreements, and protect against abuse or security threats.

Because DuoQR provides analytics, scan data and aggregated analytics may be kept while the relevant account, workspace, QR code, or subscription remains active, unless deleted earlier through available product controls or required by law. Security, billing, backup, and legal records may be retained for longer where necessary.

7. International use

DuoQR is intended for global use. Information may be processed in Europe and in other countries where DuoQR or its providers operate. Where required, we rely on appropriate safeguards for international transfers, such as contractual commitments with providers.

8. Your choices and rights

Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your personal information. You may also have rights to opt out of certain targeted advertising, sale, or sharing activities if those activities apply.

To make a privacy request, contact support@duoqr.com. We may need to verify your request before acting on it.

You can unsubscribe from marketing emails using the link in those emails or by contacting us. We may still send transactional or service-related messages.

9. Children

DuoQR is not directed to children under 13, and we do not knowingly collect personal information from children under 13. Customers may not use DuoQR for child-directed campaigns or to collect children's personal information unless they have all required rights, notices, and consents.

10. Security

We use reasonable technical and organizational measures designed to protect information. No online service can be guaranteed to be fully secure. If you believe you have found a security issue, contact support@duoqr.com.

11. Changes to this policy

We may update this policy from time to time. If changes are material, we will take reasonable steps to notify account holders, such as by email or in-product notice.

12. Contact