Privacy Policy
Last Updated: April 17, 2026
1. Information We Collect
We collect information you provide directly, such as your name, email address, and payment information when you create an account or subscribe to a plan. If you sign in with Google, we also receive your name, email address, and profile picture from your Google account. We collect usage data automatically, including IP addresses, browser type, device information, and how you interact with our Service.
2. How We Use Information
We use collected information to provide and improve the Service, process transactions, send service-related communications, analyze usage patterns, and prevent fraud. We may also use aggregated, anonymized data for research and marketing purposes. You can opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or by contacting us directly.
3. QR Code Data
When you create QR codes, we store the content and configuration data necessary to generate and serve them. For dynamic QR codes, we collect scan data including timestamp, approximate location derived from IP address, device type, and referrer information. This data is used to provide analytics to QR code creators.
4. Cookies and Tracking
We use cookies and similar tracking technologies to maintain your session, remember preferences, and analyze Service usage. We use three categories of cookies: essential cookies required for the Service to function; functional cookies that remember your settings; and analytics cookies that help us understand how the Service is used. You can control cookie preferences through your browser settings. Disabling essential cookies may prevent you from using the Service. We do not currently respond to browser Do Not Track signals.
5. Third-Party Services
We work with the following third-party service providers to operate the Service: PayPal for payment processing; Google for sign-in authentication; Mailersend for transactional email delivery; and Cloudflare for content delivery and security. These providers are contractually obligated to protect your information and use it only for the purposes we specify. We do not sell your personal data to any third party.
6. Data Security
We implement industry-standard security measures to protect your data, including encryption in transit and at rest, regular security audits, and access controls. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.
7. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. Scan analytics data is retained for up to 24 months from collection. If you delete your account, your personal data will be deleted within 30 days, except where retention is required by legal or regulatory obligations such as billing records, which may be kept for up to 7 years. You may export your QR code data at any time through your account settings before deletion.
8. Legal Basis for Processing
For users in the European Economic Area and United Kingdom, we process your personal data under the following legal bases: contract performance, to deliver the Service you subscribed to; legitimate interests, to improve the Service, analyze usage, and prevent fraud; consent, for marketing communications, which you may withdraw at any time; and legal obligation, to comply with applicable laws. Contact us to learn more about the specific legal basis for any processing activity.
9. Your Rights
You have the right to access, correct, or delete your personal data. You can export your QR code data at any time from your account settings. You may also request that we restrict processing of your data or object to certain uses. If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal data we collect, the right to request deletion, and the right to opt out of the sale of personal data. We do not sell personal data. To exercise any of these rights, contact us at privacy@inbound.mi-qr.com.
10. Children's Privacy
The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that we have collected data from a child under 13, we will delete it promptly.
11. International Transfers
Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international data transfers, including standard contractual clauses where required and compliance with applicable data protection regulations.
12. Contact
If you have questions about this Privacy Policy or our data practices, please contact us at privacy@inbound.mi-qr.com or through our Contact page. We will respond to your inquiry within 30 days. Use of the Service is also subject to our Terms of Service.