Login
Register

ADDQR Privacy Policy

Effective Date: November 21, 2025

Your privacy is important to us. This Privacy Policy explains how ADDQR (“we,” “us,” “our”) collects, uses, discloses, and protects your personal information when you use our website (ADDQR.com), QR code generation services, and related features (collectively, the “Service”).

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

1. Information We Collect

We collect information in several ways when you use the Service:

1.1 Information You Provide Voluntarily

Account Information:

  • Name and email address

  • Username and password

  • Phone number (optional)

  • Company name and business information (optional)

  • Payment information (processed by third-party payment processors)

  • Profile information and preferences

QR Code Generation Data:

  • All data you input to create QR codes is tracked and stored, including:

    • URLs and web links

    • Text content

    • Contact information (vCard/meCard data)

    • Business information

    • Images, logos, and graphics you upload

    • Social media profile links

    • Location data and addresses

    • Any other content you enter into QR code creation forms

Lead Form Data – Your Responsibility:

  • If you create Lead Forms embedded in QR codes or linked through QR codes, we collect the structure and fields you create.

  • Any personal information submitted by end users through your Lead Forms is your responsibility, not ADDQR’s. You are the data controller and ADDQR is the data processor.

  • We do not independently collect, control, or have legal responsibility for End-User Data submitted through your Lead Forms.

Form and Landing Page Data:

  • If you create forms, landing pages, digital business cards, or similar features, we collect and store the structure and fields you create

  • We may have access to data submitted by end users through your forms, but you are the data controller for such data

Support and Communication Data:

  • Messages you send to customer support

  • Survey responses and feedback

  • Correspondence via email or social media

1.2 Information We Collect Automatically

QR Code Scan Analytics (No PII Collected):

When someone scans a QR code you created, we automatically collect:

  • Date and time of scan

  • Device type and operating system

  • Browser type and version

  • IP address and approximate geolocation (city, state, country)

  • Referring URL or source

  • Network information

IMPORTANT: We do not collect personally identifiable information (PII) from QR code scans themselves. We do not collect:

  • Names, email addresses, or phone numbers

  • Financial or payment information

  • Health information or sensitive data

  • Any personal information submitted through Lead Forms or other forms embedded in QR codes

This scan analytics data is provided to you (the QR code creator) for tracking and analytics purposes.

Device and Usage Data:

When you access the Service, we automatically collect:

  • IP address

  • Device type, model, and identifiers

  • Operating system and version

  • Browser type and version

  • Screen resolution and device settings

  • Pages visited and features used

  • Time spent on pages

  • Click and navigation patterns

  • Referring and exit pages

  • Date and time stamps

Cookies and Tracking Technologies:

We use cookies, web beacons, pixels, and similar technologies to:

  • Authenticate users and maintain sessions

  • Remember preferences and settings

  • Analyze usage patterns and performance

  • Provide analytics and improve the Service

  • Prevent fraud and enhance security

See Section 5 for detailed information about our analytics and tracking practices.

1.3 Information from Third-Party Sources

Social Login Data:

  • If you register or log in using social media accounts (Google, Facebook, Apple, Microsoft), we collect profile information you authorize, such as name, email, and profile picture

Payment Processor Data:

  • Payment and billing information is processed by third-party payment processors (Stripe, PayPal, etc.) in accordance with their privacy policies

  • We receive transaction confirmations and payment status but do not directly store full payment card details

2. How We Use Your Information

We collect and process your personal information for the following purposes:

2.1 Service Delivery and Functionality

  • To create and manage your account

  • To generate, store, and track QR codes

  • To provide QR code analytics and scan statistics

  • To enable Service features (biolinks, shortlinks, landing pages, forms, Lead Forms)

  • To process payments and manage subscriptions

  • To authenticate users and maintain account security

2.2 Communications

  • To send essential transactional emails (account confirmations, password resets, payment receipts)

  • To send automated system notifications (security alerts, account activity, service updates)

  • To send promotional marketing emails to free account users (new features, special offers, upgrades)

  • To respond to your inquiries and provide customer support

  • To send service announcements and important updates

You may opt out of promotional emails at any time by clicking “unsubscribe” in any marketing email or adjusting your account settings. However, you cannot opt out of essential transactional or system notification emails.

2.3 Analytics and Improvement

  • To analyze Service usage and user behavior through Google Analytics and Microsoft Clarity

  • To understand how users interact with QR codes and features

  • To improve Service functionality, performance, and user experience

  • To develop new features and optimize existing ones

  • To conduct research and data analysis

2.4 Security and Fraud Prevention

  • To monitor for suspicious activity and security threats

  • To prevent fraud, abuse, and unauthorized access

  • To ensure compliance with our Terms of Service

  • To protect the rights and safety of ADDQR and our users

2.5 Legal Compliance and Business Operations

  • To comply with legal obligations and respond to lawful requests

  • To enforce our Terms of Service and policies

  • To resolve disputes and investigate violations

  • To conduct internal business operations and administration

2.6 Marketing and Advertising (with consent)

  • To personalize content and recommendations

  • To display relevant advertisements

  • To conduct marketing campaigns and promotions

  • To analyze marketing effectiveness

3. Legal Bases for Processing (GDPR)

For users in the European Economic Area (EEA), UK, or Switzerland, we process your personal data based on the following legal grounds:

3.1 Consent

  • You provide explicit consent when you opt in to marketing emails, analytics tracking, or other optional data processing

  • You may withdraw consent at any time through account settings or by contacting us

3.2 Performance of Contract

  • Processing is necessary to provide the Service you requested, including QR code generation, account management, and analytics

3.3 Legitimate Interests

  • We have legitimate interests in improving our Service, ensuring security, conducting analytics, and marketing our services

  • We balance these interests against your rights and freedoms

3.4 Legal Compliance

  • We process data to comply with legal obligations, including tax, accounting, and regulatory requirements

4. How We Share Your Information

We do not sell your personal information to third parties. We share your information only in the following circumstances:

4.1 Service Providers and Business Partners

We share information with third-party service providers who perform services on our behalf, including:

  • Payment Processors: Stripe, PayPal, Google Payments, Apple Pay (for payment processing)

  • Cloud Hosting and Infrastructure: For data storage and Service operation

  • Analytics Providers: Google Analytics, Microsoft Clarity

  • Email Service Providers: For sending transactional and marketing emails

  • Customer Support Tools: For providing customer service

  • Security and Fraud Prevention Services

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.2 Business Transfers

If ADDQR is involved in a merger, acquisition, asset sale, bankruptcy, or other business transaction, your information may be transferred to the acquiring entity. You will be notified of any such change via email or prominent notice on the Service.

4.3 Legal Requirements and Protection

We may disclose your information when required by law or when we believe disclosure is necessary to:

  • Comply with legal obligations, court orders, or government requests

  • Enforce our Terms of Service and protect our rights

  • Protect the safety and security of users or the public

  • Investigate fraud, security incidents, or violations of our policies

  • Defend against legal claims

4.4 With Your Consent

We may share information with third parties when you provide explicit consent for such sharing.

4.5 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you for research, analytics, marketing, or other purposes.

4.6 Lead Form End-User Data (Your Responsibility)

If you use Lead Forms to collect end-user information, you are the data controller and you bear sole responsibility for sharing that data with third parties. ADDQR is not responsible for how you share, disclose, or process End-User Data collected through your Lead Forms. You must comply with all applicable data protection laws when sharing End-User Data.

5. QR Code Scanning Analytics

5.1 What We Collect from QR Code Scans

When a QR code you created is scanned, we collect:

  • Date and time of scan

  • Device type and operating system

  • Browser information

  • IP address and geolocation (city, state, country)

  • Referring URL

This analytics data is shared with you (the QR code creator) for tracking and analytics purposes.

5.2 What We Do NOT Collect from QR Code Scans

IMPORTANT: ADDQR does not collect personally identifiable information (PII) from QR code scans themselves. We do not collect:

  • Names, email addresses, or phone numbers

  • Financial or payment information

  • Health information or sensitive data

  • Any personal information submitted through Lead Forms or other forms embedded in QR codes

Any personal data collected through QR codes is collected by you through Lead Forms or other data collection features you intentionally create. You are the data controller for all such data.

5.3 QR Code Analytics Disclaimer

You acknowledge that:

  • QR code scan analytics are provided “as is” without warranties

  • Scan data may be incomplete, delayed, or inaccurate due to technical limitations

  • We do not guarantee the accuracy or completeness of analytics data

  • ADDQR is not liable for any decisions made based on analytics data

6. Analytics and Tracking Technologies

6.1 Google Analytics

We use Google Analytics to collect and analyze information about how users interact with the Service.

Data Collected:

  • Pages viewed and time on site

  • User interactions and click behavior

  • Device and browser information

  • Geographic location (country, region, city)

  • Referring websites and traffic sources

  • Demographic information (age, gender, interests)

Data Use:

  • To understand user behavior and preferences

  • To improve Service features and content

  • To measure marketing effectiveness

  • To generate usage reports and insights

Your Privacy Choices:

  • Google Analytics uses cookies to collect data

  • You can opt out by installing the Google Analytics Opt-out Browser Add-on

  • Learn more about Google’s privacy practices at https://policies.google.com/privacy

6.2 Microsoft Clarity

We use Microsoft Clarity to understand how users interact with the Service through session recordings and heatmaps.

Data Collected:

  • Mouse movements, clicks, and scroll behavior

  • Touch interactions and gestures

  • Session recordings (with sensitive data masked)

  • Heatmaps showing user engagement patterns

  • Device type, screen resolution, and browser information

  • Anonymized IP addresses for geolocation

  • Page navigation and user flow

Privacy Features:

  • Sensitive form fields (passwords, payment information) are automatically masked

  • IP addresses are partially anonymized

  • No personally identifiable information (PII) is intentionally collected

Consent and Control:

  • For users in the EEA, UK, and Switzerland, we obtain explicit consent before activating Clarity tracking

  • You can manage consent through our cookie banner or browser settings

  • Clarity complies with GDPR and CCPA requirements

Learn More:

6.3 Cookies and Similar Technologies

We use cookies, web beacons, and similar tracking technologies for:

  • Essential Cookies: Required for Service functionality (authentication, security, session management)

  • Analytics Cookies: Used by Google Analytics and Microsoft Clarity to collect usage data

  • Preference Cookies: To remember your settings and preferences

  • Marketing Cookies: To deliver personalized content and measure advertising effectiveness

Your Cookie Choices:

  • You can control cookie settings through your browser preferences

  • Disabling cookies may limit Service functionality

  • EEA, UK, and Swiss users can manage consent through our cookie consent banner

  • Learn more in our Cookie Policy

6.4 Do Not Track

Currently, we do not respond to “Do Not Track” (DNT) browser signals. We adhere to the standards outlined in this Privacy Policy for lawful data collection and processing.

7. Data Retention

7.1 How Long We Keep Your Data

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Account Data:

  • Retained for the duration of your active account

  • After account deletion, we may retain certain data for up to 30-90 days for backup and recovery purposes

  • Some data may be retained longer to comply with legal, accounting, or regulatory obligations

QR Code and Analytics Data:

  • QR code data and scan analytics are retained according to your account type and subscription plan

  • After account termination, QR codes may cease to function and data may be deleted

Lead Form Data:

  • ADDQR stores the structure of Lead Forms you create

  • End-User Data submitted through your Lead Forms is YOUR responsibility to retain, delete, or manage in compliance with applicable laws

  • You are responsible for downloading and storing End-User Data as needed

  • ADDQR will retain End-User Data on its servers for the duration of your account and for a reasonable backup period after deletion, unless you request earlier deletion

Communications and Support Data:

  • Customer support communications may be retained for quality assurance and legal compliance

7.2 Data Deletion

You may request deletion of your personal data by contacting us at [email protected]. Please note:

  • We will delete or anonymize your data unless retention is required by law

  • Deletion may be delayed for backups, disaster recovery, or technical reasons

  • Some information may remain in aggregated or anonymized form

  • You are responsible for deleting End-User Data collected through Lead Forms

8. Data Security

8.1 Security Measures

We implement basic security measures to protect your personal information from unauthorized access, loss, misuse, alteration, and disclosure, including:

  • Encryption of data in transit (HTTPS/TLS)

  • Basic database access controls and firewalls

  • Regular automated backups

  • Employee training on data protection

8.2 Limited Security for Lead Form Data

If you use Lead Forms to collect End-User Data:

  • ADDQR provides basic security measures only (HTTPS encryption, database access controls, regular backups)

  • ADDQR is NOT HIPAA-compliant, PCI-DSS-compliant, or SOC 2-certified

  • You are responsible for implementing additional security measures for End-User Data outside of ADDQR’s systems

  • You should implement encryption, secure storage, and access controls for data beyond what ADDQR provides

  • ADDQR disclaims liability for data breaches or security incidents affecting End-User Data

8.3 Limitations

While we strive to protect your information, no security system is impenetrable. We cannot guarantee absolute security, and you acknowledge that:

  • No method of electronic transmission or storage is 100% secure

  • You transmit information at your own risk

  • You are responsible for maintaining the confidentiality of your account credentials

  • You should use strong, unique passwords and enable two-factor authentication when available

8.4 Data Breach Notification

In the event of a confirmed or suspected data breach affecting your personal information or End-User Data stored on ADDQR servers:

  • ADDQR will notify you within 24-48 hours of discovering the breach

  • We will provide information about the nature of the breach, affected data categories, and remedial actions

  • You are responsible for notifying affected end users in compliance with GDPR (typically within 30 days), CCPA, and other applicable laws

  • ADDQR will cooperate with your breach notification and regulatory obligations

For End-User Data breaches: If a breach is caused by ADDQR’s failure to maintain basic security measures, ADDQR is liable for direct costs. If a breach is caused by your inadequate security measures or compromised credentials, you are liable.

9. Your Privacy Rights

9.1 Rights for All Users

All users have the right to:

  • Access: Request information about the personal data we hold about you

  • Correction: Request correction of inaccurate or incomplete data

  • Deletion: Request deletion of your personal data (subject to legal exceptions)

  • Opt-Out: Unsubscribe from marketing emails at any time

  • Withdraw Consent: Withdraw consent for data processing where consent is the legal basis

9.2 GDPR Rights (EEA, UK, Switzerland Users)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

  • Right of Access: Request a copy of your personal data

  • Right to Rectification: Correct inaccurate personal data

  • Right to Erasure (“Right to be Forgotten”): Request deletion of your personal data

  • Right to Restriction of Processing: Request that we limit how we use your data

  • Right to Data Portability: Receive your data in a portable format and transfer it to another service

  • Right to Object: Object to processing based on legitimate interests or for direct marketing

  • Right Not to Be Subject to Automated Decision-Making: Including profiling

Note: If you create Lead Forms, end users have these rights regarding the data they submit. You are responsible for responding to end-user requests regarding their data according to the Data Processing Agreement.

9.3 CCPA Rights (California Residents)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request information about the categories and specific pieces of personal information we collect, use, disclose, and sell

  • Right to Delete: Request deletion of your personal information

  • Right to Opt-Out: Opt out of the “sale” of personal information (note: we do not sell personal information)

  • Right to Non-Discrimination: Exercise your rights without discriminatory treatment

California Notice of Collection:

In the past 12 months, we have collected the following categories of personal information:

  • Identifiers (name, email, IP address, account ID)

  • Customer records (billing address, payment information)

  • Commercial information (purchase history, QR code usage)

  • Internet activity (interactions with the Service, browsing behavior)

  • Geolocation data (city, state, country from IP address)

  • Visual data (photos, logos uploaded by users)

9.4 Other U.S. State Privacy Rights

Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws may have similar rights. Contact us at [email protected] to exercise your rights.

9.5 How to Exercise Your Rights

To exercise any of these rights:

  • Email us at: [email protected]

  • Include “Privacy Rights Request” in the subject line

  • Provide your name, email address, and specific request

  • We will respond within the timeframes required by applicable law (typically 30-45 days)

We may request additional information to verify your identity before processing your request.

10. International Data Transfers

10.1 Location of Data Processing

ADDQR is based in the United States. Your personal information may be transferred to, stored, and processed in the United States and other countries where we or our service providers operate.

10.2 Safeguards for International Transfers

For users in the EEA, UK, or Switzerland, we ensure that international data transfers are protected by appropriate safeguards, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission

  • Adequacy decisions recognizing certain countries as providing adequate data protection

  • Other legally recognized transfer mechanisms

10.3 Data Protection Standards

Countries outside the EEA may not have the same data protection laws as your jurisdiction. We ensure that your data receives substantially similar protection regardless of where it is processed.

11. Children’s Privacy

The Service is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children.

If we learn that we have collected personal information from a child without parental consent, we will promptly delete such information. If you believe we have collected information from a child, please contact us at [email protected].

12. Third-Party Services and Links

The Service may contain links to third-party websites, applications, or services not operated by ADDQR. We are not responsible for the privacy practices of third parties.

We encourage you to review the privacy policies of any third-party services you access. This Privacy Policy applies only to information collected by ADDQR.

13. Your Role as Data Controller for Lead Forms

13.1 When You Use Lead Forms

If you use the Service to create Lead Forms that collect personal information from end users:

  • You are the data controller (or “business” under CCPA) for all End-User Data collected through your Lead Forms

  • ADDQR acts as a data processor (or “service provider” under CCPA) as specified in the Data Processing Agreement

  • You are solely responsible for:

    • Complying with all applicable data protection laws (GDPR, CCPA, HIPAA, CCRA, CAN-SPAM, etc.)

    • Obtaining explicit, informed consent from end users before collecting their data

    • Providing clear privacy notices disclosing what data you collect, how you use it, and with whom you share it

    • Assessing ADDQR’s security measures and determining if they are adequate for your use

    • Implementing additional security measures to protect End-User Data outside ADDQR’s infrastructure

    • Retaining, managing, and deleting End-User Data in compliance with applicable laws

    • Responding to data subject requests (access, deletion, portability) from individuals whose data you collected

    • Notifying affected individuals in the event of a data breach involving data you collected

    • Backing up and downloading End-User Data regularly to your own secure systems

13.2 ADDQR’s Limited Role and Responsibilities

ADDQR will:

  • Provide basic security measures (HTTPS, database access controls, regular backups) for End-User Data stored on ADDQR servers

  • Notify you of breaches affecting End-User Data within 24-48 hours

  • Assist with your data subject access requests

  • Delete or return End-User Data upon your request or account termination

  • Provide a Data Processing Agreement outlining processor obligations

  • ADDQR will NOT provide HIPAA, PCI-DSS, or SOC 2 compliance

ADDQR will NOT:

  • Monitor, review, or verify the lawfulness of your Lead Forms or data collection practices

  • Provide legal advice regarding data protection compliance

  • Verify your consent mechanisms or privacy disclosures

  • Respond to end-user data subject requests (you must respond)

  • Be liable for your failure to comply with data protection laws

  • Share End-User Data with third parties except as necessary to provide the Service

13.3 End-User Data Access and Requests

For data protection inquiries related to Lead Forms or End-User Data, end users should contact the creator of the Lead Form directly. ADDQR is not responsible for responding to end-user requests regarding data collected by you. You are responsible for providing mechanisms for end users to contact you and exercise their rights.

14. Data Processing Agreement

For customers using Lead Forms or other data collection features involving processing of personal data, ADDQR will provide a Data Processing Agreement (DPA) that outlines:

  • ADDQR’s specific obligations as a data processor under GDPR Article 28 and similar regulations

  • Basic security measures ADDQR implements (HTTPS, database access controls, regular backups)

  • Liability allocation between ADDQR and the data controller

  • Data subject request procedures

  • International data transfer mechanisms

  • Breach notification procedures

  • Explicit disclaimer that ADDQR does not provide HIPAA, PCI-DSS, or SOC 2 compliance

You must execute a Data Processing Agreement before using Lead Forms or other data collection features.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes:

  • We will post the updated Privacy Policy on this page with a new “Effective Date”

  • We may notify you via email or through a prominent notice on the Service

  • Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

ADDQR
Email: [email protected]
General Inquiries: [email protected]

For GDPR-related inquiries (EEA, UK, Switzerland):

Email: [email protected]
Include “GDPR Request” in the subject line

For CCPA-related inquiries (California residents):
Email: [email protected]
Include “CCPA Request” in the subject line

For End-User Privacy Rights related to Lead Forms:
Contact the Lead Form creator directly. To request creator contact information, email: [email protected]


17. Regulatory Authorities

17.1 GDPR Complaints (EEA, UK, Switzerland)

If you are not satisfied with our response to your privacy concern, you have the right to lodge a complaint with your local data protection authority:

  • EU Residents: Contact your national data protection authority

  • UK Residents: Information Commissioner’s Office (ICO) – www.ico.org.uk

  • Swiss Residents: Federal Data Protection and Information Commissioner (FDPIC)

17.2 CCPA Complaints (California)

California residents may contact the California Attorney General’s Office:

  • Website: oag.ca.gov/contact

  • Phone: (916) 210-7580

Last Updated: November 21, 2025

By using ADDQR, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.