QR Code Manager

Privacy Policy

As of: April 2026

1. Controller

The controller within the meaning of the GDPR is:
Konstantin Seiller-Tarbuk
Döblinger Hauptstraße 71, 1190 Wien, Austria
Email: info@qrcode-manager.org

2. Data We Collect

2.1 When creating a QR code (without an account)

  • The entered destination URL
  • Optional title
  • Optional email address (for trial reminders)
  • IP address (for rate limiting, not stored permanently)

2.2 When creating an account

  • Email address
  • Optional name
  • Password (stored encrypted, no access by us)

2.3 When scanning a QR code

  • Time of scan
  • Device type and operating system (derived from user agent)
  • Referrer URL (where the scan came from)
  • No IP addresses of scanners are stored permanently

2.4 For orders

  • Name and delivery address
  • Email address
  • Payment information (processed by Stripe, not stored by us)

3. Legal Basis

  • Contract performance (Art. 6(1)(b) GDPR): Processing of QR code data and orders to provide our service.
  • Legitimate interest (Art. 6(1)(f) GDPR): Security logs, rate limiting, abuse prevention.
  • Consent (Art. 6(1)(a) GDPR): For optional email notifications.

4. Third-Party Providers

Supabase (Database & Authentication)

We use Supabase for database and user authentication. Data is stored on servers in the EU (Frankfurt). Privacy policy: supabase.com/privacy

Stripe (Payment Processing)

Payments are processed via Stripe. Stripe is PCI-DSS certified. Payment data is processed exclusively by Stripe and not stored with us. Data transfers to the USA may occur (standard contractual clauses are in place). Privacy policy: stripe.com/privacy

Vercel (Hosting)

The website is hosted on Vercel. Server location: Europe (Frankfurt). Privacy policy: vercel.com/legal/privacy-policy

Google Analytics / Google Tag Manager

We use Google Analytics (via Google Tag Manager) for anonymised analysis of website usage. IP anonymisation is enabled. You can opt out at: tools.google.com/dlpage/gaoptout

5. Retention Periods

  • QR code data: Until deletion by the user or 2 years after last activity
  • Scan logs: 12 months, then automatically deleted
  • Order data: 7 years (statutory retention obligation)
  • Account data: Until account deletion by the user

6. Your Rights

You have the following rights under the GDPR:

  • Access (Art. 15): What data we hold about you
  • Rectification (Art. 16): Have incorrect data corrected
  • Erasure (Art. 17): Have your data deleted
  • Restriction (Art. 18): Restrict processing
  • Data portability (Art. 20): Receive data in machine-readable format
  • Objection (Art. 21): Object to certain processing activities

Requests to: datenschutz@qrcode-manager.org

You also have the right to lodge a complaint with the Austrian Data Protection Authority: dsb.gv.at

7. Cookies

We use only technically necessary cookies for authentication (session cookies). Analytical cookies are only set with your consent.