GDPR Compliance
Your data protection rights under the General Data Protection Regulation
Last updated: December 3, 2025
Your Data Protection Rights
Under GDPR, you have the following rights regarding your personal data:
Right to Access
You have the right to request a copy of all personal data we hold about you.
Right to Rectification
You can request correction of inaccurate or incomplete personal data.
Right to Erasure
You can request deletion of your personal data (right to be forgotten).
Right to Restrict Processing
You can request limitation of how we process your personal data.
Right to Data Portability
You can request your data in a structured, machine-readable format.
Right to Object
You can object to processing of your personal data for specific purposes.
Data We Collect
We collect the following categories of personal data:
Account Information
- Name
- Email address
- Password (encrypted)
- Profile picture
- Company name
QR Code Data
- QR code content
- Design settings
- Custom domains
- Metadata
- Creation timestamps
Analytics Data
- Scan timestamps
- Geographic location (city/country)
- Device type
- Browser information
- Referral source
Usage Data
- Features accessed
- Pages viewed
- Session duration
- IP address (anonymized)
- Cookies
Payment Information
- Billing address
- Payment method (via Stripe)
- Transaction history
- Invoice details
How We Use Your Data
We process your personal data for the following purposes:
- Provide and maintain our QR code services
- Process your transactions and manage subscriptions
- Send you important service notifications
- Provide customer support
- Analyze usage patterns to improve our platform
- Prevent fraud and abuse
- Comply with legal obligations
- Send marketing communications (with your consent)
Legal Basis for Processing
We process your data based on:
Contract Performance
Processing necessary to provide our services as per our Terms of Service
Legitimate Interest
Improving our services, fraud prevention, and security
Consent
Marketing communications and non-essential cookies (when you opt-in)
Legal Obligation
Compliance with applicable laws and regulations
Data Retention
We retain your personal data only as long as necessary:
- Active accounts: Data retained while your account is active
- Deleted accounts: Most data deleted within 30 days; some retained for legal compliance (e.g., billing records)
- Analytics data: Anonymized data may be retained for statistical purposes
- Backups: Deleted data may persist in backups for up to 90 days
Exercise Your Rights
You can manage your data and privacy settings directly from your account:
International Data Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place:
- EU-US Data Privacy Framework compliance
- Standard Contractual Clauses (SCCs)
- Data encryption in transit and at rest
Questions or Concerns?
If you have questions about our GDPR compliance or wish to exercise your rights, please contact us:
Data Protection Officer:
Email: dpo@qrstudio.com
Support Team:
Email: privacy@qrstudio.com
We will respond to your request within 30 days as required by GDPR.
Related Documents: