Privacy Policy

Last updated: March 30, 2026

QRCodeMaps (“we”, “us”, “our”) operates the qrcodemaps.com website and QRCodeMaps platform. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our service.

1. Information We Collect

1.1 Account Information

When you register for an account, we collect:

  • Email address — used for authentication (magic link login), account communication, and support.
  • Name — optional, used for display within your organization.
  • Organization name — used to create your workspace.

We do not collect or store passwords. Authentication is handled via time-limited magic links sent to your email.

1.2 Content You Upload

When you use QRCodeMaps, you may upload:

  • Map images — floor plans, site maps, and other images you upload to create interactive maps.
  • Marker data — names, descriptions, positions, and colors of location markers you place on maps.
  • Organization settings — logo images, labels, and configuration preferences.

You retain ownership of all content you upload. We store it solely to provide the service.

1.3 Scan and Search Analytics

When a visitor scans a QR code on your map, we collect:

  • User agent string — used to determine device type, operating system, and browser for analytics.
  • Timestamp — when the scan or search occurred.
  • Search queries — what visitors search for on your maps.

This data is collected to provide you with analytics about how visitors navigate your space. We do not use this data for advertising or sell it to third parties.

1.4 Third-Party Integrations (Scale Plan)

If you enable third-party integrations on the Scale plan:

  • Google Analytics — if you add a GA4 Measurement ID, Google’s gtag.js script loads on your scan pages. Google collects visitor data according to their own privacy policy. We do not control or have access to data collected by Google.
  • Scan event API — if you configure an endpoint URL, we send scan event data (site, map, marker, device type, OS, browser) to your server on every QR code scan. You are the data controller for data received via this API.

1.5 Automatically Collected Information

When you visit our website, our servers may automatically log standard technical information including browser type, referring page, and pages visited. This data is used for security monitoring and service improvement.

2. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve the QRCodeMaps service.
  • Send authentication emails (magic links) and important service updates.
  • Generate analytics dashboards for your organization (scan data, search data, visitor insights).
  • Respond to support requests.
  • Detect and prevent fraud, abuse, and security issues.

We do not sell your personal information. We do not use your data for advertising. We do not share your data with third parties except as described below.

3. Data Sharing

We share data only in the following circumstances:

  • Email delivery — We use Mailgun to send authentication and notification emails. Mailgun processes your email address to deliver messages on our behalf.
  • Infrastructure providers — We use cloud hosting and storage providers to operate the service. These providers process data on our behalf under data processing agreements.
  • Customer-configured integrations — If you enable Google Analytics or the scan event API (Scale plan), visitor scan data is sent to those third-party services as you have configured. You are responsible for ensuring these integrations comply with applicable data protection laws.
  • Legal requirements — We may disclose information if required by law, regulation, or legal process.

4. Data Retention

  • Account data — retained as long as your account is active. Deleted upon account deletion request.
  • Uploaded content (maps, images, markers) — retained as long as your account is active. Deleted when you delete the content or your account.
  • Scan and search analytics — retained according to your plan’s analytics retention period (90 days for Starter, 1 year for Professional, 2 years for Scale; 7 days during the free trial). Data older than your retention period is not accessible through the dashboard or API.
  • Magic link tokens — expire after 15 minutes and are marked as used. Expired tokens are periodically purged.
  • Invite tokens — expire after 48 hours. Expired invites are periodically purged.

5. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • HTTPS encryption for all data in transit.
  • Passwordless authentication (no stored passwords to compromise).
  • Organization-scoped data isolation (users in one organization cannot access another organization's data).
  • Role-based access control within organizations.
  • File upload validation (type and size limits).

6. Your Rights

You have the right to:

  • Access your data — view all data associated with your account through the QRCodeMaps dashboard.
  • Export your data — download scan logs and search statistics as CSV files (Scale plan). For other plans, contact us for data export requests.
  • Delete your data — delete individual sites, maps, markers, or request full account deletion by contacting us.
  • Correct your data — update your name, email, and organization details through the settings pages.

To exercise these rights or for any privacy-related questions, contact us at contact@qrcodemaps.com.

7. Cookies

QRCodeMaps uses essential cookies for:

  • Session management — to keep you logged in after authenticating via magic link.
  • CSRF protection — to prevent cross-site request forgery attacks.

We do not use advertising cookies or tracking cookies. If an organization enables Google Analytics on their scan pages (Scale plan), Google may set its own cookies on visitors’ devices according to Google’s privacy policy. The organization enabling this integration is responsible for any required cookie consent notices at their venue.

8. Children's Privacy

QRCodeMaps is not directed to children under 16. We do not knowingly collect personal information from children. The QR code scan experience (visitor-facing maps) does not require any personal information from visitors.

9. International Data Transfers

Our servers and service providers may be located outside your country of residence. By using QRCodeMaps, you consent to the transfer of your information to these locations. We ensure appropriate safeguards are in place for international data transfers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The “Last updated” date at the top of this page indicates the most recent revision.

11. Contact Us

For privacy-related questions or requests:

  • Email: contact@qrcodemaps.com