QR Tracker

Privacy Policy

This policy is a working draft pending review by a qualified EU lawyer. The facts stated here accurately reflect how the service operates today; the language may be revised before final publication.


What data is collected

When a QR code with analytics enabled is scanned, QR Tracker records the approximate location of the scan (city, region, country, and coordinates rounded to roughly 1.1 km) together with a timestamp. No other personal data is collected from the scanner.

How location is derived

Location is derived by looking up the scanner's IP address against a locally-hosted copy of the MaxMind GeoLite2-City database. This lookup happens entirely on QR Tracker's own servers. The IP address itself is not stored and is not transmitted to any third party.

Who the data is shared with

Scan records — timestamp and approximate location — are made available to the owner of the QR code via their analytics dashboard. They are not sold or shared with any other party.

Legal basis for processing

Processing is carried out on the basis of the legitimate interests of the QR code owner (GDPR Article 6(1)(f)). QR code owners have a legitimate interest in understanding the reach and geographic spread of their content. The processing is minimal (coarse location only, IP not stored), performed locally with no third-party transfer, and consistent with the reasonable expectations of someone scanning a commercial or promotional QR code.

Retention and deletion

Scan records are retained for as long as the associated QR code exists. When a QR code owner deletes a QR code, all of its scan history is permanently deleted at the same time. QR code owners may delete their codes — and therefore their scan data — at any time from their dashboard.

Contact

For privacy-related queries, please contact us at privacy@waketfup.org.