Privacy Policy

Last updated: June 08, 2026

At Online QR Code Scanner ("Online QR Code Scanner", "we", "us", or "our"), your privacy is not a feature — it is the foundation our platform is built on. This Privacy Policy explains what information we collect, why we collect it, how it is used, and what rights you have over it.

Please read this policy carefully. For non-essential data processing (such as analytics or advertising cookies), we rely on your explicit consent where required by law — not on your continued use of the Service. If you do not agree with this policy, please stop using the Service.

1. Who We Are (Data Controller)

The data controller responsible for your personal data is Online QR Code Scanner, operating the website at onlineqrcodescanner.com. For all privacy-related enquiries, contact us at: [email protected].

2. The Core Principle: Client-Side Processing

Every tool on Online QR Code Scanner is designed to run entirely inside your web browser. Files you open, text you enter, images you process, codes you generate, and any other data you provide to our tools are never uploaded to, transmitted to, or stored on our servers. All computation happens locally on your device. When you close the tab, that data is gone.

This is a technical guarantee, not just a policy statement. Our servers never see your tool inputs.

3. Information We Collect

Despite our client-side architecture, we may collect a small amount of technical information through standard web infrastructure. Here is exactly what that includes:

3.1 Automatically Collected Technical Data

When you visit our website, our hosting infrastructure may automatically record standard server log data including:

• Your IP address (anonymized where possible)
• Browser type and version
• Operating system
• Referring URL
• Pages visited and timestamps
• Device type (desktop, mobile, tablet)

This data is used solely for security monitoring, preventing abuse, and diagnosing technical problems. It is not used to build personal profiles or for marketing.

3.2 Cookies and Local Storage

We use minimal browser storage technologies to improve your experience:

• Functional / Strictly Necessary: We store your preferences such as color theme (dark/light mode), recently used tools, and favourite tools in your browser's localStorage. This data never leaves your device and requires no consent under any privacy law.
• Analytics Cookies (if enabled): If we use a web analytics service (such as Google Analytics or a privacy-respecting alternative), it may set cookies to help us understand aggregate traffic patterns — such as which tools are most popular and where visitors come from. This data is anonymized and aggregated. We do not use it to identify individual users.
• Advertising Cookies (if enabled): If advertising is active on the site, third-party ad networks (such as Google AdSense) may use cookies to serve relevant advertisements based on your prior visits to this or other websites. See Section 5 for details and opt-out options.

3.3 Information You Voluntarily Provide

If you contact us through our contact form or by email, we collect your name, email address, and the content of your message. This is used solely to respond to your enquiry and is not shared with any third party.

Providing personal data is not mandatory. You are not required to provide any personal data to use our tools. However, if you choose not to provide certain information (such as your email address on the contact form), we may not be able to respond to your enquiry.

4. How We Use Your Information

We use the information we collect for the following purposes:

• To operate, maintain, and improve the Service
• To diagnose technical issues and ensure the security of our infrastructure
• To respond to your support requests and enquiries
• To understand how visitors use the site in aggregate (analytics)
• To serve advertisements (if applicable), which funds the free operation of this service
• To comply with applicable legal obligations

We do not sell, rent, or trade your personal data. We do not use your data for automated profiling or decision-making that has a legal or significant effect on you.

5. Third-Party Services

We may use the following categories of third-party services. Each operates under its own privacy policy and, where applicable, a Data Processing Agreement (DPA) with us:

• Google Tag Manager (GTM): We use Google Tag Manager to manage and deploy analytics and marketing scripts on our website. GTM itself does not set cookies or collect personal data independently, but it may load scripts (such as Google Analytics or ad tracking) that do. When GTM loads, it makes a connection to Google servers which may transmit technical data such as your IP address. For EEA users, we ensure GTM and its triggered tags only fire after you have provided valid consent. Google Privacy Policy.
• Google Analytics: We may use Google Analytics to understand aggregate usage patterns — such as which tools are most popular and how visitors find us. This service collects data including page views, session duration, device type, and approximate geographic location. We use IP anonymization where available. You can opt out via the Google Analytics Opt-out Browser Add-on or by managing your consent preferences on our site.
• Google Search Console: We use Google Search Console to monitor our website's search performance. This service processes aggregate data about how our site appears in Google Search. It does not set cookies on your browser.
• Advertising Networks (Google AdSense and others): We display advertisements served by Google AdSense and may use other ad networks. These services use cookies to serve ads based on your prior visits to this or other websites. You can opt out of personalised advertising by visiting Google's Ad Settings, aboutads.info, or youronlinechoices.eu (EU users).
• Affiliate Networks: We participate in affiliate programmes (including the Amazon Associates Programme and others). When you click an affiliate link, the merchant's tracking system records that referral. We do not receive your personal data from these clicks — only aggregate commission reports. See our Affiliate Disclosure for full details.
• Contact Form: Our contact form may be powered by a third-party service (such as Web3Forms). Only the data you enter into the form is transmitted to that service for delivery to us. It is not used for marketing.
• Hosting & CDN: Our site is delivered via a web host and content delivery network which may process technical access logs as described in Section 3.1.

We do not use social media tracking pixels or share your personal data with social media companies without your explicit consent.

6. Legal Basis for Processing

6.1 EU GDPR and UK GDPR

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), we process your data under the following legal bases as defined in Article 6 of the EU GDPR and the UK GDPR:

• Legitimate Interests (Art. 6(1)(f)): Processing server logs for security monitoring and abuse prevention.
• Consent (Art. 6(1)(a)): Setting non-essential analytics or advertising cookies — where applicable, only after you have provided valid, prior, informed consent.
• Contract (Art. 6(1)(b)): Processing your contact details to respond to your enquiry.
• Legal Obligation (Art. 6(1)(c)): Retaining data as required by applicable law.

6.2 Brazil LGPD

If you are located in Brazil, we process your personal data under the legal bases established by the Lei Geral de Proteção de Dados (LGPD). The applicable bases are: consent (for analytics and advertising cookies), legitimate interest (for security logging), and exercising rights in judicial, administrative or arbitration proceedings where applicable. Your LGPD rights are listed in Section 8 below.

6.3 Switzerland (FADP/nDSG)

If you are located in Switzerland, we process your personal data in accordance with the Federal Act on Data Protection (FADP, entered into force September 2023). The FADP generally follows similar principles to the GDPR. Data transfers from Switzerland are governed by safeguards equivalent to Standard Contractual Clauses as recognised by the Swiss Federal Data Protection and Information Commissioner (FDPIC).

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy. Server log data is typically retained for up to 90 days. Contact form submissions are retained only for as long as needed to resolve your enquiry. Cookies expire according to the schedule set by each specific cookie (typically 30 days to 2 years for analytics).

Local storage data (your preferences, favourites, recent tools) is stored on your device indefinitely until you clear your browser storage or use the in-app reset option.

8. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data. To exercise any of these rights, contact us at [email protected]. We will respond to verified requests within 30 days (or within any shorter period required by applicable law).

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data ("right to be forgotten"). Under LGPD, this also includes the right to request anonymization of your data.
• Right to Restrict Processing: Request that we limit how we use your data.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or for direct marketing.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing before withdrawal.
• Right to Information About Sharing: Request information about which third parties we have shared your data with (applicable under LGPD and CCPA).
• CCPA/CPRA Rights (California residents): The right to know what personal information we collect, the right to delete it, the right to correct it, and the right to opt out of sale or sharing for cross-context behavioural advertising (we do not sell personal data; our use of ad networks may constitute "sharing" as defined by CPRA).

You also have the right to lodge a complaint with your local data protection supervisory authority. This includes: the ICO (United Kingdom), your national DPA (EU), the FDPIC (Switzerland), or the ANPD (Brazil).

9. Children's Privacy

Our Service is not directed to children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately and we will delete it.

10. International Data Transfers

Our website is operated from San Francisco, CA. The third-party services we use (including Google Analytics, Google Tag Manager, Google AdSense, and our hosting and CDN provider) may process data on servers located in various countries, including within the European Union and outside it (such as the United States). These providers may change as we evolve our infrastructure. If you access our Service from the European Economic Area (EEA), the United Kingdom, Switzerland, or Brazil, your data may be transferred to and processed in the third country.

Where personal data is transferred from the EEA or UK to a third country, we rely on appropriate transfer safeguards, including:

• EU Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914)
• UK International Data Transfer Agreements (IDTAs) or UK Addendum to EU SCCs
• EU-U.S. Data Privacy Framework — Google LLC is certified under this framework
• Swiss SCCs as recognised by the FDPIC for transfers under the Swiss FADP

11. Security

We take reasonable technical and organisational measures to protect information against unauthorised access, loss, or destruction. Our site is served over HTTPS. However, no method of internet transmission is 100% secure, and we cannot guarantee absolute security.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Where a change is material — for example, a new category of data we collect or a new third-party service — we will take reasonable steps to notify you (such as a notice on our website). We encourage you to review this policy periodically. If changes affect processing based on your consent, we will request your consent again where required by law.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

• Email: [email protected]
• Website: Contact Page