Privacy Policy for freecustomqrcode.com

Last Updated: June 6, 2026

This Privacy Policy explains how freecustomqrcode.com ("the Service," "we," "us," or "our") collects, uses, and protects information when you visit our website or use our QR code generator. The Service is operated as a sole proprietorship based in Ontario, Canada.

By using the Service, you consent to the practices described in this Policy.

1. Who we are

freecustomqrcode.com is a QR code generator operated by an independent developer in Ontario, Canada. For privacy questions or requests, contact us at support@freecustomqrcode.com.

2. What information we collect

We collect different types of information depending on how you use the Service.

Information you provide voluntarily:

• Account information (paid subscribers only): Your name, email address, and password. This is used to manage your account, deliver Service features, and contact you regarding your subscription.
• Payment information: When you subscribe to a paid plan, payment processing is handled by Stripe. We do not store your credit card number or full payment details on our servers. We receive and store a Stripe customer ID, your subscription status, and billing history for the purpose of managing your subscription.
• Support requests: When you contact us through the Support form or by email, we receive your name, email address, and the contents of your message.
• QR code content: When you generate or save a QR code, we may store the data you encode into it (URLs, text, contact information, etc.) and the customization settings you applied (colors, logos, frames). For free users, this data is processed but not retained beyond the session.

Information collected automatically:

• Technical data: When you visit the Service, our servers may log your IP address, browser type and version, operating system, referring URL, pages visited, and timestamps. This is standard server-log information used for security, troubleshooting, and analytics.
• QR code scan analytics (paid subscribers): When someone scans a QR code generated through a paid account with tracking enabled, we record the timestamp of the scan, the approximate location derived from the scanning device's IP address, and the device/browser type. This data is provided to the account holder through their analytics dashboard. We do not collect personal information about the people scanning the codes.
• Cookies and similar technologies: See Section 4.

3. How we use information

We use the information we collect for the following purposes:

• To provide and operate the Service
• To process payments and manage subscriptions
• To respond to support requests
• To provide QR code analytics to paid subscribers
• To improve the Service through aggregated, anonymized analytics
• To detect and prevent fraud, abuse, and security threats
• To comply with legal obligations

We do not sell your personal information to third parties.

4. Cookies and tracking technologies

The Service uses cookies and similar technologies to function correctly and to understand how visitors use the site. The categories of cookies used include:

• Essential cookies: Required for the site to function. These manage login sessions, shopping-cart-style state during account creation, and security features. These cannot be disabled.
• Analytics cookies: Set by Google Analytics (via Site Kit) to help us understand visitor traffic patterns, popular pages, and general site usage. These help us improve the Service.
• Payment processing cookies: Stripe sets cookies during checkout to detect fraud and complete transactions securely. See Stripe's privacy policy at https://stripe.com/privacy.
• Cookie consent: A cookie is set to remember your cookie-consent preferences once you have provided them.

You can manage your cookie preferences through the cookie consent banner that appears when you first visit the site, or by clearing your browser's cookies at any time. Disabling some cookies may affect site functionality.

5. Third-party services we use

We work with the following third-party services. Each has its own privacy practices, governed by their respective policies:

• Stripe — Payment processing (https://stripe.com/privacy)
• Google Analytics / Site Kit — Visitor analytics (https://policies.google.com/privacy)
• Google AdSense — When enabled, AdSense and Google's advertising partners may use cookies to serve ads based on visits to this site and other sites. You can opt out of personalized advertising at https://www.google.com/settings/ads
• Web hosting provider — Standard server logs and infrastructure

6. How long we keep your data

• Account data is retained for as long as your account is active. If you close your account, we will delete or anonymize your personal information within 90 days, except where retention is required for legal, tax, or accounting purposes.
• Payment records are retained for the period required by Canadian tax law (currently 6 years).
• Server logs are retained for up to 12 months and then deleted or anonymized.
• Support correspondence is retained for up to 24 months to maintain a history of past issues.

7. Your rights

Depending on where you live, you may have legal rights regarding your personal information.

For all users:

• The right to access the personal information we hold about you
• The right to request correction of inaccurate information
• The right to request deletion of your information (subject to legal retention requirements)
• The right to withdraw consent at any time

For visitors in the European Union, United Kingdom, and European Economic Area (under the GDPR):

You have additional rights including the right to data portability, the right to object to processing, the right to restrict processing, and the right to lodge a complaint with a supervisory authority in your country. The legal basis for our processing is contract performance (for account holders), legitimate interest (for site analytics and security), and consent (for non-essential cookies and marketing).

For Canadian residents (under PIPEDA): You have the right to access your personal information and request corrections. Complaints may be directed to the Office of the Privacy Commissioner of Canada (https://www.priv.gc.ca).

To exercise any of these rights, email us at support@freecustomqrcode.com. We will respond within 30 days.

8. Children's privacy

The Service is not intended for use by children under 13 (or under the age of digital consent in your country, whichever is higher). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

9. International data transfers

The Service is operated from Canada, but we use third-party services (such as Stripe and Google) that may process data in the United States and other countries. By using the Service, you consent to the transfer of your information to these jurisdictions, which may have different data protection laws than your home country.

10. Data security

We take reasonable measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include encrypted data transmission (HTTPS), restricted access to systems containing personal information, and regular security reviews. However, no method of internet transmission or electronic storage is completely secure, and we cannot guarantee absolute security.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The "Last Updated" date at the top will reflect the most recent revision. For significant changes, we will provide notice through a banner on the site or by email to account holders.

12. Contact us

For any questions about this Privacy Policy, or to exercise your privacy rights:

Email: support@freecustomqrcode.com Support form: https://www.freecustomqrcode.com/support/

---

Word count: ~1,150 words. AdSense expects Privacy Policies to be comprehensive — this length is appropriate.

What this Policy covers that the WordPress default did not:

• Stripe (essential — you're processing payments)
• Google Analytics / Site Kit (mentioned by name)
• Google AdSense (pre-disclosed for the upcoming review)
• Your QR code analytics system (IPs, device data, location estimation)
• Specific data retention periods
• GDPR rights for your European visitors (with named legal bases)
• PIPEDA reference for Canadian visitors
• Children's privacy section (COPPA / required by AdSense)
• International data transfer disclosure (required when using US-based services)

What it deliberately doesn't include:

• A claim that this is legally certified — it's not. The disclaimer in our conversation should remind you to upgrade to a proper tool-generated or lawyer-reviewed version eventually.
• Newsletter language — you don't have one
• Specific cookie list with names and expiry — that level of detail is usually handled by the cookie consent banner UI, not the policy itself. Acceptable for AdSense.

Things you may want to adjust before publishing:

1. The "Last Updated" date — currently June 6, 2026. Use today's actual date when you publish.
2. The retention periods — I picked numbers that are reasonable defaults (90 days for closed accounts, 12 months for server logs, 24 months for support). If you have a different practice in mind, adjust.
3. Your name in Section 1 — I kept it anonymous ("an independent developer"). If you want to identify yourself as Byron, change "operated by an independent developer in Ontario, Canada" to "operated by Byron [Last Name], an independent developer in Ontario, Canada." Up to you.
4. The Pressidium Cookie Consent plugin — I didn't name it specifically. If the cookie consent banner identifies a specific provider, you may want to add a sentence mentioning it. Or leave generic — also fine.