Logo
GenerateMy codesExplore

Privacy Policy

Last updated: June 2025

QR AI (“we,” “us,” or “our”) operates the website at qr-ai.co (the “Service”). This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information. By using the Service, you agree to the practices described here.

1. Information We Collect

Account information. If you sign in with Google, we receive your name, email address, and profile picture from Google OAuth. We store your email to identify your account and link images you generate to it.

Guest sessions. If you use the Service without signing in, we assign your session an anonymous guest identifier (a randomly generated ID beginning with “guest_”). This ID is stored in your browser session and is used to associate images you generate during that session. No personally identifiable information is collected for guest users. If you later sign in, your guest-generated images are transferred to your account.

Generated images and URLs. When you generate a QR code, we store the resulting image files and the URL you provided. Images are retained in your personal gallery until you delete them. We do not inspect or use the URLs you enter for any purpose other than generating your QR code.

Usage data. We collect anonymized analytics events (such as page views, feature interactions, and generation events) to understand how the Service is used and to improve it.

2. How We Use Your Information

  • To operate and deliver the QR code generation service
  • To associate generated images with your account and maintain your gallery
  • To process credit purchases and manage your subscription status
  • To improve the Service based on aggregated usage analytics
  • To communicate with you about your account if necessary

We do not sell, rent, or share your personal information with third parties for their own marketing purposes.

3. Third-Party Services and Data Processors

We rely on the following third-party services to operate QR AI. Each processes data on our behalf under their own privacy policies:

  • Google OAuth (Google LLC) — handles sign-in authentication. When you choose “Sign in with Google,” Google authenticates your identity and shares your basic profile with us. Subject to Google’s Privacy Policy.
  • Amplitude — provides product analytics. We send anonymized event data (e.g., page views, feature usage) to Amplitude to understand how the Service is used. Amplitude may set cookies or use device identifiers. Subject to Amplitude’s Privacy Policy.
  • Stripe (Stripe, Inc.) — processes credit purchases and payments. When you purchase credits, payment details are submitted directly to Stripe; we never store your full card number. Subject to Stripe’s Privacy Policy.
  • AWS S3 (Amazon Web Services) — stores generated image files. Both the original AI-generated image and a watermarked version are uploaded to private S3 buckets in the US West (N. California) region. Subject to AWS’s Privacy Policy.
  • MongoDB Atlas (MongoDB, Inc.) — stores user account data and image metadata (URLs, timestamps, credit balances). Data is hosted on Atlas infrastructure in the United States. Subject to MongoDB’s Privacy Policy.

4. Cookies and Local Storage

We use session cookies to maintain your authenticated state. Amplitude may set analytics cookies to track usage across sessions. We do not currently use advertising cookies. You can disable cookies in your browser settings; note that this may prevent some Service features from working correctly.

5. Data Retention

Account data is retained as long as your account is active. Generated images are stored until you delete them from your gallery. Guest session data (anonymous ID and associated images) is retained for 30 days and then deleted automatically. You may request deletion of your account and associated data at any time by contacting us.

6. Your Rights

Depending on your location, you may have rights to access, correct, or delete your personal data, or to restrict how we process it. To exercise these rights, please contact us at the address below. We will respond to verifiable requests within 30 days.

7. Children’s Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided personal information through our Service, please contact us and we will delete it promptly.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be noted by updating the “Last updated” date at the top of this page. Continued use of the Service after changes constitutes acceptance of the revised policy.

9. Contact

For privacy-related questions or data requests, please contact us at: support@qr-ai.co

Note: This policy is provided for informational purposes. We recommend consulting a legal professional before finalizing privacy policies for commercial use.