Privacy Policy

How we collect, use, and protect your information

Last updated: 2026

Introduction

At ElkQR, we respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, and safeguard your data when you use our QR code generation platform.

Information We Collect

Personal Information

  • Account Information: Email address, name, phone number (optional)
  • Profile Data: Avatar images and profile settings
  • Communication: Messages sent through our contact forms and support

QR Code Data

  • Content: Information you embed in QR codes (URLs, contact details, text)
  • Files: Images, PDFs, and other files you upload
  • Settings: QR code customization preferences and configurations

Usage Information

  • Analytics: QR code scan data including location and device information
  • Platform Usage: How you interact with our service features
  • Technical Data: IP addresses, browser information, and access logs

Marketing Communications

  • Marketing Consent: Optional promotional emails and product updates (you choose during signup)
  • Consent Tracking: We track your consent with IP address and timestamp for GDPR compliance
  • Easy Withdrawal: Unsubscribe anytime through your profile settings or email links
  • Essential vs Marketing: Account notifications and service emails continue regardless of marketing consent
  • Transparency: You can view when and how you gave consent in your profile

Feedback and Bug Reports

  • Feedback Submissions: Messages and comments sent through the in-app feedback widget
  • Screenshots: Optional screenshots captured when submitting feedback or bug reports
  • Browser Information: Browser type and version for troubleshooting purposes
  • Page Context: URL of the page where feedback was submitted

How We Use Your Information

We use your information to:

  • Provide and maintain our QR code generation services
  • Process your QR code creation and management requests
  • Send service-related communications and updates
  • Provide customer support and respond to inquiries
  • Process and respond to bug reports and user feedback
  • Improve platform functionality based on user-reported issues
  • Analyze usage patterns to improve our platform
  • Ensure platform security and prevent abuse

Information Sharing

We do not sell, trade, or rent your personal information to third parties. We may share information only in these limited circumstances:

  • Service Providers: Trusted third-party services that help us operate our platform
  • Legal Requirements: When required by law, regulation, or legal process
  • Business Transfers: In connection with any merger, sale, or transfer of assets
  • Safety: To protect the rights, property, or safety of ElkQR, our users, or others

Data Security

We implement appropriate security measures to protect your personal information:

  • Encryption of sensitive data in transit and at rest
  • Daily encrypted backups for disaster recovery
  • Regular security assessments and monitoring
  • Access controls and authentication systems
  • Secure data centers and infrastructure
  • Feedback screenshots stored securely in encrypted cloud storage (Cloudflare R2)

Your Rights

You have the following rights regarding your personal information:

  • Access: Request access to your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your personal data
  • Export: Download your data in a portable format
  • Restriction: Limit how we process your information
  • Activity Access: View your complete activity history in your account dashboard

Data Retention

We retain your information for as long as your account is active or as needed to provide services. When you delete your account, we will delete your personal information within 30 days, except where we are required to retain certain information for legal compliance.

Analytics Data - Unlimited Retention

Legitimate Interest Justification (GDPR Article 6):

  • Core Business Promise: Unlimited analytics is a fundamental feature promised to all users - deleting historical data would breach this commitment
  • Long-term Business Intelligence: Historical scan data enables trend analysis, seasonal patterns, and strategic insights that require years of data
  • Fraud Prevention: Long-term patterns help detect abuse, security threats, and suspicious scanning behavior that only emerges over time
  • Service Improvement: Extended analytics help us identify and fix bugs, optimize performance, and enhance features based on real usage patterns
  • Legitimate Interest Balance: Analytics data is pseudonymized (scan data without personally identifiable information) - our business need for historical data is balanced against minimal privacy impact
  • User Control: You can delete all your analytics data by deleting your account or individual QR codes

Other Data Retention Periods

  • Account Data: Retained while account is active
  • Audit Logs: 3 years for compliance and security monitoring
  • User Activity Logs: 6 months for troubleshooting and support
  • Deleted QR Codes: 7 days in trash before permanent deletion
  • Marketing Consent: Retained until withdrawn or account deleted

Trial Expiration and Account Deletion

For trial accounts that expire without converting to a paid subscription:

  • Grace Period: 60 days after trial expiration before account deletion
  • Email Warnings: Deletion warnings sent at 7, 3, and 1 day before deletion
  • What Gets Deleted: All workspaces, QR codes, analytics data, custom domains, uploaded files, and team member access
  • Canceling Deletion: Subscribe to any paid plan before the deletion date to keep your account and all data
  • Team Members: Only workspace owners face deletion; team member accounts remain active

Cookies and Tracking

We use cookies and similar technologies to enhance your experience:

  • Essential cookies for platform functionality
  • Analytics cookies to understand usage patterns
  • Preference cookies to remember your settings

You can control cookie preferences through your browser settings.

International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data during such transfers.

Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

  • Email: privacy@elkqr.com
  • General Contact: hello@elkqr.com
  • Address: ElkQR Privacy Team
Chrome Get Extension