Privacy Notice

Effective: 2026

What we collect
  • Account data: email/username, tenant/workspace, role, MFA status.
  • QR data: target URLs, friendly names, share tokens.
  • Scan metadata: timestamp, user agent/device bucket, IP-derived geo (city/region/country), visitor_id cookie, and scan counts.
  • Operational telemetry: API/BFF request logs for diagnostics and security.
Cookies

We use cookies to provide and improve our service:

  • Essential cookies (required): These cookies are necessary for the website to function and cannot be disabled. They include:
    • qs_api_session / qs_web_session: Authentication and session management cookies that keep you logged in.
    • ARRAffinity: Load balancer cookie for maintaining session affinity (infrastructure).
  • Preference cookies (optional, require consent): These cookies remember your preferences to improve your experience:
    • qs_last_tenant: Remembers your last selected workspace/tenant (30 days).
    • qs_mfa_remember: Remembers your device to skip MFA verification for 30 days (only set if you opt in via the "Remember this device" checkbox during MFA).

You can choose to accept only essential cookies or accept all cookies. Preference cookies are only set if you provide consent. You can change your cookie preferences at any time by clearing your browser cookies and revisiting the site.

How we use data
  • Provide redirects and analytics for your QR codes.
  • Security (rate limiting, duplicate-scan filtering, MFA/login validation).
  • Audit logs for admin actions within your tenant.
Retention

Analytics and scan logs follow your plan's retention_days. Free tier defaults are set per environment (commonly 60–90 days) and may be purged after that period.

Third parties

Email delivery uses your configured provider (Graph/SendGrid/ACS). Geo lookups may use ipapi/azure maps depending on configuration.

Your controls
  • Admins can delete QR codes and users within their tenant.
  • Contact support to request data export or deletion of a workspace.
What happens when you delete a workspace
  • Access is disabled immediately; affected users are logged out.
  • We remove tenant records, users, QR codes, and scan data from primary storage.
  • Operational logs/backups may persist for up to 90 days and are purged on their normal schedule.