Privacy Policy
Effective date: June 19, 2026
KeepQR is built to do one job well while collecting as little about you as possible. You don't create an account, you don't set a password, and you pay once. This page explains what we collect, why, who we work with, and how to remove your data.
What we collect, and why
- Your destination URL — the address your QR code points to. We need it to make the code redirect, and you can change it later.
- A payment reference — a record that a payment was made and which option you chose. We never see or store your card number; our payment provider handles that.
- An approximate scan count — a rough tally of how many times your code has been scanned. We do not record who scanned it.
- An optional recovery email — only if you choose to add one. It lets you recover your management link and receive your receipt and reminders.
We do not keep a log of individual scans, and we do not store the IP addresses of people who scan your code. Where a record of an edit keeps an address, it is stored only as a one-way hash, never in the clear.
Your optional recovery email
If you add a recovery email, we protect it two ways: it is encrypted at rest so it can't be read straight out of our database, and we keep a separate one-way hash so we can look it up without storing it in readable form. We use it only for transactional messages — your receipt, an expiry reminder, and recovering your link. We never send marketing email.
Threat scanning
Before your code goes live, and whenever you change a destination, we check the destination address against known-threat databases to keep malicious links off the service. To do this we send only the destination URL to the scanning providers listed below.
Service providers we share data with
We never sell your data and never share it for marketing, advertising, analytics, profiling, or AI training. We share data only with the providers needed to run the service, and only the minimum each one needs.
| Provider | What they handle | Why |
|---|---|---|
| Cloudflare | Hosts the application and stores your data; all traffic passes through it | Run and serve KeepQR |
| Cloudflare URL Scanner | Your destination URL only | Check the link against known threats |
| Google Web Risk | Your destination URL only | A second, corroborating threat check |
| Polar (our payment provider and merchant of record) | Your payment details and the email you give at checkout — we never see your card number | Take payment, handle tax, and send your receipt |
| Resend | Your recovery email and your management link | Send transactional email (receipt, reminder, recovery) |
We don't use tracking pixels, third-party fonts, third-party analytics, or social-media widgets on any KeepQR page. The only first-party exception is the bot check on our create and recover forms.
How long we keep it
We keep your data only while your code is active. After a code expires or is turned off, it and its recovery email are removed within 60 days. A short destination-edit history is removed when the code is removed, or after 12 months, whichever comes first.
We never sell your data
Your destination URLs, recovery email, payment reference, and scan counts are never sold to anyone, for any purpose, and are never shared for marketing, advertising, analytics, profiling, or AI training. The single narrow exception — a wind-down record that contains destinations only — is described below.
If KeepQR ever winds down
There is one deliberate, narrow exception to "never shared," and we'd rather you read it here than discover it later: if KeepQR ever winds down for good, we publish a signed public record mapping each active no-expiry code to its destination address, on long-term archival hosting, so printed codes can still be looked up for the funded continuity horizon. That record contains destinations only — never your recovery email, payment details, edit history, or scan counts. In the first 30 days of the wind-down notice period you can remove your code from your management page (after that, codes are frozen for an accurate hand-over), and a removed code is not included in the record.
Your rights — access and deletion
Because there's no account, your management link is your key. From it you can view your code's data, change it, and erase it yourself at any time. If you only gave us a recovery email, use the Recover page to get your management link back, then exercise your rights from there.
Contact
Questions about privacy? Email support@keep-qr.com.