Privacy & Data Protection

Your trust is our foundation. We handle your personal data with transparency, security, and respect.

Last Updated: March 15, 2025

1. Introduction

Welcome to QR.devshield.tech (operated by DevShield Tech). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our dynamic QR code generator and analytics services.

We are committed to protecting your personal data and respecting your privacy. This policy applies to all users, whether you are a free-tier user, subscriber, or visitor. Please read it carefully. By accessing or using our service, you acknowledge that you have read and understood this Privacy Policy.

📌 Our promise:

We will never sell your personal data. Your QR code scan data belongs to you – we act only as a processor on your behalf.

2. Data We Collect

We collect only the data necessary to provide and improve our service. Depending on your interaction, this includes:

2.1 Information you give us

Category Examples Purpose
Account data Name, email address, password (encrypted), company name Registration, authentication, billing
Billing data Payment method, billing address (processed via Stripe/PayPal – we never store full credit card numbers) Subscription management, invoicing
QR content Destination URLs, text, Wi-Fi credentials, vCard data you encode To generate and serve your dynamic QR codes
Customization Logo images, color schemes, frame design Branded QR codes

2.2 Information collected automatically

Category Examples Purpose
Usage data IP address, browser type, device, pages visited, referral source Analytics, security, performance
Scan data (for your QR codes) Timestamp, approximate location (city/country), device type, operating system, scanner app Provide you with analytics dashboard (anonymized per scan)
Cookies Session tokens, preferences, marketing pixels Login persistence, personalization

We do not collect special categories of personal data (race, religion, health, etc.)

3. How We Use Your Data

We use your information for the following legitimate business purposes:

  • To provide the service – generate QR codes, display analytics, process payments, authenticate users.
  • To improve and optimize – analyze usage patterns, fix bugs, enhance UI/UX.
  • To communicate – send service updates, invoices, security alerts; with your consent, marketing offers (you may opt out).
  • To prevent fraud & abuse – monitor for suspicious activity, enforce terms of service.
  • Legal compliance – fulfill record-keeping obligations under tax/commercial laws.

Legal basis (GDPR): We process your data based on contract performance (for our services), legitimate interest (analytics, security), and consent (marketing cookies).

4. Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your experience. Here's a breakdown:

Cookie type Purpose Duration
Essential (session)Authentication, security, load balancingSession / 1 year
PreferenceLanguage, dark mode, dashboard layout1 year
Analytics (Google Analytics, self-hosted)Visitor statistics, campaign performanceUp to 2 years
Marketing (optional)Retargeting, Facebook Pixel, LinkedIn insights90 days

You can control cookie preferences via your browser settings or our cookie consent tool (available on first visit). Declining non-essential cookies will not affect core functionality.

See our full Cookie Policy for detailed list.

5. Data Sharing & Third Parties

We only share your data with trusted subprocessors who help us operate the service. All processors are contractually bound to strict confidentiality and data protection clauses.

  • Payment processors: Stripe, PayPal – your payment details go directly to them (PCI DSS compliant).
  • Cloud infrastructure: Amazon Web Services (AWS) – Frankfurt region, GDPR compliant.
  • Email delivery: SendGrid – transactional emails (invoices, password reset).
  • Analytics: Plausible (privacy-friendly, no cookies) + Google Analytics (anonymized IP).
  • Support: Zendesk – for ticket management (if you contact support).

We never sell, rent, or trade your personal information to third parties for their marketing purposes.

If required by law (court order, subpoena), we may disclose data – we will notify you unless prohibited.

6. Data Retention & Security

Retention periods

  • Account data: Kept until you delete your account. After deletion, anonymized backups retained for 30 days then purged.
  • QR scan analytics: Retained for 24 months to provide historical insights. Aggregated statistics may be kept longer.
  • Billing records: 7 years (legal requirement).

Security measures

We implement industry-standard safeguards: end-to-end encryption (TLS 1.3), hashed passwords (bcrypt), regular penetration testing, and access controls. Our infrastructure is ISO 27001 certified via AWS.

While we strive to protect your data, no online transmission is 100% secure – we encourage you to use strong passwords and enable 2FA.

7. Your Privacy Rights (GDPR / CCPA / etc.)

Depending on your jurisdiction, you have the following rights:

  • Right to access – request a copy of your personal data.
  • Right to rectification – correct inaccurate data.
  • Right to deletion ("right to be forgotten") – delete your account and associated data.
  • Right to restriction – limit processing in certain cases.
  • Right to data portability – export your data in JSON/CSV.
  • Right to object – opt-out of marketing, profiling.
  • Right to opt-out of sale (CCPA) – we do not sell data, but if we did, you'd have this right.

To exercise your rights, visit your Account Settings or email privacy@devshield.tech. We respond within 30 days.

8. QR Code Scan Data – Your Ownership

You own your scan data.

When someone scans your dynamic QR code, we collect technical scan information (time, location, device) to display in your dashboard. This data is processed on your behalf. We do not use your customers’ scan data for any purpose other than providing your analytics. We never enrich or sell this data.

Scanned data is pseudonymized; we do not track individual identities unless you explicitly add PII in the QR content (e.g., a form). You are responsible for ensuring your QR campaigns comply with applicable privacy laws.

9. Children’s Privacy

Our service is not directed to individuals under the age of 16 (or 13, depending on local law). We do not knowingly collect personal information from children. If you become aware that a child has provided us with data, please contact us – we will delete it.

10. Changes to This Privacy Policy

We may update this policy to reflect changes in our practices or legal obligations. If we make material changes, we will notify you via email (if you have an account) or a prominent website notice. The "Last Updated" date at the top of this page will always show the latest revision.

We encourage you to review this page periodically.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer:

DevShield Tech – Privacy Team

privacy@devshield.tech

101 Innovation Drive, Suite 300, San Francisco, CA 94105, USA

Response time: within 2 business days

For EU/UK residents, you may also lodge a complaint with your local supervisory authority.

© 2025 DevShield Tech – QR.devshield.tech. All rights reserved. Your privacy, our priority.