Privacy Policy

1. Introduction

Simple QR Creator is operated by Marcucio LLC ("we," "our," or "us"), a Connecticut limited liability company. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service at simpleqrcreator.com.

By using Simple QR Creator, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Free Users

We collect NO data from free users. QR codes are generated entirely on your device (client-side). We do not track, store, or have access to:

• QR codes you create
• URLs or content you encode
• Download or usage statistics
• Any personal information

2.2 Premium Users (Account Holders)

When you create an account and subscribe, we collect:

Account Information:

• Email address
• Display name (optional)
• Authentication credentials (securely managed by Firebase)
• Subscription status and billing information (processed by Stripe)

QR Code Data (Premium Only):

• QR code metadata (colors, logos, patterns)
• Destination URLs
• Creation timestamps
• Custom labels and organization

Scan Analytics Data (Premium Only):

When someone scans one of your premium QR codes, our redirect service records:

• Scan timestamp
• Approximate geographic location (country, region, city) derived from the IP address using a local IP-to-location database (no third-party geo lookup)
• Device type, operating system, and browser, parsed from the user-agent string
• The full user-agent string
• A truncated SHA-256 hash of the visitor's IP address (salted with a server-side secret). The raw IP address is not stored. The hash is used solely to count unique scans per QR code

We do not store the raw IP address, referrer URL, geolocation from the browser, or any cookies set on the visitor's device during a scan redirect. Traffic from automated bots and link-preview crawlers is detected by user-agent and discarded before any scan is recorded.

3. How We Use Your Information

We use collected information to:

• Provide and maintain our service
• Process your subscription and payments
• Store and manage your QR codes (Premium users)
• Provide analytics and insights (Premium users)
• Send service-related emails (account notifications, billing)
• Respond to customer support requests
• Detect and prevent fraud or abuse
• Comply with legal obligations

4. Data Storage and Security

We implement appropriate technical and organizational security measures to protect your personal information:

• All data is encrypted in transit using HTTPS/TLS
• Authentication handled by Firebase Authentication; we never see or store your password
• Payment information is processed by Stripe (PCI-DSS Level 1 compliant). We do not receive or store your full card number
• Visitor IP addresses are hashed before storage and the raw IP is never persisted
• Access to production data is limited to authorized personnel of Marcucio LLC

Account data, QR metadata, and scan analytics are stored in Google Firestore on Google Cloud servers in the United States.

5. Third-Party Services

We use the following third-party services:

Firebase (Google):

• Authentication and user management
• Database storage (Firestore)
• Cloud Functions for backend logic
• Firebase Privacy Policy

Stripe:

• Payment processing and subscription management
• We do not store credit card information
• Stripe Privacy Policy

Google Analytics:

• We use Google Analytics 4 to understand aggregate usage of our website (page views, traffic sources, browser/device mix). This applies to our marketing pages and the signed-in dashboard at simpleqrcreator.com — it is not used to track scans of your QR codes
• Google Analytics may set cookies and process your IP address. You can opt out using a browser-level Do Not Track or content-blocker extension
• Google Privacy Policy

6. Your Rights (GDPR Compliance)

Under the General Data Protection Regulation (GDPR) and similar laws, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a machine-readable format
• Restriction: Request limited processing of your data
• Object: Object to certain types of processing
• Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us through marcucio.com. We will respond within 30 days. If you are an EU/EEA resident and we cannot resolve your concern, you may also lodge a complaint with your local data protection authority.

7. Data Retention

We retain your data as follows:

• Free Users: No data stored
• Active Premium Users: Data retained while subscription is active
• Cancelled Subscriptions: Data retained for 30 days after cancellation
• Deleted Accounts: All data permanently deleted immediately
• Analytics Data: Aggregated analytics retained for 2 years
• Legal Compliance: Data may be retained longer if required by law

8. Cookies

We use essential cookies for:

• Authentication and session management
• Security and fraud prevention
• Remembering your preferences

You can control cookies through your browser settings. Disabling essential cookies may affect service functionality.

9. Children's Privacy

Our service is not directed to individuals under 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in the United States. By using our service, you consent to this transfer. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For significant changes, we will notify you via email or prominent notice on our service.

12. Contact Information

For questions about this Privacy Policy or to exercise your rights, contact us through our parent site:

13. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete personal information, the right to opt-out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising privacy rights.