[ legal ]

Privacy Policy

Last updated: July 5, 2026

This policy describes what QR Code Surveys collects, why, and what control you have over it. It covers two kinds of people: account holders (you create surveys) and respondents (you answer one).

What we collect from account holders

  • Your email address and a salted hash of your password (never the password itself).
  • Your workspace name, team members, and their roles.
  • The surveys you build, including branding assets you upload.
  • Billing events from Stripe. Card details go directly to Stripe; we never see or store card numbers.
  • Operational logs (errors, security events) kept for debugging and abuse prevention.

What we collect from respondents

  • The answers submitted to a survey, including any files a survey asks for.
  • A one-way hash of the submitting IP address and the browser's user-agent string, used for abuse prevention and duplicate detection. We store the hash, not the raw address.
  • No advertising identifiers, no cross-site tracking, no analytics cookies. Responding to a survey sets no cookies at all.

Responses are collected on behalf of the workspace that published the survey. That workspace controls what is asked and how answers are used; we process and store the answers for them. If you want a response corrected or removed, the fastest path is the person or organization that shared the survey; you can also contact us.

Cookies

Signed-in account holders get one session cookie so the app knows who you are, plus short-lived cookies for form security and one-time messages. There are no third-party or advertising cookies anywhere on the service.

Where data lives

Survey definitions and responses are stored in our database; uploaded files, QR images, and aged response archives are stored in S3-compatible object storage. Payments are processed by Stripe, and transactional email (password resets, notifications) is delivered through our email provider. These providers process data only to provide their service to us.

Retention and deletion

Your data is kept for as long as your account exists. Responses older than about a year may move to cold storage, which changes nothing about how you see or export them. Deleting your account from Settings immediately and irreversibly removes your login, surveys, responses, uploaded files, archives, and Stripe customer record. Team members can likewise delete their own login at any time.

Your rights

You can export your account's data as JSON from Settings at any time, change your email and password yourself, and delete everything without asking us. If you are in a jurisdiction with statutory data rights (such as the GDPR or CCPA) and need something the product does not self-serve, email us and we will handle it.

Security

Passwords are stored as salted hashes, security tokens (password reset, email verification, invites) are stored hashed and expire, sessions are invalidated when a password changes, and access to production systems is restricted. No internet service can promise perfect security; if we learn of a breach affecting your data we will notify you without undue delay.

Children

The service is not directed to children under 13 and we do not knowingly collect their data as account holders. Survey creators are responsible for the audiences they survey.

Changes to this policy

We may update this policy; the date above reflects the latest revision. Material changes will be announced to account holders by email or an in-product notice.

Contact

Email support@qrcodesurveys.com. We read everything.