QRflex
Testovací provoz — všechny funkce jsou dočasně dostupné zdarma v plném rozsahu.
Legal

Privacy Policy

Last updated: March 13, 2026

Your privacy is important to us. This policy describes what personal data we collect, how we use it, who we share it with, how long we retain it, and what rights you have under the GDPR.

Data Controller

The controller of your personal data is the operator of QRflex.io. For questions about data processing, contact us at info@qrflex.io.

Data We Process

When using QRflex, we process the following categories of personal data:

Account Data

  • Email address and name during registration
  • Information about created QR codes and their settings

QR Code Scan Data

  • Anonymized visitor identifiers (one-way hashes with daily/hourly salt)
  • Approximate geolocation data (country, city, region) derived from IP address
  • Technical data about browser and device (user agent, device type)

Analytics Data (GA4)

With your explicit consent, we use Google Analytics 4 to collect anonymized analytics data about website visits:

  • Page views and navigation behavior on the website
  • Interactions with page elements (button clicks, scrolling)
  • Technical data about browser, device, and approximate location

Purpose of Processing

We process your data for the following purposes:

  • Providing and operating the QRflex service
  • Displaying statistics about your QR code scans
  • Communicating with you about your account
  • Improving the service based on anonymized analytics (only with consent)

Legal Basis for Processing

We process your data based on the following legal grounds:

  • Performance of a contract (Art. 6(1)(b) GDPR) — for providing the service and account management
  • Consent (Art. 6(1)(a) GDPR) — for analytical cookies (Google Analytics 4). You can withdraw your consent at any time through cookie settings.
  • Legitimate interest (Art. 6(1)(f) GDPR) — for ensuring the security and stability of the service

IP Address Anonymization

Raw IP addresses are never stored in the database. They exist only temporarily in server memory during request processing (milliseconds). For statistical purposes, we create one-way hashes with time-limited salt, from which the IP address cannot be reverse-engineered.

We derive approximate geolocation (country, city, region) from the IP address, which is stored instead of the IP address itself. This geolocation data has an accuracy of approximately 5–50 km and does not allow identification of specific individuals.

Data Security

We protect your data using modern security measures including encryption in transit (TLS) and at rest.

Access to personal data is restricted to authorized personnel only. We regularly perform security audits and updates.

Data Sharing with Third Parties

We may share your data with the following categories of recipients:

  • Google LLC (Google Analytics 4) — anonymized analytics data about website visits, only with your consent. Google processes data in accordance with its privacy policy.
  • Hosting provider — technically necessary for service operation, processes data based on a data processing agreement.

We do not sell or share your personal data with third parties for marketing purposes.

Data Retention Periods

We retain your data only for as long as necessary to fulfill the purpose of processing:

  • Account data — for the duration of the account and 30 days after deletion
  • Scan statistics — for the duration of the respective QR code's existence
  • Analytics data (GA4) — 14 months (configured in Google Analytics)
  • Server logs — maximum 90 days, then automatically deleted

Cookies

We use essential cookies for service functionality and, with your consent, analytical cookies (Google Analytics 4). Detailed information about cookies used can be found in our Cookie Policy.

Your Rights (GDPR Art. 15–21)

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • Right of access (Art. 15) — you have the right to obtain confirmation as to whether your data is being processed and access to that data
  • Right to rectification (Art. 16) — you have the right to rectify inaccurate personal data
  • Right to erasure (Art. 17) — you have the right to request deletion of your personal data
  • Right to restriction of processing (Art. 18) — you have the right to request restriction of processing of your data
  • Right to data portability (Art. 20) — you have the right to receive your data in a structured, machine-readable format
  • Right to object (Art. 21) — you have the right to object to processing based on legitimate interest

If you believe we are processing your data in violation of GDPR, you have the right to lodge a complaint with the supervisory authority.

Contact

If you have questions about privacy or wish to exercise your rights, contact us at: info@qrflex.io

Related Documents