Privacy Policy

Last updated 2 June 2026

This policy explains what we collect, why, and the choices you have. We aim to collect the minimum needed to run Scanoki (the "Service").

1. What we collect

• Account data: email and authentication identifiers when you sign in.
• Design data: the QR designs, destinations, and assets you create.
• Billing data: handled by our payment processor (Stripe); we store only subscription status and identifiers, never full card numbers.
• Scan analytics: for dynamic QR codes we record coarse, aggregated scan events (time, approximate geography, device class). Free static codes are encoded directly and never pass through our servers, so they are not tracked.

2. How we use it

To provide and secure the Service, render and resolve your codes, produce the analytics you subscribe to, process payments, and communicate about your account.

3. Analytics and tracking

Scan capture is privacy-conscious: we derive approximate location from IP at the edge and do not store full IP addresses or build cross-site profiles of the people who scan your codes. Aggregated data is retained per your plan's retention window.

4. Sharing

We do not sell your data. We share it only with processors that run the Service (hosting, payments, email) under contract, and where required by law.

5. Your rights

You can access, export, correct, or delete your data, and close your account at any time. Depending on your region you may have additional rights under GDPR or CCPA; contact us to exercise them.

6. Security and retention

Data is encrypted in transit, secrets are stored in a managed secrets service, and we retain personal data only as long as needed to provide the Service or meet legal obligations.

7. Contact

Privacy questions and data requests: [email protected].

This page is a starting template and should be reviewed by legal counsel before launch.