Privacy Policy

Last updated: March 18, 2026

At ReviewQR, we respect your privacy. This policy explains what data we collect, how we use it, and your rights.

1. Information We Collect

From QR code generators (all users):

  • Email address (for authentication and QR code delivery)
  • Business name and Google Place ID
  • QR customization preferences (colors)

From account holders:

  • Email address (for authentication and communications)
  • Business details (name, location, industry, Google rating)
  • Subscription and billing data (processed by Stripe)

From QR code scans (via redirect URL):

  • Timestamp
  • Device type (mobile/desktop)
  • User agent (truncated to 512 characters)
  • Country and city (derived from IP address; the IP itself is not stored)

We do not collect names, email addresses, or any personally identifiable information from people who scan QR codes. Scanners are redirected to the Google review page via our tracking URL (reviewqr.app/r/[shortId]).

Website analytics:

We use PostHog (EU-hosted) to collect anonymized usage data about how visitors interact with the website. This includes page views, button clicks, and feature usage. PostHog data is used to improve the Service and is not shared with third parties.

2. How We Use Your Information

  • Generate and deliver QR codes via email
  • Create and manage your account
  • Provide scan tracking and analytics (Pro accounts)
  • Process subscription payments via Stripe
  • Send transactional emails (magic links, QR code delivery, receipts) via Resend
  • Send marketing drip campaign emails about tips and features (you can unsubscribe anytime) via Resend
  • Track product usage via PostHog to improve the service
  • Improve the service and fix issues

3. Third-Party Services

We use the following third-party services:

  • Stripe — payment processing. Stripe handles all credit card data; we never see or store card numbers.
  • Resend — email delivery (QR codes, magic links, receipts, and marketing drip campaigns).
  • Turso — database hosting (EU-based). Stores your account data, QR codes, and scan records.
  • PostHog — product analytics (EU-hosted). Collects anonymized usage data to help us improve the service.
  • Google Places API — business search and review data.
  • Vercel — application hosting.

4. Data Storage & Location

Your data is stored primarily in the European Union. Our database (Turso) and analytics platform (PostHog) are both EU-hosted. Payment data is processed by Stripe, which operates globally with strong data protection practices. Email delivery is handled by Resend. Application hosting is provided by Vercel.

5. Data Sharing

We do not sell, trade, or rent your personal information. We share data only with the service providers listed above (to operate the platform) and with legal authorities when required by law.

6. Data Retention

  • Account data is retained while your account is active, and deleted within 30 days of account deletion.
  • QR scan data is retained for as long as your account exists.
  • Email addresses provided during QR generation are used to create accounts and are retained for service communications. You may request deletion at any time.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Delete your account and all associated data (via dashboard settings or by contacting us)
  • Unsubscribe from marketing emails at any time
  • Lodge a complaint with a data protection authority

8. Cookies & Tracking

We use essential cookies for authentication (session tokens via Auth.js) and analytics cookies (PostHog, EU-hosted) to understand how people use the service. PostHog collects anonymized interaction data such as page views and feature usage. You can control cookie preferences through your browser settings.

9. Account Creation

When you create an account and generate a QR code, your 7-day free trial of Pro analytics begins. You can sign in anytime using a magic link sent to your email. If you do not wish to have an account, you can delete it from the dashboard settings page or contact us at support@reviewqr.app.

10. Children

The Service is not intended for users under 18. We do not knowingly collect data from children.

11. Changes

We may update this policy. Changes will be posted here with an updated date. Continued use of the Service after changes constitutes acceptance.

12. Contact

Questions about privacy? Contact us at support@reviewqr.app