Privacy policy

Last updated: May 5, 2026

This Privacy Policy explains how Rqrcode collects, uses, protects and retains personal data when you visit the website, create an account, generate QR codes, manage short links, publish restaurant menus, use analytics, contact support or subscribe to a paid plan.

It should be read together with the Terms and Conditions and the Cookie Policy. We aim to process only the data that is useful for operating, securing, improving and billing the service.

1. Data controller

The data controller for the Rqrcode service is Aubin MIENANZAMBI, 17 rue Patras, 77120 Coulommiers, France. You can contact us through the contact page or at [email protected] for privacy-related requests.

2. Categories of data processed

Depending on how you use the platform, we may process account data, contact details, billing information, subscription status, authentication data, security logs, device and browser data, IP address, usage events, support messages, uploaded files, QR code settings, short link settings, restaurant menu content and public page content.

We do not store full payment card numbers or banking credentials. Payments are handled by external providers such as Stripe or PayPal.

3. Sources of data

Most data is provided directly by you when you create an account, complete a form, upload content, configure a QR code, pay for a plan or contact support. Some technical data is generated automatically when you use the platform. If you sign in through a third-party identity provider, we receive the information necessary to authenticate your account.

4. Purposes of processing

• Create and secure user accounts.
• Generate, customize, store and deliver QR codes, short links, public pages and restaurant menus.
• Provide analytics, scan statistics, click statistics and campaign reporting.
• Process subscriptions, payments, invoices, renewals and customer support.
• Prevent fraud, abuse, spam, unauthorized access and security incidents.
• Send transactional emails, account alerts, confirmations and service notifications.
• Improve reliability, performance, accessibility, legal compliance and product quality.

5. Legal bases

Processing may be based on contract performance, legitimate interest, legal obligations or consent depending on the purpose. For example, account and billing data is processed to provide the service, security logs are processed to protect the platform, invoices may be retained to meet legal obligations, and non-essential cookies or marketing pixels rely on consent where required.

6. QR codes, short links and public content

Content that you publish through QR codes, short links, biolinks, restaurant menus or public pages may become publicly accessible depending on your settings. You must avoid publishing personal data, confidential information or third-party content unless you have the right to do so.

Dynamic QR codes and short links may generate technical analytics such as date, country, approximate location, referrer, device family, browser, operating system and event counts. These statistics are intended to measure campaign performance and platform activity.

7. Cookies and similar technologies

We use strictly necessary cookies for security, session management, authentication, load balancing and service operation. Non-essential categories, such as preferences, analytics or marketing, remain disabled until you make a positive choice where consent is required.

You can change your choices through the cookie preferences manager. If your browser sends a Global Privacy Control signal, we treat it as a refusal of non-essential sharing or marketing uses where applicable.

8. Recipients and processors

Personal data may be shared with service providers only when necessary to operate the platform: hosting, database, payment, email delivery, security, analytics, support, storage, monitoring and authentication providers.

These providers act under their own obligations or as processors, depending on the service. We do not sell personal data.

9. International transfers

Some providers may process data outside your country or outside the European Economic Area. Where required, transfers are framed by appropriate safeguards such as adequacy decisions, contractual clauses or provider compliance mechanisms.

10. Retention periods

We retain personal data only for as long as necessary for the purposes described above. Account data is generally retained while the account is active. Billing and invoice data may be retained for legal and accounting obligations. Security logs may be retained for a limited period necessary to detect abuse and investigate incidents.

When you delete your account, active account content is deleted or anonymized where possible, except data that must be retained for legal, accounting, fraud prevention, dispute management or security reasons.

11. Security measures

We apply technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, loss or destruction. These measures include access controls, encrypted connections, password hashing, monitoring, backups, security headers and administrative restrictions where appropriate.

No online service can guarantee absolute security. You are responsible for using a strong password, protecting your devices and keeping your account access confidential.

12. Your rights

Depending on applicable law, you may request access, correction, deletion, restriction, portability or objection to certain processing. You may also withdraw consent where processing is based on consent.

To exercise your rights, contact us with enough information to identify your account and request. We may need to verify your identity before acting on the request.

13. Children

Rqrcode is not intended for children under the age required by applicable law to create an online account or enter into a service contract. If we learn that a child has provided personal data without appropriate authorization, we will take appropriate action.

14. Automated decisions

We may use automated security checks to detect suspicious activity, spam, fraud, abuse or technical anomalies. These checks can lead to temporary restrictions, quarantine, verification requests or manual review.

15. Changes to this policy

We may update this Privacy Policy to reflect changes in the law, the platform, security practices, providers or processing activities. The current version is published on this page with its update date.