Privacy Policy
This policy applies to Abundera QR Pro (the paid service at pro.qr.abundera.ai). For the free Abundera QR tool at qr.abundera.ai, see qr.abundera.ai/privacy/.
How Abundera QR handles data: near-zero on the free tool; minimal and explicit on Pro.
1. Summary
Two products, two different data pictures.
- Free Tool (qr.abundera.ai): no account, no cookies, no analytics, no requests to our servers for QR generation. Your content never leaves your browser.
- Pro Service (pro.qr.abundera.ai): account-based. We store your email, Stripe customer ID, the QR codes you create, and the minimal scan records described in Section 4. We do not track your end users across the web; we do not sell your data; we do not use ad tech.
2. Data we process on the Pro Service
2.1 Account data
When you sign in via abundera.ai, we receive your email address and a user identifier via our JWKS-delegated auth flow. We store:
- Email address (to send billing notices, critical service messages, and cancellation confirmations)
- Stripe customer ID (to bill the payment method you provide)
- Account preferences (plan tier, team memberships, API-key metadata)
- Timestamps (account created, updated, delete requested)
We do not store passwords; authentication is delegated to abundera.ai. We do not collect demographics, marketing preferences, or device identifiers beyond what is already described here.
2.2 Your codes and URLs
When you create a dynamic QR code, we store the destination URL, an optional label you set, optional tags, the 7-character shortcode, and the code's lifecycle status. This is what makes dynamic QR resolution possible.
2.3 Payment data
Payments are processed by Stripe, Inc. We do not store card numbers, CVC, or bank-account numbers. Stripe returns a reference (the customer ID and subscription ID) which we store so we can reconcile renewals and invoices. Your payment-method details stay with Stripe.
3. Scan analytics (what we record when someone scans one of your codes)
This is where most commercial QR vendors collect a rich behavior profile. We do the opposite.
What we record per scan:
- The UTC calendar date (day-level bucket)
- The country derived from Cloudflare's
CF-IPCountryrequest header - The device class (mobile / tablet / desktop / unknown) classified from a short User-Agent regex
- The code's shortcode (so we can attribute the scan to the right code)
For Team and Agency tiers, we additionally record the UTC hour-of-day bucket for up to 7 days back. Day-bucketed records are retained per plan (see Section 7).
What we do not record: IP address, precise geolocation (no city or latitude/longitude), referrer URL, raw User-Agent string, sub-hour timestamp, cookie or session identifier for the scanner, or anything else. After device-class classification, the User-Agent string is discarded; it is never written to our database.
Countries with fewer than five scans in the analytics window you select are rolled up as "Other" so individual scanners cannot be re-identified from a small sample.
4. Cookies and tracking
Free Tool: no cookies, no tracking, no fingerprinting.
Pro Service: a single strictly-necessary cookie, __Secure-abundera_session, carries the signed session token required to keep you logged in. It is HttpOnly, Secure, and SameSite=Strict. We do not use marketing cookies, advertising cookies, or cross-site trackers. No Google Analytics, Meta Pixel, or similar.
5. Sub-processors we use
Operating the service requires a few third parties. The current list:
| Sub-processor | Purpose | Data accessed | Jurisdiction |
|---|---|---|---|
| Cloudflare, Inc. | Compute, edge caching, database (D1), key-value store (KV), DNS | All Pro Service data; scan headers at the edge | US with global edge |
| Stripe, Inc. | Payment processing and billing | Email, payment details, subscription records | US |
| Zoho Corporation / ZeptoMail | Transactional email (welcome, cancellation, payment failure) | Email address, email body | US / India |
A current, dated sub-processor list is maintained at abundera.ai/legal/subprocessors/. We will update that page before adding a new sub-processor and give subscribers at least thirty (30) days to object where required by applicable law.
6. How long we keep your data
Account data: retained while your account is active. When you request account deletion, the account enters a 30-day hold, then all personal data is purged from production systems.
Dynamic QR codes: retained while the associated subscription is active, through any grace period, and through the 30-day account-deletion hold. After that, the codes and their shortcodes are deleted.
Scan records: retained per plan: 365 days on Solo, 730 days on Business, 1,095 days on Team and Agency, 30 days on Keep-Alive. Beyond that window, older scan records are purged on a rolling basis by our daily cron.
Payment and tax records: Stripe transaction records and tax records are retained for at least seven (7) years as required by US tax law; EU VAT jurisdictions may require additional retention. This data cannot be deleted on request during that period.
Security logs: structured application logs (no PII beyond what the handler explicitly writes, such as Stripe-webhook user-IDs) are retained by Cloudflare for up to 30 days.
7. Legal basis for processing (GDPR / EEA users)
Where the GDPR applies, we rely on the following legal bases:
- Contract performance — for account creation, subscription billing, code resolution, and technical support. This covers essentially all Pro Service processing.
- Legitimate interests — for security monitoring, fraud prevention, and the scan-analytics you as our customer use to understand campaign performance, which is minimal by design. Our assessment is that the impact on scanners is minimal because no scanner-identifying data is retained.
- Legal obligation — for retention of payment and tax records as described in Section 7.
- Consent — only where we explicitly request it (e.g., future optional opt-in communications). We do not currently rely on consent for any mandatory processing.
8. Your rights
Subject to applicable law and the retention carve-outs in Section 7, you have the following rights:
- Access: download a ZIP of your account data (codes, scans, README) at any time from Account → Privacy → Export, or by emailing support@abundera.ai.
- Rectification: update account data through your account page or by contacting support.
- Deletion: request account deletion from Account → Privacy → Delete. 30-day hold, then hard-delete.
- Portability: the Export ZIP is machine-readable CSV plus a README.
- Object / restrict processing: contact support@abundera.ai. We will honor valid requests and confirm in writing.
- Withdraw consent: where processing is based on consent, you may withdraw at any time without affecting processing done before withdrawal.
- Lodge a complaint: EEA users may complain to their local supervisory authority. UK users: the ICO. Other jurisdictions: the equivalent authority.
Response time: we acknowledge within 5 business days and fulfill within 30 days of acknowledgment, as required by GDPR Article 12. Complex requests may extend to 90 days with notice. California (CCPA), Colorado (CPA), Virginia (VCDPA), and other US state privacy rights are honored on the same 30-day timeline.
9. "Do not sell or share my personal information"
We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. We do not use or disclose sensitive personal information for purposes other than providing the service. Because we do not engage in these practices, no opt-out is required — however, California residents who want a written confirmation may request one at support@abundera.ai.
10. Children
The Pro Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe we have, contact support@abundera.ai and we will delete it.
11. International transfers
We are US-based. Personal data collected from EEA, UK, or Swiss residents is transferred to the US. We rely on the EU Standard Contractual Clauses (SCCs) for these transfers with our sub-processors (Cloudflare, Stripe, Zoho/ZeptoMail). The current sub-processor list at abundera.ai/legal/subprocessors/ documents the transfer mechanism for each.
12. Security
We use industry-standard controls: TLS 1.3 in transit, encrypted storage at rest (Cloudflare D1, KV), scoped API keys, rate limiting, CSRF protection (SameSite=Strict cookies + origin checks), and structured access logging. We do not claim the service is unbreakable. If you suspect a security issue, report it to security@abundera.ai.
13. Breach notification
If we become aware of a personal-data breach affecting your account, we will notify you without undue delay and in any event within seventy-two (72) hours of becoming aware, as required by GDPR Article 33 for our role as data controller. Notifications include: nature of the breach, categories and approximate number of affected records, likely consequences, and measures taken or proposed.
14. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be notified by email to the address on file for Pro subscribers and by posting a prominent notice on this page. The effective date at the top of this page reflects the current version. Historical versions are available at the changelog.
15. Contact
Privacy questions, data-subject requests, or concerns: privacy@abundera.ai (dedicated) or support@abundera.ai.
Abundera, Inc., 200 W Sahara Ave, Unit 3301, Las Vegas, NV 89102, USA.