FreeQR ("we," "us," or "our") operates the website freeqr.com and the FreeQR platform (collectively, the "Service"). This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have.
We believe privacy policies should be readable, not just legal. If anything here is unclear, contact us at [email protected].
1. Who We Are
FreeQR is a dynamic QR code platform that lets you create QR codes, build landing pages, and track scan analytics.
Data Controller: FreeQR Singapore Email: [email protected]
For the purposes of this policy, we distinguish between two types of people who interact with our Service:
- Account Holders -- people who create a FreeQR account and use the platform to create QR codes and landing pages.
- End Users -- people who scan a QR code created through FreeQR or visit a FreeQR-hosted landing page.
2. What Data We Collect
2.1. Data We Collect from Account Holders
Account Information
| Data | Purpose | Legal Basis (GDPR) |
|---|---|---|
| Email address | Account creation, login (OTP), communications | Contract performance |
| Password (if set) | Account authentication (optional, users may use OTP instead) | Contract performance |
| Name (if provided) | Account personalization | Contract performance |
| Account preferences and settings | Service delivery | Contract performance |
Billing Information (Paid Plans Only)
| Data | Purpose | Legal Basis (GDPR) |
|---|---|---|
| Payment method details | Process subscription payments | Contract performance |
| Billing address | Invoicing, tax compliance | Contract performance, Legal obligation |
| Transaction history | Billing records, dispute resolution | Legal obligation |
We do not store your full credit card number. Payment processing is handled by our authorized payment provider, who may act as the Merchant of Record. See your payment confirmation email for details on which provider processed your transaction and a link to their privacy policy.
Content You Create
| Data | Purpose | Legal Basis (GDPR) |
|---|---|---|
| QR code configurations | Service delivery | Contract performance |
| Landing page content (text, images, videos, audio, files) | Hosting and displaying your landing pages | Contract performance |
| Custom URLs and labels | Organization and management | Contract performance |
Usage Data
| Data | Purpose | Legal Basis (GDPR) |
|---|---|---|
| Login timestamps | Security, account protection | Legitimate interests |
| Feature usage patterns (aggregated) | Product improvement | Legitimate interests |
| Support interactions | Customer service | Contract performance |
2.2. Data We Collect from End Users (QR Code Scanners)
When someone scans a QR code created through FreeQR or visits a FreeQR-hosted landing page, we collect:
| Data | Purpose | Legal Basis (GDPR) |
|---|---|---|
| IP address | Approximate location, security | Legitimate interests |
| Approximate location (country, city -- derived from IP) | Scan analytics for Account Holders | Legitimate interests |
| Support interactions | Customer service | Contract performance |
| Date and time of scan | Scan analytics | Legitimate interests |
| Device type and operating system | Scan analytics | Legitimate interests |
| Browser type and version | Scan analytics, compatibility | Legitimate interests |
| Referrer URL | Scan analytics (how users found the QR code) | Legitimate interests |
| Landing page interactions (clicks, form submissions, file downloads) | Analytics for Account Holders | Legitimate interests |
What we do NOT collect from End Users:
- We do not collect names, email addresses, or other identifying information unless an End User voluntarily submits it through a form on an Account Holder's landing page.
- We do not use GPS or precise geolocation. Location data is approximate, derived from IP address only.
- We do not build individual profiles of End Users across different QR codes.
2.3. Guest Accounts
You can create QR codes without signing up. If you later create an account and claim your guest-created QR codes, we associate that content with your new account.
2.4. Data We Collect Automatically (Cookies and Similar Technologies)
See Section 7 (Cookies) for full details.
3. How We Use Your Data
We use personal data for the following purposes:
Service Delivery
- Creating and hosting your QR codes and landing pages
- Processing payments for paid plans
- Providing scan analytics to Account Holders
- Sending transactional emails (account verification, password resets, billing receipts)
Service Improvement
- Analyzing aggregated usage patterns to improve the product
- Identifying and fixing technical issues
- Understanding which features are most useful
Security and Fraud Prevention
- Detecting and preventing unauthorized access
- Monitoring for abusive use of the platform
- Protecting the integrity of QR codes and landing pages
Legal Compliance
- Maintaining records required by tax and financial regulations
- Responding to lawful government requests
- Enforcing our Terms of Service and Acceptable Use Policy
Marketing (Account Holders Only, With Consent)
- Sending product updates and tips (you can unsubscribe at any time)
- We never send marketing emails without your consent
4. Legal Bases for Processing (GDPR)
If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on the following legal bases:
| Legal Basis | Processing Activities |
|---|---|
| Contract Performance | Account creation, QR code generation, landing page hosting, billing, customer support |
| Legitimate Interests | Security and fraud prevention, product improvement (aggregated analytics), system logging, scan analytics for End Users |
| Legal Obligation | Tax record retention, responding to lawful requests, data breach notification |
| Consent | Marketing emails, non-essential cookies, advertising on free-tier landing pages |
For processing based on legitimate interests, we have conducted balancing tests to ensure our interests do not override your rights. You can request details of these assessments by contacting [email protected].
5. Who We Share Data With
We do not sell your personal data. We share data only with the following categories of recipients, and only as necessary:
Service Providers
| Provider | Purpose | Data Shared |
|---|---|---|
| Payment Providers | Payment processing | Billing details, transaction data |
| Cloud Hosting Provider | Infrastructure and data storage | All platform data (encrypted) |
| Zendesk | Customer support | Contact details, support ticket content |
| Analytics Provider | Product usage analytics | Aggregated usage data |
| Advertising Partners | Ads on free-tier landing pages | Cookie identifiers, device info (with consent) |
Each service provider is bound by a Data Processing Agreement (DPA) that limits how they can use your data.
Other Disclosures
We may share data in the following limited circumstances:
- Legal requirements: When required by law, court order, or government request.
- Safety: To protect the rights, safety, or property of FreeQR, our users, or the public.
- Business transfers: If FreeQR is acquired or merged, your data may transfer to the new entity. We will notify you before this happens.
- With your consent: When you explicitly ask us to share data with a third party.
6. Advertising on Free Plan Landing Pages
Landing pages created on the Free plan display advertisements. These ads help fund the free tier so we can offer a genuinely usable free product.
How ads work:
- Advertising partners may use cookies and similar technologies to serve relevant ads.
- These partners may collect device identifiers, IP addresses, and browsing data from End Users visiting free-tier landing pages.
- Ad cookies are only loaded after consent is obtained (where required by law).
Your options:
- Account Holders: Upgrade to a paid plan to remove all ads from your landing pages.
- End Users: You can manage cookie preferences through our cookie consent banner, or opt out via the "Do Not Sell or Share My Personal Information" link.
7. Cookies and Tracking Technologies
We use cookies and similar technologies on freeqr.com and FreeQR-hosted landing pages.
Cookie Categories
Essential Cookies (No Consent Required): These are necessary for the Service to function.
- Session authentication
- Security tokens (CSRF protection)
- Cookie consent preferences
- Load balancing
Analytics Cookies (Consent Required): These help us understand how the Service is used.
- Page view tracking
- Feature usage measurement
- Performance monitoring
Advertising Cookies (Consent Required): These are used on free-tier landing pages to display ads.
- Ad targeting and measurement
- Frequency capping
- Conversion tracking
Managing Cookies
- When you first visit our site, a cookie consent banner lets you accept or reject non-essential cookies. Accept and reject options are given equal prominence.
- You can change your preferences at any time through the cookie settings link in the footer.
- We honor Global Privacy Control (GPC) signals as a valid opt-out.
- You can also manage cookies through your browser settings.
8. Data Retention
We keep your data only as long as necessary for the purposes described in this policy.
| Data Type | Retention Period |
|---|---|
| Active account data | Duration of your account |
| Inactive accounts | 24 months after last login, with email notification before deletion |
| Scan analytics (raw logs) | 90 days |
| Scan analytics (aggregated) | Duration of your account (anonymized data is not personal data) |
| Billing and tax records | 7 years after the transaction (legal requirement) |
| Support tickets | 2 years after resolution |
| Security and system logs | 90 days |
| Content from deleted accounts | Removed within 30 days of account deletion |
| Backups containing deleted data | Purged within 90 days of deletion |
When you delete your account, we remove your personal data from our live systems within 30 days. Some data may persist in encrypted backups for up to 90 days before being purged.
9. Your Rights
9.1. Rights for Everyone
Regardless of where you live, you can:
- Access your data through your account dashboard or by contacting us.
- Update your account information at any time through your account settings.
- Delete your account and associated data.
- Unsubscribe from marketing emails using the link in any email.
- Manage cookies through the cookie settings link on our site.
9.2. Additional Rights Under GDPR (EEA, UK, Switzerland)
If you are in the EEA, UK, or Switzerland, you also have the right to:
- Rectification: Correct inaccurate personal data.
- Erasure: Request deletion of your data (subject to legal obligations).
- Restriction: Limit how we process your data while a dispute is resolved.
- Data Portability: Receive your data in a structured, machine-readable format.
- Object: Object to processing based on legitimate interests (including direct marketing, which we will always honor).
- Withdraw Consent: Withdraw consent at any time for processing based on consent.
- Lodge a Complaint: File a complaint with your local data protection authority.
Response time: We respond to all requests within 30 days. If we need more time (up to 90 days total), we will let you know and explain why.
9.3. Additional Rights Under CCPA/CPRA (California Residents)
If you are a California resident, you have the right to:
- Know: Request the categories and specific pieces of personal information we have collected about you.
- Delete: Request deletion of your personal information.
- Correct: Request correction of inaccurate personal information.
- Opt Out: Opt out of the "sale" or "sharing" of your personal information. Use the "Do Not Sell or Share My Personal Information" link on our website.
- Non-Discrimination: We will not discriminate against you for exercising your rights.
Categories of personal information collected in the last 12 months:
| Category | Examples | Collected | Sold | Shared |
|---|---|---|---|---|
| Identifiers | Email, name, IP address | Yes | No | No |
| Commercial information | Transaction history, plan details | Yes | No | No |
| Internet or other electronic network activity information | Scan analytics, landing page interactions | Yes | No | Yes* |
| Geolocation data | Approximate location from IP | Yes | No | No |
| Professional information | Company name (if provided) | Yes | No | No |
*Advertising cookies on free-tier landing pages may constitute "sharing" under CCPA. You can opt out at any time.
How to exercise your rights:
- Email: [email protected]
- Through your account settings
- Using the "Do Not Sell or Share My Personal Information" link
We verify your identity before processing requests. We respond within 45 days (extendable to 90 days with notice). You may make these requests twice per 12-month period at no charge.
10. International Data Transfers
FreeQR operates globally. Your data may be transferred to and processed in countries outside your own, including the United States.
Transfer safeguards:
- EU-U.S. Data Privacy Framework: Where applicable, we rely on service providers certified under the EU-U.S. Data Privacy Framework.
- Standard Contractual Clauses (SCCs): For transfers to countries without an adequacy decision, we use the European Commission's Standard Contractual Clauses.
- UK International Data Transfer Addendum: For transfers from the UK, we use the UK IDTA alongside SCCs.
You can request a copy of the transfer safeguards we use by contacting [email protected].
11. Data Security
We take reasonable technical and organizational measures to protect your data:
- Encryption in transit (TLS/HTTPS) and at rest
- Access controls and authentication for internal systems
- Regular security reviews
- Secure payment processing through PCI DSS compliant payment providers.
- Monitoring for unauthorized access
No system is 100% secure. If we discover a data breach that poses a risk to your rights, we will notify you and the relevant authorities as required by law.
12. Children's Privacy
FreeQR is not directed at children under 13 years of age (or under 16 in certain jurisdictions). We do not knowingly collect personal data from children.
If you are a parent or guardian and believe your child has provided us with personal data, contact us at [email protected]. We will delete the data promptly.
If we discover we have collected data from a child under the applicable age threshold, we will delete it as soon as possible.
13. Data Processing for Account Holders' End Users
When Account Holders create landing pages and collect data from End Users (for example, through forms), FreeQR acts as a data processor on behalf of the Account Holder (who acts as the data controller).
This means:
- Account Holders are responsible for how they collect and use data from their End Users.
- Account Holders must comply with applicable privacy laws when collecting data through FreeQR landing pages.
- We process End User data submitted through landing page forms only as instructed by the Account Holder.
- A Data Processing Agreement (DPA) is available for Account Holders who need one. Contact [email protected] to request it.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we do:
- We will update the "Last Updated" date at the top of this page.
- For material changes, we will notify Account Holders by email at least 30 days before the changes take effect.
- Continued use of the Service after changes take effect constitutes acceptance of the updated policy.
15. Contact Us
If you have questions about this Privacy Policy or want to exercise your rights:
- Email: [email protected]
- Address: 6 Woodlands Square, Singapore 737737
For GDPR-related inquiries, you may also contact your local data protection authority. A list of EEA authorities is available at edpb.europa.eu.
This privacy policy was last reviewed on February 15, 2026.