Privacy Policy

Effective date: 2026. Last updated: 2026.

1. Introduction

Quantum SmartQR (“we,” “us,” or “our”) operates the Quantum SmartQR platform and related services (the “Service”). This Privacy Policy describes how we collect, use, disclose, and protect information when you use our Service. By accessing or using the Service, you acknowledge that you have read and understood this policy.

2. Information We Collect

We collect information necessary to provide, secure, and improve the Service.

  • Account and profile data: Email address, username, tenant or workspace association, role, and multi-factor authentication (MFA) status.
  • QR code and redirect data: Target URLs, friendly names, share tokens, and related configuration you create or manage.
  • Scan and analytics metadata: Timestamp of scans, user agent and device category, IP-derived geographic data (city, region, country), a visitor identifier cookie, scan counts, and referrer domain (hostname or “direct” only—we do not store full referrer URLs) for analytics.
  • Operational and security data: API and application request logs used for diagnostics, security monitoring, and abuse prevention.
  • Download-only QR usage: Aggregate usage of the download-only QR tool (e.g., generation and download counts). No scan or redirect data is collected for QR codes generated through this tool.

3. How We Use Your Information

We use the information we collect to:

  • Provide redirects, analytics, and management features for your QR codes.
  • Secure the Service (e.g., rate limiting, duplicate-scan filtering, authentication and MFA validation).
  • Maintain audit logs of administrative actions within your tenant or workspace.
  • Operate, troubleshoot, and improve the Service and our infrastructure.

4. Cookies and Similar Technologies

We use cookies and similar technologies to operate and improve the Service.

  • Strictly necessary cookies: Required for the website to function and cannot be disabled. They include:
    • qs_api_session / qs_web_session: Authentication and session management so you can remain signed in.
    • ARRAffinity: Load balancer cookie for session affinity (infrastructure).
  • Preference cookies (optional, consent-based): Used only with your consent to improve your experience:
    • qs_last_tenant: Remembers your last selected workspace or tenant (up to 30 days).
    • qs_mfa_remember: Remembers your device to skip MFA verification for up to 30 days when you opt in via “Remember this device” during MFA.

You may accept only strictly necessary cookies or accept all cookies. Preference cookies are set only after you give consent. You can change your choices at any time by adjusting your browser cookies and revisiting the site, or via our Cookie Preferences page where available.

5. Data Retention

Analytics and scan-related data are retained according to your plan’s retention_days setting. On free-tier plans, retention is set per environment (commonly 60–90 days); data may be purged after that period. We do not retain scan or analytics data longer than necessary for the purposes described in this policy.

6. Third-Party Services

We may use third-party services to operate the Service. Email delivery may use your configured provider (e.g., Microsoft Graph, SendGrid, or Azure Communication Services). Geographic lookups for analytics may use services such as ipapi or Azure Maps, depending on configuration. These providers process data in accordance with their own privacy policies and our agreements with them.

7. Data Security

We implement technical and organizational measures designed to protect your information against unauthorized access, alteration, disclosure, or destruction. These include secure transmission (e.g., TLS), access controls, and secure storage practices. No method of transmission or storage is completely secure; we encourage you to safeguard your account credentials and API tokens.

8. Your Rights and Choices

  • Workspace or tenant administrators can delete QR codes and manage users within their tenant.
  • You may contact us to request access to, correction of, or deletion of your personal data, or to request export or deletion of a workspace. We will respond in accordance with applicable law.
  • Where required by law (e.g., in certain jurisdictions), you may have additional rights such as data portability, restriction of processing, or the right to object to processing. To exercise these rights, please contact us using the details below.

9. Workspace or Tenant Deletion

When a workspace (tenant) is deleted:

  • Access to that workspace is disabled immediately, and affected users are logged out.
  • We remove tenant records, associated users, QR codes, and scan data from our primary storage.
  • Operational logs and backups may persist for up to 90 days and are then purged according to our normal retention schedule.

10. International Data Transfers

Your information may be processed in the countries where we or our service providers operate. Where we transfer data across borders, we take steps to ensure that such transfers comply with applicable law and that your data remains protected.

11. Children’s Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have collected such information, please contact us and we will take steps to delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and update the “Last updated” date. Material changes may also be communicated via the Service or by email where appropriate. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised policy.

13. Contact Us

For privacy-related questions, requests, or complaints, please contact us at privacy@quantumtoolset.com. For general support, use the in-app Contact Support option or your designated support channel.