Privacy Policy
Last updated: July 17, 2026
This policy describes how ForeverQR (operated by Scott Mackay, sole proprietor in British Columbia, Canada) collects, uses, and shares personal information. We comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, BC's Personal Information Protection Act (PIPA).
1. What we collect
- Account: email address, display name, and (for email/password sign-in) a hashed password managed by our auth provider.
- Payments: Stripe handles card details directly. We store the Stripe checkout/session ID, amount, and which pack you bought.
- Your QR codes: the content you encode, styling settings, and (for Pro) the destination URL.
- Scans of Pro codes: a SHA-256 hash of the scanner's IP (not the raw IP), coarse device/OS/browser information, and approximate country/city derived from the request. We use this to give you scan analytics.
- Uploaded images: when you upload a picture for a Picture QR, the file is processed entirely in your browser and never uploaded to our servers.
2. Why we use it
- To operate the Service — save your codes, resolve Pro redirects, show your library.
- To bill you and issue receipts.
- To provide analytics on scans of your own Pro codes.
- To detect abuse and enforce our Terms.
- To answer support requests.
3. Legal bases
We process your information to perform the contract created when you sign up, to comply with legal obligations, and for our legitimate interest in keeping the Service secure. You can withdraw consent by closing your account (see below).
4. Who we share it with
- Supabase — our database and authentication provider.
- Stripe — payment processing.
- Cloudflare — hosting and DDoS protection.
- Google — only if you choose "Sign in with Google".
We do not sell your personal information and do not share it for third-party advertising.
5. International transfers
Some of the processors above may store or process data outside Canada (typically in the United States or the EU). We rely on contractual and technical safeguards provided by these vendors.
6. Retention
- Static codes: kept while your account is active.
- Pro codes: retained after account deletion so printed materials keep working (see Section 7). Your email is hashed on deletion so you can reclaim your codes by signing up again with the same address.
- Scan logs: retained for up to 24 months.
- Payment records: retained for at least 7 years to meet tax and accounting requirements.
7. Account deletion & the ForeverQR promise
You can delete your account from your dashboard. When you do, your Pro codes stay active — that's the whole point of ForeverQR. We keep only what we need to resolve those redirects and to let you reclaim them later with the same email.
8. Your rights
Under PIPEDA (and PIPA in BC) you can request access to, correction of, or deletion of your personal information, and file a complaint with the Office of the Privacy Commissioner of Canada. To exercise any of these rights, email Visionarydevpro@gmail.com. We will respond within 30 days.
9. Security
We use row-level security so account data is only accessible to you. Passwords are hashed by our auth provider. IP addresses are hashed before they are written to the scans log. Uploads are size- and type-restricted (SVG is rejected) and processed in your browser. No system is perfectly secure — if we become aware of a breach that materially affects you, we will notify you as required by law.
10. Cookies and analytics
We use a small number of first-party cookies and local storage keys required to keep you signed in and to remember your theme preference. We do not currently run any third-party analytics, advertising, or cross-site tracking cookies. If we ever add analytics in the future, we will update this policy and, where applicable, add a notice or consent prompt before enabling it.
11. Children
ForeverQR is not directed at children under 16. Do not create an account if you are under 16.
12. Changes
We may update this policy from time to time. The "Last updated" date above reflects the latest revision.
13. Contact
Privacy questions and requests: Visionarydevpro@gmail.com.
