StudioDemoSolutionsPricingBlog
ScanSign inTry Pro freeTry Pro
Privacy

Privacy policy

Last updated · 2026-06-23

Summary

QRA stores the minimum data we need to run dynamic QR codes for you: your account email, the destinations you set, and anonymised scan analytics. We never sell personal data. Visitor IPs are hashed before they're written to disk; we keep no plain-text scan IPs.

What we collect

  • Account data: email, hashed password (or Google OAuth identifier), display name, optional avatar.
  • Workspace content: QR codes, destinations, folders, tags, custom-domain records, team invites, branding assets.
  • Scan analytics: timestamp, country, device type, OS, browser, hashed IP. No personal identifiers.
  • Billing data: handled by our PCI-compliant payment provider (we never see full card numbers). We store the billing email and the tokenised reference our provider returns to charge renewals.

Your rights

  • Access & export: download all your data anytime from Settings → Privacy & data.
  • Deletion: delete your workspace from Settings, or email privacy@qra.cc for a full erasure request.
  • Correction: edit your profile + workspace details directly in the dashboard.

Data retention & deletion

We keep data only as long as we need it, per the KSA PDPL storage-limitation principle (Art. 11). When a subscription lapses we PAUSE your codes — we don't delete them — and they reactivate instantly when you resubscribe. Our schedule:

  • Payment grace: after a failed renewal we keep your codes live and retry for 7 days (14 for annual / agency) before pausing.
  • Uploaded media (PDF, image, audio, video): kept ~30 days after a workspace pauses, then deleted; you may need to re-upload on reactivation. Your QR design, short link, destination, and analytics are kept much longer.
  • Scan analytics: raw scan rows (hashed IP, geo, device) are rolled up into anonymous daily totals and pruned at ~90 days.
  • Account & lead data (PII): if a workspace stays inactive for 12 months we send advance warnings, then permanently erase personal data — analytics, captured leads and feedback, and account info.
  • Tax invoices: kept 6 years as required by Saudi VAT / ZATCA law, even after erasure.
  • Your scannable codes never break: even after data is erased, a printed code resolves to a neutral “no longer active” page — never a dead 404.

We pass deletions on to our processors (Supabase, Cloudflare, Resend, and our payment provider). To request earlier erasure, email privacy@qra.cc.

Marketing communications

If you have a QRA account, we may occasionally email you about your own account — including reminders to reactivate QR codes you have paused — and the occasional product update. These are sent on the basis of our existing relationship with you.

You can opt out of these promotional emails at any time — use the unsubscribe link in any such email, or the “Marketing emails” toggle in your account settings. Opting out never affects essential service messages (payment receipts, and trial or subscription notices), which we must send to operate your account.

Contact

Privacy questions, GDPR / KSA PDPL data requests: privacy@qra.cc.

Security disclosures: security@qra.cc.

Stop reprinting your stickers. Start learning.

A short monthly note — product updates, customer stories, MENA QR research. No filler. Unsubscribe in one click.

Dynamic QR codes that ship like brand assets — Arabic-first, mada-supported, used worldwide.

العربية

Product

  • Studio
  • Free generator
  • QR scanner
  • Analytics
  • Pricing
  • What’s new

Resources

  • Blog
  • Help center
  • API reference
  • Demo
  • Solutions

Company

  • About
  • Careers
  • Contact

Legal

  • Privacy
  • Terms
  • Refunds
  • Cookies
  • DPA
© 2026 QRA · hello@qra.ccQR Code is a registered trademark of DENSO WAVE INCORPORATED.