Legal

Privacy Policy

Effective date: April 24, 2026. Last updated: April 24, 2026.

1. Data We Collect

QR-Decoder.com is designed with privacy as a core principle. We do not collect, store, or transmit any images or QR code content that you process through our tool.

All QR code decoding is performed entirely within your web browser using JavaScript. Images you upload, camera feeds you use, or URLs you enter for decoding are processed locally on your device and never sent to our servers.

We collect the following limited categories of data:

  • Anonymous analytics. Aggregated page view counts, referrer domain, country at country level, browser and OS family. Collected through Google Analytics 4 with IP anonymization enabled.
  • Server logs. Standard web server request logs retained for 30 days for abuse prevention. These include IP address, user agent, and requested URL. They are not used for advertising or profiling.
  • Support correspondence. If you contact us, we retain the message and your email address for as long as needed to resolve the conversation.

2. How Your Data Is Processed

The QR decoding process works as follows: when you upload an image or use your camera, the browser's JavaScript engine processes the image data in-memory on your device. The decoded result is displayed directly in your browser. At no point during this process is any data transmitted to external servers by our application code.

The only exception is the Image URL input, where an image at a remote URL must be fetched. In this case, the image is fetched through a third-party CORS proxy service (api.allorigins.win). The image content itself passes through this proxy. Please be aware of this when using image URLs that contain sensitive content.

3. Local Storage

We use your browser's localStorage API to store:

  • Your theme preference (dark or light mode).
  • Your recent scan history (up to 20 entries, stored locally on your device only).
  • Your language preference (English or Spanish).

This data never leaves your device. You can clear it at any time using the Clear All button in the scan history panel, or by clearing your browser's site data in your browser settings.

4. Third-Party Services

We use the following third-party services. Each has its own privacy policy which we encourage you to read.

  • Google Fonts (fonts.googleapis.com). Loads web fonts. Google may log the request IP.
  • Google Analytics 4. Anonymous usage analytics with IP anonymization.
  • Google AdSense. Serves display advertising. See the Advertising section below for detail.
  • jsDelivr CDN (cdn.jsdelivr.net). Delivers the open-source JavaScript libraries that power the decoder (jsQR, qr-scanner).
  • AllOrigins Proxy (api.allorigins.win). Used only for the Image URL input feature to bypass browser CORS restrictions.

5. Advertising and AdSense

This site displays ads served by Google AdSense. Google and its advertising partners may use cookies to serve ads based on your prior visits to this site or other websites. Google's use of advertising cookies enables it and its partners to serve ads based on your visit to this and other sites on the internet.

You may opt out of personalized advertising by visiting Google Ads Settings. You can also opt out of third-party vendor use of cookies for personalized ads by visiting aboutads.info.

For users in the European Economic Area, the United Kingdom, and Switzerland, we use a consent management interface compliant with the IAB Transparency and Consent Framework to request your permission before any non-essential cookies are set.

Critically, advertising scripts do not have access to decoded QR code content. Decoding happens entirely in your browser before any data touches the page's tracked surface. The content of your scans is never visible to ad networks.

6. Cookies

We do not set tracking cookies for our own purposes. Theme and language preferences are stored in localStorage, not cookies.

Third-party services may set cookies as described above: Google Analytics sets _ga and _ga_* cookies for analytics, and Google AdSense sets cookies to serve ads. You can manage or block these through your browser settings without affecting the decoder's core functionality.

7. Data Retention

  • Server logs: 30 days, then automatically deleted.
  • Google Analytics data: 14 months (Google's default retention for analytics events).
  • Support correspondence: Retained for up to 12 months after the conversation is resolved, then deleted.
  • Your local scan history: Stored in your browser indefinitely until you clear it. We have no copy.

8. Your Rights (GDPR/CCPA)

If you are in the European Economic Area, the United Kingdom, Switzerland, California, or another jurisdiction with similar data protection laws, you have the following rights regarding any personal data we hold about you:

  • Right to access. Request a copy of any personal data we hold about you.
  • Right to rectification. Ask us to correct inaccurate or incomplete data.
  • Right to erasure. Ask us to delete your data, subject to limited legal exceptions.
  • Right to restrict processing. Ask us to stop or limit how we use your data.
  • Right to data portability. Receive your data in a structured, machine-readable format.
  • Right to object. Object to processing based on legitimate interests or direct marketing.
  • Right to lodge a complaint. Contact your local data protection authority if you believe we have violated your rights.

Because we do not collect personal data through the decoder itself, most requests relate only to support correspondence. To exercise any right, email us through the contact page using the subject Privacy / Data Request. We respond within 72 hours.

9. Children's Privacy

QR-Decoder.com is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information through our contact form, please email us and we will delete it promptly.

10. International Data Transfers

Because we rely on globally distributed services (Google, Cloudflare-hosted CDN assets, email infrastructure), your data may be transferred to and processed in countries outside your own, including the United States. These transfers are governed by each provider's own safeguards including, where applicable, Standard Contractual Clauses approved by the European Commission.

11. Changes to This Policy

We may update this policy from time to time to reflect changes in law, technology, or our services. The Effective Date at the top indicates when the current version took effect. Material changes will be flagged on the homepage for at least 30 days after the update.

12. Contact

For any privacy-related question or request, please use our contact form and select Privacy / Data Request as the subject. A team member responds within 72 hours.