Privacy policy

This Privacy Notice for PDFQR (“Company,” “we,” “us,” or “our”) explains how we collect, use, store, and share (“process”) your personal information when you interact with our services, including when you visit our website, create an account, upload content, or access any QR code or document hosted through our platform. We are committed to protecting your privacy and ensuring transparency regarding how your information is handled.

1. What Information Do We Collect?

We collect personal information that you either provide directly or that is automatically collected when using our services.

Personal Information You Provide

  • Account Information: Name, email address, login credentials, and similar details required to create or manage your account.
  • Uploaded Files: PDFs and other documents you choose to upload and link through QR codes.
  • Customer Communications: Feedback, inquiries, and customer support messages.
  • Billing Information: Payment details processed via our secure third-party payment providers.

Information Automatically Collected

  • Usage Data: Device information, browser type, operating system, IP address, and activity logs.
  • QR Scan Data: Non-personally identifiable events such as scan counts, timestamps, device type, and location approximations where permitted.
  • Cookies & Tracking Technologies: Used to improve functionality, analytics, and user experience.

We do not collect more information than necessary to deliver and improve our services.

2. How Do We Use Your Information?

Your information is processed to operate PDFQR, enhance user experience, and comply with legal obligations.

  • To create, manage, and maintain your user account.
  • To enable you to upload, store, and share PDFs through QR codes.
  • To provide analytics such as scan counts, device usage, and performance insights.
  • To improve platform performance, security, and reliability.
  • To send service updates, notifications, or relevant communications.
  • To comply with legal, regulatory, or security obligations.
  • To prevent fraudulent or unauthorized activity.

We do not sell your personal information. All processing is done with legitimate business interests, contract performance, or legal requirements in mind.

3. When and With Whom Do We Share Personal Information?

We only share your information when necessary to operate the service or comply with the law. PDFQR may share information with:

  • Service Providers: Hosting partners, analytics tools, payment processors, and other vendors that help operate the platform.
  • Legal Authorities: When required to comply with legal obligations, court orders, or governmental requests.
  • Business Transfers: If PDFQR is involved in a merger, acquisition, or sale of assets, your data may be transferred securely as part of the transaction.

We do not share your personal information with advertisers or unrelated third parties. All third-party partners are required to maintain strict confidentiality and data protection standards.

4. Do We Use Cookies and Other Tracking Technologies?

Yes. PDFQR uses cookies, web beacons, pixels, and similar tracking technologies to enhance functionality, analyze usage patterns, and personalize your experience. Cookies help us understand how users navigate the platform, maintain sessions, and store certain preferences.

  • Essential Cookies: Required for core functionality such as login and account security.
  • Performance Cookies: Help us understand how users interact with the platform.
  • Analytics Cookies: Provide insight into feature usage, scan metrics, and device behavior.

You may disable cookies through your browser settings, but certain features may not function correctly without them. Additional information can be found in our Cookie Notice.

5. How Long Do We Keep Your Information?

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this privacy notice, unless a longer retention period is required or permitted by law. The duration depends on factors such as:

  • Whether your account is active or you continue to use our services.
  • Legal, tax, contractual, or compliance obligations.
  • The necessity of maintaining records to protect legal rights or resolve disputes.

When we no longer have a legitimate need to process your information, we will either delete or anonymize it. If deletion is not feasible, we will securely store your information and isolate it from further processing until deletion is possible.

6. How Do We Keep Your Information Safe?

We implement organizational, technical, and administrative safeguards designed to protect your information from unauthorized access, loss, or misuse. These measures include secure hosting environments, encryption where appropriate, restricted access to personal data, and routine security monitoring.

  • Data is stored on secure servers with controlled access.
  • Transmission of data may use encryption where appropriate.
  • Regular system monitoring and vulnerability assessments.
  • Strict access controls for employees and service providers.

While we take reasonable precautions, no storage system or data transmission method is completely secure. We encourage you to take steps to protect your account, such as using strong passwords and keeping your login credentials confidential.

7. Do We Collect Information from Minors?

PDFQR does not knowingly collect, solicit, or process personal information from individuals under the age of 18. Our services are intended for use by adults and businesses only. If we learn that personal information has been collected from a minor without parental consent, we will take immediate steps to delete the data and disable the associated account.

If you believe that a minor has provided us with personal information, please contact us at support@pdfqr.io so we can take appropriate action.

8. What Are Your Privacy Rights?

Depending on your location, you may have specific rights under applicable privacy laws. These rights allow you to understand, access, correct, delete, or restrict the processing of your personal information. PDFQR ensures that users can exercise their rights at any time by contacting us.

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Correction: Request that we correct inaccurate or incomplete information.
  • Right to Deletion: Request deletion of your personal information under certain conditions.
  • Right to Restrict Processing: Request limitations on how we use your information.
  • Right to Data Portability: Request a copy of your information in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or direct marketing.
  • Withdrawal of Consent: If processing is based on your consent, you may withdraw it at any time.

To exercise any of these rights, please email support@pdfqr.io. We will respond in accordance with applicable laws and within required time frames.

9. Controls for Do-Not-Track Features

Most web browsers and mobile operating systems include a Do-Not-Track (“DNT”) setting that you can enable to signal your preference for privacy. At this time, no universal technical standard has been established for recognizing or implementing DNT signals. As a result, PDFQR does not currently respond to these signals.

We will update this notice if future standards require us to do so.

10. Do California Residents Have Specific Privacy Rights?

If you are a California resident, you are granted specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). These laws give you greater control over your personal information and how businesses use and disclose it.

Your CCPA/CPRA Rights

  • Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You may request deletion of your personal information, subject to certain legal exceptions.
  • Right to Correct: You may request corrections to inaccurate personal information.
  • Right to Opt-Out: PDFQR does not sell or share personal information, but you may still request confirmation.
  • Right to Non-Discrimination: You will not be denied services or charged differently for exercising your CCPA rights.

California residents may also request a list of the third parties to which we have disclosed personal information for direct marketing purposes (if any) during the prior calendar year. To exercise your rights, contact us at support@pdfqr.io.

Information We Collect (CCPA Categories)

In the past twelve (12) months, PDFQR has collected the following categories of personal information:

  • Identifiers: Name, email address, IP address, account details.
  • Commercial Information: Records of purchases or service usage.
  • Internet Activity: Browsing behavior, device data, interaction logs.
  • Geolocation Data: Approximate location for analytics purposes.
  • Payment Information: Processed securely through third-party payment processors.

We do not collect sensitive personal information, and we do not sell personal data.

11. Do Virginia, Colorado, Connecticut, or Utah Residents Have Specific Rights?

Yes. Residents of Virginia, Colorado, Connecticut, and Utah have specific rights under their respective state privacy laws (VCDPA, CPA, CTDPA, UCPA). These rights are similar to those found in the CCPA and give you more control over how your personal information is processed.

Your State-Granted Privacy Rights

  • Right to Access: Request confirmation of whether we process your personal data and obtain a copy of that data.
  • Right to Delete: Request deletion of personal information you have provided or that we have collected.
  • Right to Correct: Request correction of inaccuracies in your personal information.
  • Right to Data Portability: Request an export of your information in a commonly used format.
  • Right to Opt-Out: Opt-out of targeted advertising or profiling. PDFQR does not sell personal information.

To exercise any of these rights, email us at support@pdfqr.io. We will respond within the legally required timeframe and may request additional information to verify your identity.

12. Do European (EEA, UK) Residents Have Specific Rights?

Yes. If you reside in the European Economic Area (EEA) or the United Kingdom (UK), you have specific rights under the General Data Protection Regulation (GDPR) and UK GDPR. These rights ensure transparency, fairness, and accountability in how your personal information is processed.

Your GDPR Rights

  • Right to Access: Request confirmation that we process your data and receive a copy of it.
  • Right to Rectification: Request corrections to inaccurate or incomplete information.
  • Right to Erasure (“Right to Be Forgotten”): Request deletion of your personal information in certain circumstances.
  • Right to Restrict Processing: Limit how your data is used while we evaluate your request or claim.
  • Right to Data Portability: Receive your personal information in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests, direct marketing, or profiling.
  • Right to Withdraw Consent: Withdraw your consent at any time when processing is based on consent.

Exercising your rights will not affect the lawfulness of processing carried out before your request. If you believe your data has been processed unlawfully, you have the right to file a complaint with your local data protection authority.

To submit a request under GDPR or UK GDPR, contact us at support@pdfqr.io.

13. International Data Transfers

PDFQR is operated from Canada, and your information may be transferred to, stored in, or processed in regions outside of your country of residence. These locations may have different data protection laws than your own. Regardless of where your information is processed, we take appropriate measures to ensure that your data is handled securely and in accordance with this Privacy Notice.

If personal information is transferred from the European Economic Area (EEA) or the United Kingdom (UK), we use legally approved mechanisms such as Standard Contractual Clauses (SCCs) or other appropriate safeguards.

14. Updates to This Privacy Notice

We may update this Privacy Notice from time to time to remain compliant with legal requirements or to reflect changes in how PDFQR operates. Updated versions will include a revised “Last Updated” date at the top of the page.

We encourage you to review this notice periodically to stay informed about how we protect your personal information. Continued use of the Services following any changes signifies acceptance of the updated terms.

15. How to Contact Us

If you have any questions, concerns, or requests regarding this Privacy Notice or the processing of your personal information, you may contact us at:

PDFQR
30 Baywood Road, Unit 8
Toronto, Ontario M9V 2Z8
Canada
Email: support@pdfqr.io

16. How You Can Review, Update, or Delete the Data We Collect

You have the right to request access to your personal information, update inaccuracies, or delete your data entirely, subject to applicable law. PDFQR provides mechanisms to help you manage your information, and you may contact us directly for any additional requests.

To make a request, please email support@pdfqr.io. We will respond within the timeframes required by law and may need to verify your identity before processing your request.

If you choose to delete your account, we will remove or anonymize your personal information unless retention is required by law, security obligations, or legitimate business purposes such as fraud prevention or recordkeeping.

Last updated: Dec 1st, 2025