Opinion

Why we don't sell your data, and never will.

Most QR tools track you. We hashed IPs from day one and use derived signals only. The privacy promise is in our subscription contract, not just on the website. Here's the technical and legal reasoning behind that.

Alex Rivers · Founder · QRBlissApr 26, 20265 min read

In 2025, the average QR-code scanning service installed 8 cookies on your customer's phone. Some installed 14. None of them named who they were sharing data with.

We hashed IPs from the day we shipped. We use derived signals only. We don't sell your data, and the promise to never sell it is in our subscription contract — not just on the website.

This post explains why, what we mean by "data," and why even Pro and Business customers can't opt-out of these protections (the protections are not the optional bit).

A hand holding a brass padlock Photo: cottonbro studio on Pexels

The technical setup

Every time someone scans a QR you've made, the resolver knows three things:

  1. The dynamic code's destination URL
  2. A hashed IP address (the IP, run through SHA-256 with a per-month salt, then truncated)
  3. A device class (mobile / desktop / tablet, derived from User-Agent without storing the UA)

It doesn't know:

  • The original IP address (we never store it)
  • The phone model
  • The exact location (we use country-level geo via Cloudflare, no precision finer than country)
  • The user's identity, whether they're signed in to anything, or anything they did before or after the scan

The hashed IP rotates every month. By the start of June, June scans cannot be cross-referenced with May scans. We don't have a "how many unique people scanned this QR" metric. We have "how many distinct hashed-IP+device combinations" — which is always more than the actual number because of carrier NAT, but it's the only honest answer.

What we don't do (and never will)

  • Track users across QRs. A user who scans QR A and then scans QR B, on the same phone, the same day — we cannot connect those two events. This is the most basic privacy guarantee, and most QR tools don't do it.
  • Sell user data. No third-party analytics partners. No "data enrichment" deals. No advertising partnerships. We don't have a data brokerage we sell to. We don't have anyone we'd sell to even if we wanted.
  • Build a user profile. We have analytics about your QRs. We don't have analytics about the people who scan them.

The subscription contract part

Most companies put their privacy promises in a Privacy Policy. Privacy Policies can be changed by the company at any time, with little legal notice. They're a marketing document with the legal weight of a press release.

We put our privacy commitments in the subscription agreement (the binding contract between you and us). Specifically, we contractually commit to:

  1. Never sell, license, or share your account data with third parties
  2. Maintain the IP-hashing protocol described above for the duration of the contract
  3. Provide 90 days written notice of any change to these protections
  4. Allow customers to terminate immediately and receive a full refund if these protections are weakened

These protections survive acquisition. If QRBliss is bought out by a larger company, the buyer either honors the existing subscription contracts or provides exit terms. We can't strip these protections from existing customers.

Why bother

Three reasons:

Trust is the hardest thing to rebuild. A single privacy scandal would end QRBliss. We'd rather take privacy seriously and never have to rebuild trust than try to recover from a data leak.

"The cheapest privacy is the privacy you never compromise."

It's better engineering. Building a system that doesn't store IPs is simpler than building one that stores them and then has to defend them. Less data to back up, less data to comply with GDPR/CCPA on, less surface area for breaches.

It matches the customers we want. Sarah at Maple Diner doesn't want to be sold to her customers' data brokers. Neither do most of our other customers. The customers we'd "lose" by not being a tracking platform are not the customers we're trying to keep.

What you should expect from us

If we ever change any of this, you'll get an email, a notice in the dashboard, and 90 days to terminate without penalty. If you have a question about how we handle data — email me directly: alex@qrbliss.com. I'll answer.

Postscript

A few people have asked me if this is a competitive disadvantage. Sort of. It means our analytics are slightly less detailed than competitors who store IPs. We can't do "this person also scanned X and Y" — because we don't know.

We think that's fine. The customers who want that level of tracking are using marketing platforms, not QR generators. We're a QR generator.

Start free.

15 dynamic codes. No credit card. No expiry.

Start free →