Data Processing Agreement

This agreement describes how EUQR (the "processor") handles personal data on behalf of customers (the "controller") when they use dynamic codes, short links, and analytics. It forms part of our Terms of service.

Subject matter & duration

We process personal data only to provide the service, for as long as your account is active. On account deletion the data is removed within 30 days (see "Deletion" below).

Nature & purpose of processing

Generating and resolving QR codes and short links, producing aggregated scan analytics, sending transactional email, and processing payments.

Categories of data & data subjects

• Account users: name, email, organisation.
• Visitors who scan codes or click links: a privacy-preserving daily hash derived from IP and user agent (never the raw IP), coarse country/city, and device type.

Sub-processors

We engage the sub-processors listed on our sub-processors page and will give notice of material changes.

Security measures

• EU-only hosting (Amsterdam) with encryption in transit.
• No raw IP storage; visitor identifiers are SHA-256 hashes salted with a key that rotates and is discarded daily.
• Role-limited access and audited deployments.

Data subject rights & assistance

We help controllers respond to access, rectification, portability, and erasure requests. Account owners can export their data and delete their account directly from the dashboard.

Deletion

When you delete your account we immediately disable your codes and links and permanently purge all associated personal data within 30 days.

Contact

For a counter-signed DPA or processing questions, reach us via our imprint.