Privacy Policy

QR Forge ("we", "our", or "the app") is a free QR code generator and scanner application. This Privacy Policy explains our data practices across all platforms where QR Forge is available: web browser, iOS app, and Android app.

We built QR Forge with a privacy-by-design philosophy. The entire architecture is stateless on the server side — QR codes are generated in memory and returned to you instantly, without ever being stored on our servers.

Short version: We don't know who you are. We don't track you. We don't sell your data. We genuinely collect nothing that could identify you personally.

QR Forge requests camera access solely for the purpose of scanning QR codes. The camera permission is only activated when you explicitly press the "Start Camera" button on the Scan page.

• ✓ The camera feed is processed entirely on your device using the html5-qrcode library.
• ✓ No video is recorded, captured as still images (other than the decoded QR content), or transmitted anywhere.
• ✓ Camera access stops immediately when you navigate away from the Scan page or press "Stop Camera".
• ✓ You can revoke camera permission at any time through your device or browser settings.

Note: Camera access is required by Apple App Store and Google Play Store policies to be disclosed in this Privacy Policy, which is why it is explicitly described here.

QR Forge stores your QR code history locally on your device using browser localStorage (web) or equivalent app storage (iOS/Android). This data never leaves your device and is never transmitted to our servers.

The locally stored data includes: QR type, content, style settings, creation date, and a small thumbnail image of the QR code. Up to 50 history items are stored, using approximately 2–3 MB of local storage.

You can delete your local history at any time from within the app by using the "Clear All" button on the History page.

When you generate a QR code, your browser sends the content and style options to our server. The server generates the QR image in memory and returns it to your browser immediately. The content is not logged, not stored, and not retained in any database.

Our server infrastructure is stateless by design — it holds no persistent data about users or their QR codes between requests.

Standard web server access logs (containing IP addresses and request timestamps) may be retained for up to 7 days for security and abuse prevention purposes, after which they are automatically deleted.

QR Forge loads the following external resources. These are CDN-delivered assets; the providers may receive standard access log data (your IP address) when your browser fetches them:

• → Google Fonts — Outfit, DM Serif Display, Space Mono, Noto Sans Thai fonts. Google Privacy Policy ↗
• → jsDelivr CDN — DaisyUI CSS and HTMX JavaScript libraries. jsDelivr Privacy Policy ↗
• → Tailwind CSS CDN — CSS framework. Tailwind Privacy Policy ↗
• → html5-qrcode — QR scanner library (loaded locally, no external calls made by the library).

We do not use any analytics services (Google Analytics, Mixpanel, etc.), advertising networks, crash reporting services, or social media tracking pixels.

QR Forge does not knowingly collect personal information from children under 13 years of age (or the applicable age of digital consent in your jurisdiction). Since we collect no personal information from any user, this applies equally to all age groups.

The app contains no age-restricted content. It is safe for use by users of all ages. Parents and guardians should note that locally stored history is stored on the shared device.

Because QR Forge does not collect personal data, most data subject rights (access, erasure, portability, correction) are automatically satisfied — there is simply no personal data about you for us to process, return, or delete.

For any locally stored data (your QR history): you have full and exclusive control. You can view, export, or permanently delete it at any time from within the app. We cannot access this data on your behalf.

If you are located in the European Economic Area, Thailand, California, or another jurisdiction with privacy regulations, you can contact us with any questions. As we process no personal data, there is nothing to restrict or object to.

If you have any questions, concerns, or feedback regarding this Privacy Policy or QR Forge's data practices, please reach out:

We aim to respond to all privacy-related inquiries within 5 business days.

We reserve the right to update this Privacy Policy at any time. Material changes will be communicated via an in-app notice. Continued use of QR Forge after changes constitutes acceptance of the updated policy.