YYALQR
Get started

Legal

Privacy Policy

Last updated April 27, 2026

This policy describes the information YALQR collects, how we use it, and the choices you have. We collect only what is needed to deliver short links, QR campaigns, uploads, and analytics.

1. Information we collect

  • Account data. Name, email, hashed password, subdomain, and brand profile you choose at signup.
  • Link and QR data. Destinations, slugs, custom styling, uploads, and the QR assets you generate.
  • Visit telemetry. When someone scans or clicks a short link we record the time, country, referrer, and a coarse device label so you can review campaign performance.
  • Billing data. Stripe handles card details. We store the customer ID, plan, and subscription state needed to keep your account in sync.

2. How we use information

  • To operate short links, QR codes, uploads, and analytics.
  • To send transactional email such as receipts, password resets, and link health alerts.
  • To detect abuse, prevent fraud, and keep the service reliable.
  • To comply with legal obligations and respond to lawful requests.

We do not sell personal information.

3. Sharing

We use a small set of trusted providers, including Stripe for payments, Cloudflare for DNS and delivery, and an SMTP provider for email. Each receives only the data needed to perform its task. Self-hosted deployments use the storage, database, and email providers configured by the operator.

4. Retention

  • Free uploads are deleted automatically 48 hours after upload.
  • Paid uploads remain until you delete them or your subscription lapses.
  • Account data persists while your workspace is active. Closing it removes personal data after a short grace period required for billing reconciliation.

5. Your choices

You can update or delete your workspace data, export saved QR records, and revoke active sessions from the dashboard. To request account deletion or a copy of your data, email [email protected].

6. Cookies

YALQR uses a single secure session cookie to keep you signed in. We do not run third-party tracking or advertising cookies on the marketing pages.

7. Security

Passwords are hashed with bcrypt, sessions are signed and stored server-side, uploads are delivered over signed URLs, and stored credentials are encrypted at rest. Report suspected vulnerabilities to [email protected].

8. Contact

Questions about this policy can be sent to [email protected].