Skip to main content

Privacy Policy

Last updated: June 6, 2026

MAC QR Generator ("we", "us") is operated by MAC Internet Services. This policy explains what data we collect, why, how long we keep it, and the controls you have.

1. What we collect

  • Account data: first name, last name, email, hashed password.
  • QR code content you create: URLs, PDF uploads, vCard ("Me Card") details (name, address, phone, date of birth, email), and any logos or color customisations.
  • Scan analytics (paid plans only): every scan of a tracked QR records the IP address, browser user-agent, country (derived from IP), and the referring page if any. IP addresses are automatically truncated after 30 days.
  • Billing data (paid plans only): we use Stripe for payments. We store Stripe's customer ID and the last four digits of your card; we do not store the full card number.

2. Why we collect it

  • To run the service: account, QR codes, file uploads.
  • To show you analytics (Pro/Unlimited plans): scan events power the dashboard charts.
  • To bill you (paid plans only).
  • To send transactional email: verification links, password-reset links, password-changed notifications, generated QR code attachments.

We do not sell your data, run ads, or share it with marketing partners.

3. How long we keep it

  • Account + QR data: until you delete it. Deleting your account wipes all of it.
  • Scan IP addresses: truncated (last octet zeroed) automatically after 30 days, then retained only in aggregate.
  • Email logs: 90 days, then purged.
  • Stripe records: as long as legally required for tax / accounting purposes.

4. Who we share it with

  • Stripe — payment processing (paid plans only).
  • SiteGround — server + database hosting.
  • ip-api.com — IP→country lookup for scan analytics (IPs sent batched, no other data).
  • Law enforcement when legally required.

5. Your rights

You can:

  • Export everything we have on you at /account/export (signed in).
  • Delete your account from the Account page — this wipes your profile, QRs, uploads, and scan history.
  • Make a vCard ("Me Card") private — when private, the public scan endpoint returns only the card title, not the full contact details.
  • Reset embed links on any QR code's preview page, which immediately invalidates previous shares.
  • Disable scan tracking on a per-QR basis (paid plans).

6. Security

Passwords are stored as bcrypt hashes. Session cookies are marked secure, httponly, and samesite=lax. PDF uploads are stored outside the web root and are only retrievable via a 32-character random share token. We send an email notification on every password change so unauthorised changes are visible.

7. Cookies

We set one session cookie and an XSRF-token cookie. Neither is used for tracking across other sites. We do not use third-party analytics on this site.

8. Contact

Privacy questions, deletion requests, or anything you can't accomplish in-app: admin@macinternetservices.com.

9. Changes

If we materially change this policy we'll update the "Last updated" date at the top and notify active users by email.