QRtistQRtist

Privacy Policy

Overview

QRtist is built to keep your stuff out of our hands. There are no accounts, no tracking, and no plain-text copies of your designs sitting on our servers. Most of the time everything stays on your device. If you make a short link, we only store an encrypted version, and only you hold the key to decrypt it.

What happens in your browser stays in your browser

In most browsers, QR codes are generated on your device using WebAssembly. When that is supported, the URL you enter, the pixels you draw, and the QR code you download are not sent to us for processing. If WebAssembly is not available, QRtist may fall back to server-side generation so the tool still works. Normal share links are still packed into the URL in your address bar, so we do not receive them just because you create a link.

Optional short share links

If you choose Shorten link in the share dialog, your QR settings are encrypted on the server with AES-128-GCM before they are saved. We store the encrypted blob, not the decryption key. The key is added to the link after a dot, for example /s/abc12345.xYz…. That means the complete link can open the design, but the short id on its own is useless to us or anyone else.

Short links are optional. Treat one a bit like a password: anyone with the full link can view the design. We do not use short links for analytics or profiling.

What we do collect

We try to keep this boring. The only thing we may collect is the basic plumbing needed to run a website:

  • Server access logs - disabled where possible, and kept for as little time as we can manage.

We do not use cookies, analytics trackers, ad pixels, or third-party scripts that build a profile of you.

No accounts, no sign-in

QRtist does not ask you to register. We do not have email addresses, passwords, or payment details for users, because there is nowhere to enter them.

Third-party services

QRtist runs on Cloudflare Workers. Cloudflare may process your IP address while routing traffic and protecting the site from attacks. We also use Google Fonts; the font files are loaded from Google's CDN, which may log the request. Neither Cloudflare nor Google gets the contents of your QR code from QRtist.

Data retention

If server access logs exist, we keep them only for as long as we need them to keep the site working. Encrypted short-link records stay around until we delete them; we may add automatic expiry later. Without the key from the full link, those records do not contain readable design data.

Your rights

Because we do not hold personal data beyond basic access logs, there is usually nothing for us to provide, correct, or delete. If you think we do have data about you, email us (you can guess the address) and we will look into it.

Contact

Questions about this policy? Send us an email.

← Back to home