← Back to Home

Privacy Policy

Last Updated: 1 February 2026

1. Introduction

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our QR Code Generator service ("Service"). We are committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By using our Service, you consent to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Service.

2. Information We Collect

2.1 Personal Information

We collect the following personal information when you create an account:

  • Email address
  • Account credentials (encrypted passwords)
  • Subscription and billing information (processed securely through Stripe)

2.2 QR Code Information

When you create QR codes, we collect:

  • QR code names and URLs
  • Custom design settings
  • Creation and modification timestamps

2.3 Analytics and Usage Data

When someone scans your QR codes, we automatically collect the following information for analytics purposes:

  • IP Address: Used to determine approximate location and count unique visitors
  • Device Information: Device type (mobile, tablet, or desktop)
  • Browser Information: Browser type and version
  • Operating System: The OS of the scanning device
  • Referrer: The webpage that linked to the QR code (if applicable)
  • User Agent String: Technical information about the device and browser
  • Scan Timestamp: Date and time of each scan
  • Location Data: If voluntarily provided by the scanning device

2.4 Payment Information

Payment information is processed securely through Stripe, a PCI-DSS compliant payment processor. We do not store your full credit card details on our servers. We only store:

  • Stripe customer ID
  • Subscription status and tier

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Provision: To create, manage, and deliver QR code generation services
  • Analytics: To provide you with detailed scan analytics and insights about your QR codes
  • Account Management: To create and manage your account, verify your identity, and process payments
  • Service Improvement: To understand how our Service is used and improve our features
  • Customer Support: To respond to your inquiries and provide technical support
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes
  • Security: To detect, prevent, and address fraud, security issues, and technical problems
  • Communications: To send you service-related notifications, updates, and subscription information (you may opt-out of marketing communications)

4. Legal Basis for Processing (Australian Privacy Principles)

Under the Australian Privacy Principles, we collect and process your personal information based on:

  • Consent: You have provided explicit consent by creating an account and using our Service
  • Contract Performance: Processing is necessary to provide the services you have requested
  • Legitimate Interests: We have legitimate business interests in improving our Service and preventing fraud
  • Legal Obligations: We must comply with Australian laws and regulations

5. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

5.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our Service:

  • Supabase: Database and authentication services (data may be stored on servers outside Australia)
  • Stripe: Payment processing services
  • Vercel: Hosting and infrastructure services

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

5.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to protect our rights, property, or safety, or that of others.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

6. Cross-Border Data Transfers

Your information may be stored and processed on servers located outside of Australia, including in the United States. By using our Service, you consent to the transfer of your information to countries that may have different data protection laws than Australia. We take reasonable steps to ensure that overseas recipients comply with the Australian Privacy Principles.

7. Data Security

We implement industry-standard security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These measures include:

  • Encryption of data in transit using HTTPS/TLS
  • Encryption of sensitive data at rest
  • Secure authentication mechanisms
  • Regular security assessments and updates
  • Access controls and authentication requirements

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security.

8. Data Retention

We retain your personal information for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy. Specifically:

  • Account Information: Retained while your account is active and for a reasonable period after account closure for legal and audit purposes
  • QR Code Data: Retained while your account is active or until you delete specific QR codes
  • Scan Analytics: Retained for the lifetime of the associated QR code or until deletion
  • Payment Records: Retained in accordance with Australian tax and financial record-keeping requirements (typically 7 years)

8.1 Data Handling During Service Shutdown

In the event we discontinue the Service, we will handle your personal information as follows:

  • Advance Notice: We will provide at least 90 days' notice (or as much notice as possible in emergency situations) before any planned service shutdown
  • Data Export: You will have the opportunity to download and export all your personal information, QR codes, and analytics data during the notice period
  • Data Preservation: Your data will be preserved in secure, backed-up storage for an additional 90 days after the shutdown date to allow final data retrieval
  • Permanent Deletion: After the 90-day grace period, all personal information will be permanently and securely deleted from our systems, except for:
    • Information we are legally required to retain (e.g., financial records for tax purposes)
    • Anonymized, aggregated data that cannot identify you
  • Third-Party Processors: We will ensure that third-party service providers (Supabase, Stripe) also delete or anonymize your data in accordance with their policies and our agreements

We will notify you via email at each stage of the shutdown process and provide clear instructions for data export and retrieval. For detailed information about service discontinuation, please refer to Section 4 of our Terms of Service.

9. Your Rights Under Australian Privacy Law

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the following rights:

9.1 Access to Your Information

You have the right to request access to the personal information we hold about you. You can access most of your information directly through your account dashboard.

9.2 Correction of Information

You have the right to request correction of any inaccurate, incomplete, or out-of-date personal information. You can update most information directly in your account settings.

9.3 Deletion of Information

You have the right to request deletion of your personal information, subject to certain legal obligations. You can delete individual QR codes or your entire account, which will permanently delete your data.

9.4 Opt-Out of Marketing

You can opt-out of receiving marketing communications at any time by clicking the unsubscribe link in our emails or contacting us directly.

9.5 Complaint Process

If you believe we have breached your privacy rights, you may lodge a complaint with us. We will investigate and respond within a reasonable timeframe. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our Service. Cookies are small data files stored on your device. We use:

  • Essential Cookies: Required for the Service to function properly (e.g., authentication)
  • Analytics Cookies: Help us understand how users interact with our Service
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings, but disabling certain cookies may affect the functionality of our Service.

11. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

12. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated Privacy Policy on this page and updating the "Last Updated" date. Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Email: jake@thereindeerfactory.com
Location: Victoria, Australia

For complaints or concerns about privacy, you may also contact the Office of the Australian Information Commissioner:

Website: www.oaic.gov.au
Phone: 1300 363 992
Email: enquiries@oaic.gov.au

15. Specific Victorian Considerations

While the Privacy Act 1988 is federal legislation that applies throughout Australia (including Victoria), Victorian businesses must also be aware of:

  • Victorian Charter of Human Rights: We respect your right to privacy as protected under the Charter of Human Rights and Responsibilities Act 2006 (Vic)
  • Health Records: If applicable, we comply with the Health Records Act 2001 (Vic) for any health-related information

This Privacy Policy was last updated on 1 February 2026 and is governed by Australian law.