all systems operational
heldqr
sign in create a code
01 / PRIVACY
[ privacy policy · v0.1 · 2026-06-11 · lawyer review pending ]

Privacy policy.
What we process, why, and how to make us stop.

Heldqr, operated from Belgium, is the data controller for heldqr.com, app.heldqr.com, and the heldqr.io resolver. For any question, request, or complaint about your data, write to legal@heldqr.com.

This page is written in plain language, like the Terms. It is short because the product is designed to need very little of your data — the section on scans is the shortest one below, and that is the point. v0.1 ships pre-lawyer-review; the facts about what we store are accurate today, the legal phrasing will be tightened by counsel.

02 / COOKIES

Cookies on this site, and how to say no.

heldqr.com sets no cookies until you act. If you accept analytics in the cookie banner, Google Analytics sets its _ga cookies so we can see aggregate usage of the site. If you decline — or never choose — nothing is set and nothing loads from Google.

The legal basis is your consent (GDPR art. 6(1)(a)). Your choice itself is stored in your browser under the localStorage key heldqr-analytics-consent; remembering the choice is strictly necessary and needs no consent of its own.

_ga, _ga_* cookies set by Google Analytics 4, only after you accept. Used to recognize your browser across visits for aggregate statistics. They expire after at most 24 months.
heldqr-analytics-consent a localStorage entry holding your banner choice (granted or denied). Strictly necessary; kept until you clear it.
app.heldqr.com session a strictly necessary, signed session cookie when you sign in to the dashboard. Authentication only — not used for tracking.
the resolver (heldqr.io) sets no cookies at all. Scan analytics are cookieless by design — see §04.
withdraw consent press the reset button below, or clear cookies and site data for heldqr.com in your browser. The banner asks again on your next page load.

03 / ACCOUNT

What we store when you have an account.

Signing in is by magic link — there is no password to store, hash, or leak. An account is essentially an email address plus your codes. The legal basis for processing it is performing our contract with you (art. 6(1)(b)).

account record email address, optional display name, interface language, current plan, and — once you pay — a Stripe customer reference. Nothing else.
your codes shortcode, destination URL, your private label, creation time, and the destination's edit history.
sign-in single-use magic-link tokens, invalidated as soon as they are used.
billing card details go directly to Stripe, our payment processor — we never see or store your card number.
you can export everything tied to your account, from the dashboard, at any time, in CSV and JSON.
you can delete your account from the dashboard. Codes are removed from the resolver within 60 seconds; backups age out within 30 days.
04 / SCANS

What a scan leaves behind.

When someone scans a code, heldqr.io redirects them and records three things: a timestamp, a coarse device class (mobile, desktop, or tablet), and a two-letter country code derived from the IP address in-process — after which the address is discarded. No cookie is set, no fingerprint is computed, and scan records are never sold.

stored per scan timestamp, country code (like BE), device class. That is the whole record.
never stored the scanner's IP address, precise location, device identifiers, or anything else that identifies the person scanning.
legal basis legitimate interest (art. 6(1)(f)) in giving code owners aggregate statistics — which is why the record is anonymous from the moment it is written.
05 / RIGHTS

Your rights, and how to use them.

GDPR gives you rights over data about you. Most of them are self-service here — the dashboard is faster than a formal request, but the formal route via legal@heldqr.com is always open and answered within 30 days.

access + portability the dashboard export gives you everything we hold on you, in CSV and JSON. No ticket, no waiting period.
rectification edit your email, display name, and codes directly in the dashboard.
erasure delete your account in the dashboard — resolver within 60 seconds, backups within 30 days.
withdraw consent the reset button in §02, any time, with no effect on anything else. Withdrawing is as easy as granting — that is an art. 7(3) requirement, not a courtesy.
object to the legitimate-interest scan analytics: scan records are anonymous and cannot be tied back to a person, but write to legal@heldqr.com and we will assess your case.
complain to the Belgian supervisory authority — gegevensbeschermingsautoriteit.be (Gegevensbeschermingsautoriteit / Autorité de protection des données).
06 / RECIPIENTS

Who else sees data, and for how long.

Two processors, each confined to its own surface. No data is sold, shared for advertising, or combined across surfaces.

Google (analytics) only if you accepted cookies on heldqr.com. Google Ireland Ltd processes the data; transfers to the US are covered by the EU–US Data Privacy Framework. Event-level data is retained for at most 14 months.
Stripe (payments) card details and billing address, only when you pay. We hold nothing but the customer reference.
changes to this policy versioned at the top of this page; material changes get 30 days' notice to active customers by email, same as the Terms.
07 / SIGNED
>

The best privacy policy is a short list of things that were never collected.
This page is short because the product is.

— Heldqr · v0.1 · 2026-06-11