Security | QR Code Maker

Infrastructure & Certifications

QR Code Maker runs entirely on SOC 2 Type II certified cloud providers with proven security track records.

SOC 2 Type II

Vercel (Hosting & CDN)

SOC 2 Type II

Supabase (Database & Auth)

PCI DSS Level 1

Stripe (Payments)

Additional Provider Certifications

ISO 27001:2013 (Vercel)

HIPAA Compliant (Supabase)

PCI DSS v4.0 (Vercel)

GDPR Compliant (All providers)

Data Privacy Framework (Vercel)

Daily Backups (Supabase)

Encryption

Data in Transit

All connections to QR Code Maker use TLS 1.2/1.3 encryption. This includes your browser connections, API calls, and QR code redirects. We enforce HTTPS everywhere with no exceptions.

Data at Rest

Your data is encrypted at rest using AES-256 encryption, the same standard used by banks and government agencies. This applies to:

Your account information and QR code data
Uploaded files (logos, PDFs, images)
Scan analytics data
Database backups

Passwords

Passwords are hashed using bcrypt with appropriate cost factors. We never store plain-text passwords. Even our team cannot see your password.

Data Protection

Access Controls

Access to customer data is strictly limited. We use row-level security (RLS) on all database tables, ensuring users can only access their own data.

Scanner Privacy

When someone scans your QR code, we collect minimal analytics data with privacy-first practices:

Privacy-First Scan Analytics

• IP addresses are hashed, not stored in full
• We do not create profiles of people who scan QR codes
• We do not track individuals across different QR codes
• Analytics are aggregate only
• Scan data is retained for 24 months, then deleted

No Data Sales

We do not sell your data. We do not share your data with advertisers. We do not use your data for ad targeting. Your QR codes and analytics belong to you.

Network Security

DDoS Protection

Our infrastructure includes automatic DDoS mitigation at the edge. Vercel's global network absorbs malicious traffic before it reaches our application, ensuring your QR codes stay online even during attacks.

Web Application Firewall

We use managed WAF rulesets that protect against the OWASP Top 10 vulnerabilities, including SQL injection, cross-site scripting (XSS), and other common attack vectors.

Global Edge Network

QR code redirects are served from Vercel's global edge network, providing fast response times worldwide and built-in redundancy. If one region has issues, traffic automatically routes to healthy regions.

Responsible Disclosure

We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly so we can address it quickly.

Report a Vulnerability

Email us at security@qr-code-maker.app with details about the vulnerability.

Our Commitment

• Acknowledge receipt within 48 hours
• Provide an initial assessment within 5 business days
• Keep you informed of our progress
• Credit you in our security acknowledgments (if desired)

Please do not publicly disclose the vulnerability until we've had a reasonable opportunity to address it. We appreciate your help in keeping QR Code Maker secure.

Related Policies

Privacy Policy — How we collect, use, and protect your personal data
Terms of Service — Your agreement with QR Code Maker
Acceptable Use Policy — Prohibited content and behavior
Cookie Policy — How we use cookies and tracking technologies

Questions?

If you have questions about our security practices, please contact us at support@qr-code-maker.app.

Last updated: January 13, 2025