Privacy Policy

PlainQR - Privacy Policy

Last Updated: April 10, 2025

Welcome to PlainQR! This Privacy Policy explains how RT Hidden Enterprises, LLC ("we," "us," or "our") collects, uses, discloses, and protects information about users ("you") of the PlainQR website and services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect several types of information for various purposes to provide and improve our Service to you:

  • a) Information You Provide Directly:

    • Account Information: When you register for an account, we collect your email address and a hashed version of your password. We never store your plain text password.

    • QR Code Content: We process the text you submit to generate QR codes. This text is processed transiently to create the QR code output. While we do not intentionally store this content long-term after generation, it may be temporarily present in server logs or memory during processing. We strongly advise against submitting sensitive or confidential information for QR code generation.

    • Payment Information: When you purchase credits, payment processing is handled by our third-party payment processor, Stripe. We do not directly collect or store your full credit card number or sensitive payment details. Stripe provides us with confirmation of payment, transaction details (like the Stripe session ID), and may provide partial payment method information (like the last 4 digits of a card) for identification purposes. We store a record of the processed payment (linked to the Stripe session ID) in our database to prevent duplicate credit grants.

    • Communications: If you contact us directly (e.g., for support), we may collect your name, email address, and the contents of your message.

  • b) Information Collected Automatically:

    • Log Data: Like most websites, our servers automatically record information ("Log Data") created by your use of the Service. This Log Data may include information such as your IP address, browser type, operating system, the referring web page, pages visited, location (based on IP address), mobile carrier, device information, search terms, and cookie information.
    • Cookies and Similar Technologies: We use cookies and similar tracking technologies to track activity on our Service and hold certain information.
      • Session Cookies: We use session cookies (managed via Flask-Login) to keep you logged in and manage your user session. These are essential for the Service to function correctly for logged-in users.
      • Stripe Cookies: Our payment processor, Stripe, may use cookies to facilitate the payment process and for fraud prevention.
      • Analytics Cookies: We may use third-party services like Google Analytics that use cookies to collect information about your use of the Service to help us analyze and improve it. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service (especially features requiring login).

2. How We Use Your Information

We use the collected information for various purposes:

  • To provide, operate, and maintain our Service.
  • To manage your account, including registration, login, and password resets.
  • To process your transactions and fulfill your purchase of credits via Stripe.
  • To prevent duplicate processing of payments.
  • To generate the Unicode QR codes based on the text you provide.
  • To communicate with you, including responding to your inquiries and providing customer support.
  • To monitor the usage of the Service and detect, prevent, and address technical issues or potential security threats.
  • To enforce our Terms and Conditions.
  • To analyze usage patterns and improve the Service.

3. Sharing and Disclosure of Information

We do not sell your personal information. We may share your information in the following circumstances:

  • With Service Providers: We may share information with third-party companies and individuals that perform services on our behalf, such as:

    • Payment Processing: We share necessary information with Stripe to process your payments. Please review Stripe's Privacy Policy for their data handling practices.

    • Hosting: Our application and database are hosted by third-party providers. These providers may have access to data stored on their servers as part of providing their services.

    • Analytics Providers: We may share usage data with analytics providers.

  • For Legal Reasons: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency), or if we believe in good faith that disclosure is necessary to:

    • Comply with a legal obligation.
    • Protect and defend our rights or property.
    • Prevent or investigate possible wrongdoing in connection with the Service.
    • Protect the personal safety of users of the Service or the public.
    • Protect against legal liability.

  • Business Transfers: If we are involved in a merger, acquisition, or asset sale, your Personal Data may be transferred.

4. Data Security

We take reasonable measures to help protect information about you from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. These measures include:

  • Storing passwords using strong, salted hashing algorithms (via werkzeug.security).
  • Using HTTPS encryption for data transmission between your browser and our server.
  • Relying on Stripe for secure handling of sensitive payment information.
  • Implementing access controls within our systems.

However, please remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

5. Data Retention

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy.

  • Account Information: We retain your account information (email, password hash, credits, payment history links) for as long as your account is active and for a reasonable period thereafter as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

  • QR Code Content: Text submitted for QR generation is processed transiently and not intentionally stored long-term, but may exist temporarily in server logs.

  • Log Data: Server logs are typically retained for a limited period for security and debugging purposes.

  • Payment Records: Information related to processed payments (e.g., the Stripe session ID stored in our processed_payments collection) is retained as necessary for financial record-keeping and compliance.

6. Your Data Protection Rights

Depending on your location (e.g., if you are in the European Economic Area (EEA) or California), you may have certain data protection rights:

  • The right to access: You have the right to request copies of your personal data.

  • The right to rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

  • The right to erasure: You have the right to request that we erase your personal data, under certain conditions.

  • The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.

  • The right to object to processing: You have the right to object to our processing of your personal data, under certain conditions.

  • The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

To exercise these rights, please contact us at support@plainqr.com. We may need to verify your identity before responding to such requests. Please note that we may not be able to fulfill certain requests if it would violate legal obligations or impede essential business functions (e.g., retaining transaction records).

7. Children's Privacy

Our Service is not intended for use by children under the age of 13 (or 16 in some jurisdictions). We do not knowingly collect personally identifiable information from children under this age. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

8. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

9. Contact Us

If you have any questions about this Privacy Policy, please contact us: