Privacy Policy

Last updated: October 24, 2025

1. Who We Are

EchoDial LLC DBA QrCodeBuilder ("QrCodeBuilder", "we", "our") provides a QR code creation and analytics platform for businesses.

Address: 8733 Cochise Lane, Port Richey, FL 34668 (home office).
Contact: admin@qrcodebuilder.pro

2. Scope

This policy explains how we collect, use, disclose, and protect personal information when you use our website and services. It applies to account holders, site visitors, and end users who scan QR codes generated via our service.

3. Information We Collect

Account and Contact Data

  • Name, email address, business details, and authentication data.
  • Support communications and preferences.

Payment Information

  • Payments are processed by Authorize.net. We do not store full card numbers or CVV.
  • We may store non-sensitive billing metadata (e.g., transaction IDs, last4) returned by the processor.

Usage and Device Information

  • Log data such as IP address, user agent, pages viewed, and timestamps.
  • Cookies and similar technologies for session management, CSRF protection, preferences, and analytics.

QR Scan Analytics

When a QR code is scanned, we collect privacy-preserving analytics:

  • Truncated IP (e.g., IPv4 last octet removed) — we do not store full IP addresses for tracking.
  • Normalized user agent (browser/OS family without specific versions).
  • Rotating device hash generated with a secret salt and a time window (e.g., daily), which limits long-term tracking.
  • Timestamp, QR code identifier, and basic request context.

4. How We Use Information

  • Provide and operate the service (contract performance).
  • Process payments via Authorize.net.
  • Secure the service, prevent fraud/abuse, and debug (legitimate interests).
  • Measure performance and usage, including Google Analytics (consent/legitimate interests, depending on region).
  • Communicate with you regarding the service, updates, and support.
  • Comply with legal obligations.

5. Legal Bases (EEA/UK)

  • Contract — to create your account and deliver features you request.
  • Legitimate interests — to maintain security, prevent abuse, and understand service performance using privacy-preserving analytics.
  • Consent — for non-essential cookies/analytics where required.
  • Legal obligation — to keep records for tax and compliance.

6. Cookies and Similar Technologies

We use cookies to:

  • Essential: session management (e.g., PHP session), CSRF tokens, load balancing, authentication.
  • Preferences: optional settings like UI choices.
  • Analytics: Google Analytics to measure site usage. We do not send personal content or full IPs with analytics.

In regions where required, we will display a cookie banner to obtain consent for non-essential cookies.

7. Google Analytics

We use Google Analytics to understand website performance. Google may process pseudonymous identifiers and truncated IP information. You can opt out via browser settings or Google’s opt-out tools. See Google’s Privacy Policy for details.

8. Sharing of Information

  • Service Providers: Authorize.net (payments), SMTP/email provider (transactional email), analytics providers (Google Analytics).
  • Legal: To comply with law, enforce agreements, or protect rights.
  • Business Transfers: As part of a merger, acquisition, or asset sale, with appropriate safeguards.

9. Data Retention

  • Account data: For the life of your account and up to 24 months after closure, unless we need to retain longer for legal reasons.
  • Billing/transaction records: Up to 7 years for tax and accounting.
  • QR scan logs (raw events): Typically up to 90 days.
  • Aggregated analytics: Up to 12 months for reporting trends.
  • Hosted QR content and files: Deleted within 30 days after cancellation or deletion by the user (except required legal backups).
  • Backups: Encrypted rolling backups are retained for up to 30 days and then overwritten.

10. Security

We use industry-standard security measures designed to protect your information, including access controls, encryption in transit, and privacy-preserving analytics for scans. However, no method of transmission or storage is 100% secure.

11. International Transfers

If we transfer personal data internationally, we implement appropriate safeguards such as standard contractual clauses where applicable.

12. Your Rights

Depending on your location, you may have rights to access, correct, delete, restrict, or object to processing of your personal data, as well as data portability. To exercise your rights, contact admin@qrcodebuilder.pro. We will respond within 30 days where required by law.

13. CCPA/CPRA (California)

  • We do not sell personal information as defined by the CCPA/CPRA.
  • You have rights to know, delete, correct, and limit the use and disclosure of sensitive personal information, subject to exceptions.
  • To submit a verifiable consumer request, email admin@qrcodebuilder.pro.

14. Children’s Privacy

The service is not directed to individuals under 18. If we learn that we have collected personal information from a minor, we will take steps to delete it.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or through the service. The updated policy is effective when posted unless otherwise indicated.

16. Contact

For questions or requests, contact admin@qrcodebuilder.pro.