Back

Legal

Privacy Policy

1. Controller

Controller within the meaning of the General Data Protection Regulation (GDPR): Louis Hall, Kolonnenstr. 8, 10827 Berlin, Germany Email: support@louisdev.com

2. Hosting

We host our application with Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. The server location is exclusively Germany. A data processing agreement under Art. 28 GDPR is in place with Hetzner.

3. Server log files

When you visit our website, technically necessary data is stored in server logs: IP address (truncated after 7 days), date and time, requested URL, referrer, user agent. The legal basis is Art. 6 (1) (f) GDPR (legitimate interest in security and stable operation). Retention period: 7 days, after which logs are automatically deleted.

4. Account data

When you register, we process: email address, password (as a hash), display name, selected plan. The legal basis is Art. 6 (1) (b) GDPR (contract performance). The data is stored until you delete your account. You can delete your account yourself at any time.

5. Cookies

We exclusively use technically necessary cookies. They are required for login, theme selection, language preference, and protection against automated abuse. Specifically: session cookie, qr_gate_theme, qr_gate_locale, qr_gate_attempt, qr_gate_block.

We also store your consent decision in the cookie qrg_consent.

We do not use any advertising cookies. We do not use Google Analytics, Facebook Pixel, or any other tracking service. No third-party advertising cookies either.

Legal basis for technically necessary cookies: §25 (2) (2) TTDSG in conjunction with Art. 6 (1) (f) GDPR.

6. Geo-location on scan

When a visitor scans a QR code, we derive the country and city from their IP address to give creators a rough reach overview. Resolution is performed using the geoip-lite library, which runs entirely on our server in Germany. No IP transmission to third parties takes place. Only country and city are stored — the full IP is not kept in the analytics table.

7. Payment processing via Stripe

For paid plans, payment is processed via Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. Stripe processes name, email address, and payment data as an independent controller. Stripe uses sub-processors in the US; the transfer is based on Art. 49 (1) (b) GDPR (contract performance) and the EU-US Data Privacy Framework, in which Stripe is certified.

Stripe privacy policy: https://stripe.com/privacy

8. reCAPTCHA

To protect against automated registrations, Google reCAPTCHA from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, may optionally be used. reCAPTCHA checks various characteristics to determine whether the input is made by a human. The legal basis is Art. 6 (1) (f) GDPR (legitimate interest in spam and abuse protection).

Google privacy policy: https://policies.google.com/privacy

9. Email delivery

We send transactional emails (e.g. confirmation codes, password reset links) via an SMTP service provider. Only the data necessary for delivery (email address and content of the email) is processed. Legal basis: Art. 6 (1) (b) GDPR (contract performance).

10. Creator analytics data

For each QR code, we record scan events: timestamp, country, city, browser and operating system type, referrer (if transmitted). This information is visible to the respective creator as a reach statistic. The legal basis is Art. 6 (1) (f) GDPR (legitimate interest of the creator in measuring reach). Retention period is 18 months.

11. Visitor fingerprint hash

To detect whether multiple scans of the same QR code originate from the same device (e.g. for repeat-scan handling and rate limiting on failed attempts), we compute a SHA-256 hash from IP, user agent, and a secret salt. This hash is not reversible — the original IP cannot be recovered. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in abuse protection).

12. Your rights

You have the following rights: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), objection (Art. 21), and withdrawal of consent.

For requests, please contact support@louisdev.com.

You also have the right to file a complaint with a data protection supervisory authority. The competent authority for us is: Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstr. 219, 10969 Berlin, Germany.

13. Changes to this privacy policy

We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or to reflect changes to our services. The current version applies to your next visit.

Last updated: May 2026

We use cookies

We use essential cookies to make this site work and optional analytics cookies to improve your experience.