Privacy Policy — QR and Barcode Maker and Reader

Android app · Last updated: 11 May 2026

This Privacy Policy describes how the QR and Barcode Maker and Reader Android application ("the App", "we", "us") handles information when you use it. By installing or using the App, you agree to the practices described below. The App includes a required account, cloud sync of your saved scans and codes, and on-device features such as scanning, code generation, voice search, and bulk import. This policy describes each of those clearly.

1. Summary

An account is required to use the App. You provide your name, email, phone number, and a password when registering.
Your saved scans, generated codes, folders, and dynamic codes are synced to our server so they are available across your devices.
When you generate or design a QR code, the App attempts to read your device's GPS location and attaches it to the code as metadata. This is described in detail in section 4.
We do not show ads, do not include any analytics or crash-reporting SDKs, and never sell your data.

2. What the App does on your device

Scans QR codes and barcodes through your camera using Google's on-device ML Kit barcode-scanning model. Camera frames are processed locally; they are not uploaded.
Generates and customizes QR codes and barcodes (design, colors, eye styles, logo).
Detects QR codes inside images you pick from your gallery.
Organizes scans into folders and batches; flags favorites.
Parses recognized content types: URL, text, Wi-Fi, contact (vCard), email, SMS, phone, geo, UPI payment intents.
Plays a short beep and vibrates briefly on successful scans (configurable in Settings).
Optionally accepts voice commands to search your scan history (Pro feature; opt-in).
Imports lists from CSV files or text using the system document picker, for batch QR generation.

3. Account and cloud data

3.1 Information you give us at registration

Name — used to display your profile inside the App.
Email address — used as your login identifier and to send password-reset emails.
Phone number (10–12 digits) — used to identify the account and for future account-recovery features.
Password — never stored in plain text. Our server stores only a bcrypt hash. You cannot use the same email or phone number for more than one account.

After sign-in, our server issues a bearer token (Laravel Sanctum) that the App stores locally on your device to keep you signed in.

3.2 What gets synced to our server

When you save a scan or generate a code, the App sends the following fields to our server so your data is available on other devices:

Field	Description
`client_id`	A random per-record UUID generated on your device (used to de-duplicate during sync).
`kind`	"qr" or "barcode".
`subtype`	The detected content type (URL, Wi-Fi, contact, UPI, etc.). Optional.
`value`	The decoded text/URL of the code, so you can search and re-open it later.
`label`	A custom name you assign. Optional.
`folder_id` / `batch_id`	Your organization metadata. Optional.
`favorite`	Boolean star flag. Optional.
`source`	"scan" or "generated".
`device`	A short label for the device (e.g. "Pixel 8 · Android") to help you tell devices apart in multi-device sync.
`design`	For generated codes only: your customization (foreground, background, dot style, eye style, logo flag).
`location`, `latitude`, `longitude`	Your device's GPS location at the moment the code was created or scanned (see section 4).

Saved scans on our server are visible only to your account. We do not aggregate them, sell them, or use them for advertising.

3.3 Dynamic QR codes

If you create a dynamic QR code in the App, our server hosts a short URL of the form https://<our-domain>/q/<code> and redirects scans of that QR to a destination you control. When the dynamic QR is scanned (by any device), our server records an anonymous scan event for your analytics — timestamp and the requesting country/region derived from the IP address. We do not retain the raw IP address beyond what is needed to derive the country and we do not track who scanned the code.

4. Location capture — please read

When you open the Generator screen or the QR Designer screen, the App requests the Android ACCESS_FINE_LOCATION permission and, if you grant it, reads your device's current GPS coordinates. The coordinates are then attached to any code you save from that screen and are uploaded along with the rest of the scan record to our server.

The location is not attached when:

You scan a code on the Scanner screen (no location is read there).
You deny the location permission, or have it turned off in Android Settings — in that case the location fields are simply blank.

You can revoke the permission at any time in Android Settings › Apps › QR and Barcode Maker and Reader › Permissions › Location. The App does not track your location in the background and never reads location outside of the Generator/Designer screens.

5. Android permissions

The following permissions are actively used by the App in the current version:

Permission	Why the App uses it
`CAMERA`	To scan QR codes and barcodes. Camera frames are processed on-device only.
`INTERNET`	To communicate with our server for sign-in, sync, and dynamic-QR features.
`VIBRATE`	Subtle haptic feedback when a scan succeeds.
`ACCESS_FINE_LOCATION`	To attach GPS coordinates to codes you generate or design (see section 4).
`RECORD_AUDIO`	Used only by the optional voice-search feature on the scanner detection sheet (Pro). Audio is processed by Android's on-device speech recognizer and is not stored or uploaded.
`READ_MEDIA_IMAGES` / `WRITE_EXTERNAL_STORAGE` (Android ≤ 9)	Used when you pick an image from your gallery to scan a QR contained in it, or when you save a generated QR/barcode as a PNG to your device.

The App's manifest also declares the following permissions, which are not used by the current code but may be exercised by future features in upcoming versions: ACCESS_COARSE_LOCATION, ACCESS_WIFI_STATE, CHANGE_WIFI_STATE, READ_CONTACTS, WRITE_CONTACTS. The current App does not read your contacts, does not change your Wi-Fi state, and does not read Wi-Fi information from your device. If and when these features become active, this policy will be updated before the feature ships.

All runtime permissions can be revoked in Android Settings › Apps › QR and Barcode Maker and Reader › Permissions.

6. Opening links from scanned codes

A QR code can contain a URL, a UPI payment intent (upi://), a phone number, an SMS template, an email, a Wi-Fi network, a map location, or other actionable content. When you tap "Open", the App hands the URL or intent off to the appropriate app on your device (your browser, your UPI app such as Google Pay or PhonePe, your dialer, your maps app, etc.). The App does not log which URLs or payment intents you choose to open. Those destinations are governed by their own privacy policies. Always check the URL preview shown by the App before opening, since QR codes can be created by anyone.

7. Your rights and account controls

You can:

Export your data at any time via the "Export my data" option in the App, which returns a JSON file of your profile, folders, scans, and dynamic codes.
Update your profile (name, avatar color, password) at any time.
Delete individual scans, folders, or dynamic codes from inside the App.
Delete your entire account and all associated data via the "Delete my account" option in the App. Account deletion is permanent and removes your profile, scans, folders, dynamic codes, and authentication tokens from our database.

8. Data retention

Account profile and saved records are retained on our server until you delete them or delete your account.
Dynamic-QR scan events (anonymous timestamps + country) are retained for up to 24 months for analytics aggregation, then purged.
Authentication tokens expire after periods of inactivity and can be revoked by signing out on the device.

9. Third-party services and libraries

The App contains no third-party advertising or analytics SDKs. The third-party code we do include is functional only:

Google ML Kit barcode-scanning — on-device ML model for decoding QR/barcodes from camera frames and gallery images. No data leaves the device.
react-native-vision-camera — camera framework. Runs on-device.
Android Speech Recognizer — for the optional voice-search feature in the scanner detection sheet. Audio is processed on-device.
react-native-geolocation-service — to read GPS coordinates from the device.
react-native-image-picker, @react-native-camera-roll/camera-roll — gallery picker and saving generated codes as images, only when you initiate.
papaparse, @react-native-documents/picker — local CSV parsing and file picker for bulk QR generation.
react-native-device-info — reads a non-personal device label (e.g. "Pixel 8 · Android") used in the device field above to help you tell your devices apart in multi-device sync.
Standard React Native libraries (storage, gestures, navigation, etc.). All run on-device.

Distribution is via Google Play, governed by Google's own privacy policy.

10. Data security

Communications between the App and our server use HTTPS/TLS. Passwords are hashed with bcrypt before storage. Authentication uses short-lived bearer tokens (Laravel Sanctum). Server-side data is stored in a private, access-controlled database. We do not have visibility into the plain-text passwords you choose.

11. Children's privacy

QR and Barcode Maker and Reader is intended for users aged 13 and over, in line with Google account policies. We do not knowingly create accounts for, or store personal information about, children under 13.

12. Changes to this policy

If we materially change this Privacy Policy, we will update the "Last updated" date at the top of this page and, for changes that affect existing data practices, show an in-app notice the next time the App connects to our server.

13. Contact

Questions, requests for export or deletion of your data, or other privacy concerns?
Email: atulmore.refferer@gmail.com