Privacy

Last updated: 27 June 2026.

Your QR codes stay on your device

Every QR code is generated entirely in your browser. The content you type — the link, text, Wi-Fi password, anything — is never uploaded to our servers. We don't have a copy of it. Downloads and clipboard copies happen locally on your machine.

Analytics

We use a self-hosted Matomoinstance to count visits and which features are used (e.g. “a QR was generated”). It runs without cookies, respects your browser's “Do Not Track” setting, and anonymises IP addresses — so there's no consent banner to click through. We never send the content of your QR codes to analytics, only anonymous event categories (such as the payload type or export format).

Accounts and the API (optional)

The QR generator itself needs no account. If you choose to use the optional extras — saving a dynamic (editable) QR code, the dashboard, or the free API/MCP server — you create a free account with a magic link. The only personal data we store for that is your email address (to sign you in and let you manage your codes). No password, no profile, and we never sell it. You can delete your account and codes from the dashboard at any time.

Dynamic QR codes and scan analytics

A dynamic QR code points at a short oqr.to link that redirects to your chosen destination, so you can change where it goes without reprinting. When someone scans one, we log a minimal, anonymous record so the code's owner can see basic analytics: an approximate country (from the network, not GPS), a coarse device type (e.g. mobile or desktop), the referrer if any, and the time. We do not store IP addresses, full user-agent strings, or anything that identifies the person scanning. Static QR codes (the default) don't route through us at all, so they generate no scan data.

The Location tool

If you use the optional Location feature, the interactive map is the one part of OpenQR that talks to third parties:

  • Map tiles are served by CARTO (on OpenStreetMap data).
  • Address searches are sent to OpenStreetMap's Nominatim service. Your search text and IP address reach them in order to return results.
  • If you tap “My location”, your browser asks your permission before sharing GPS coordinates.

These calls only happen when you actively use the map. If you never open the Location tool, nothing is sent.

No profiles, no selling data

We store no marketing profiles and never sell data. The only personal data we ever hold is the email address of people who opt in to an account (above). Tips are handled by Buy Me a Coffee and code lives on GitHub — both have their own privacy policies when you choose to visit them.

Open source

Don't take our word for it — OpenQR is open source. You can read exactly what it does, or run your own copy.