ИП AOM (“we”, “us”, the “Company”) operates QRGen at qrgen.app. We comply with the laws of the Republic of Kazakhstan on personal data protection (No. 94-V dated 21 May 2013) and apply best-effort GDPR-equivalent practices for non-KZ visitors.
1. Data we collect
- Account: email, hashed password, optional display name, optional company.
- Billing: Plexy / Stripe transaction IDs and amounts. We do not store full card numbers.
- QR code content: destinations and styles you upload.
- Scan events: IP address, user agent, device, OS, browser, country, referrer, scan token, timestamp. Stored at row level for 90 days, then aggregated into anonymized daily roll-ups.
- Operational logs (request, error, deploy) — 14-day rotation.
2. Why we collect
To deliver the Service, attribute your scans inside the analytics dashboard, prevent abuse / phishing, comply with Kazakh tax + AML obligations, and improve the product.
3. Sharing
We share data only with: Plexy + Stripe (billing), Google Safe Browsing (URL screening), Sentry (error tracking — Almaty-based deployment), and Kazakh authorities when legally compelled. We never sell scan data.
4. Your rights
Access, rectification, deletion, portability — exercise via support@qrgen.app. We respond within 30 days.
5. Cookies
Strictly necessary cookies for session + CSRF. Optional analytics cookies (GA4 / Yandex Metrica) are gated by your consent on first visit.
6. Retention
Account data: until deletion. Scan-event rows: 90 days. Daily roll-ups: 7 years (KZ tax requirement). Operational logs: 14 days.
7. Contact
Privacy Officer: privacy@qrgen.app. Postal: Республика Казахстан, г. Алматы, 10 МКР, дом 7А/1.