Privacy Policy

Last updated: 3 June 2026

Scanvas ("we", "us") lets you create QR codes and, for dynamic codes, track scans. This page explains what we collect and why. We try to collect as little as possible.

1. Information you give us

2. Information collected when a code is scanned

When someone scans one of your dynamic codes, we log basic analytics so you can see how your codes perform:

We do not store the scanner's raw IP address. It is converted into an irreversible hash (used only to count unique vs. repeat scanners) and discarded. Static codes are not tracked at all — they never touch our servers.

3. Cookies

We use a single, strictly-necessary session cookie to keep you logged in. It is HTTP-only and contains no personal data. We do not use advertising or third-party tracking cookies.

4. Service providers

To run Scanvas we use: Vercel (hosting), Upstash (database), Cloudflare (domain/DNS), and ip-api.com (to turn an IP into an approximate location at scan time). These providers process data on our behalf.

5. How we use the data

To operate your account, generate and serve your codes, show you analytics for your own codes, and keep the service secure. We do not sell your data.

6. Your choices

7. Children

Scanvas is not directed at children under 13 and we do not knowingly collect their data.

8. Changes & contact

We may update this policy; material changes will be reflected by the date above. Questions? Contact the site owner.

This is a plain-language starter policy. If you operate Scanvas commercially, have it reviewed for your jurisdiction (e.g. GDPR / Australian Privacy Act).