Privacy Policy
Last updated: April 2026
1. Data Controller
PiqloLabs ("Piqlo", "we", "us") operates the piqlo.co platform. We are the data controller for your personal data under the EU General Data Protection Regulation (GDPR).
For privacy inquiries, contact our Data Protection Officer at privacy@piqlo.co.
2. Data We Collect
Account data: Email address, display name, and profile picture provided via your authentication provider (Google, Apple, or email).
Payment data: We do not store credit card numbers. Payment processing is handled by Stripe, which acts as an independent data controller. We store only your Stripe customer ID and subscription plan.
QR code data: Destination URLs, titles, styling preferences, and generated QR images that you create through the Service.
Scan analytics: When someone scans a QR code, we record: country, city (derived from Cloudflare edge headers), device type, operating system, and browser. We do not store raw IP addresses. A SHA-256 hashed fingerprint with a daily-rotating salt is used solely for uniqueness detection and cannot be reversed to identify individuals.
Usage data (optional): If you explicitly consent, we collect anonymous product analytics via PostHog (button clicks, page views). This is disabled by default and can be toggled at any time in Settings.
3. Legal Basis for Processing
We process your personal data under the following GDPR Article 6(1) bases:
- Contract performance (Art. 6(1)(b)): Account data, QR code data, and payment data are necessary to provide the Service you signed up for.
- Legitimate interest (Art. 6(1)(f)): Scan analytics (aggregated, no raw IPs) enable the core value of the Service — showing you how your QR codes perform.
- Consent (Art. 6(1)(a)): Optional product analytics via PostHog are collected only with your explicit opt-in consent. You can withdraw consent at any time in Settings.
4. How We Use Your Data
We use your data to provide and improve the Piqlo service: creating and managing QR codes, displaying scan analytics, processing payments, and sending transactional emails (welcome email, password reset). We do not sell, rent, or share your personal data with third parties for marketing purposes.
5. Sub-Processors
We use the following sub-processors to operate the Service. Data Processing Agreements (DPAs) are in place with each:
| Provider | Purpose | Data Location |
|---|---|---|
| Hetzner (Germany) | Server hosting, database, backups | EU (Frankfurt) |
| Cloudflare (US) | CDN, DNS, DDoS protection, redirect Workers, R2 image storage | Global edge (EU primary) |
| Firebase / Google (US) | Authentication (Google/Apple/email sign-in) | US (EU SCCs in place) |
| Stripe (US) | Payment processing | US (EU SCCs in place) |
| Resend (US) | Transactional email (welcome, password reset) | US (EU SCCs in place) |
| Sentry (US) | Error tracking (PII scrubbed) | US (EU SCCs in place) |
| PostHog (EU) | Product analytics (consent-gated only) | EU |
For US-based sub-processors, Standard Contractual Clauses (SCCs) are in place to ensure GDPR-adequate protection for any data that transits through US infrastructure.
6. Data Storage & Security
All primary data (database, backups) is stored in the EU on Hetzner servers in Frankfurt, Germany. QR images are stored on Cloudflare R2 with EU-primary replication. Data is encrypted in transit (TLS 1.2+) and at rest.
We employ security headers (HSTS, CSP, X-Frame-Options), rate limiting, parameterized database queries, and regular security audits. See our security practices in our Terms of Service.
7. Data Retention
- Scan event data: Retained for 24 months, then automatically deleted by our monthly cleanup process.
- Account data: Retained until you delete your account.
- QR images: Retained until you delete the QR code or your account.
- Payment records: Stripe retains payment data per their own retention policy and legal obligations.
8. Your Rights (GDPR)
Under GDPR, you have the right to:
- Access & portability:Export all your data in machine-readable JSON format via Settings > Export Data.
- Erasure (right to be forgotten):Delete your account and all associated data (QR codes, scan events, images) via Settings > Delete Account. Deletion is immediate and irreversible.
- Rectification: Update your name and profile information at any time in Settings.
- Withdraw consent: Toggle PostHog analytics tracking on or off at any time in Settings. Withdrawal does not affect lawfulness of prior processing.
- Object & restrict: Contact us at privacy@piqlo.co to object to processing or request restriction.
- Lodge a complaint: You have the right to lodge a complaint with your local data protection authority.
9. Cookies
Piqlo uses only strictly necessary cookies for authentication session management. We do not use advertising cookies, tracking pixels, or third-party cookies. PostHog analytics (when consented) uses first-party cookies only.
10. Children's Privacy
Piqlo is not intended for users under 16 years of age. We do not knowingly collect data from children. If you believe a child under 16 has provided us with personal data, contact us at privacy@piqlo.co and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or an in-app notice. Continued use of the Service after changes constitutes acceptance of the updated policy.
12. Contact
For privacy inquiries, data requests, or complaints, contact our Data Protection Officer:
Email: privacy@piqlo.co
PiqloLabs — Frankfurt, Germany