Last Updated: April 16, 2026
This Privacy Policy explains how Hint America Inc. ("GetQR," "we," or "us") handles the personal information of people who visit our website, create an account, use our QR code platform, subscribe to our services, or otherwise interact with us (collectively, the "Services"). It also explains the choices and rights you have regarding that information.
Hint America Inc. is the data controller responsible for personal information processed through the Services. Our registered address is 2093 Philadelphia Pike #3129, Claymont, DE 19703, United States, and you can reach our privacy team at privacy@getqr.com.
This Policy applies to all users of the Services, regardless of location, and is written to comply with the General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (UK GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and other applicable privacy laws. It forms part of our Terms & Conditions and should be read together with them.
By using the Services you acknowledge the practices described below. If any part of this Policy is unacceptable to you, please do not use the Services.
We may update this Policy from time to time. When we make material changes, we will revise the "Last Updated" date above and notify you by email or through a prominent in-product notice at least 30 days before the change takes effect where practicable.
We collect information in three ways: information you give us directly, information we collect automatically when you use the Services, and information we receive from third parties.
When you register, subscribe, or interact with us, you may provide:
When you use the Services, our systems automatically collect:
When someone scans a dynamic QR code created through the Services, our redirect infrastructure processes a limited amount of information about the scan in order to deliver the redirect, generate analytics for the QR code's creator, and protect the platform from abuse. This may include:
This information is collected from people who may not themselves be users of GetQR. We process it based on the legitimate interest of the QR code creator (our customer) in understanding the performance of their codes, and our own legitimate interest in operating and securing the redirect service. The QR code creator sees this scan data in aggregate form through their dashboard. Scan data is retained for the period described in Section 8.
We may receive information about you from:
We may create aggregated or de-identified data from the information described above. Once information is aggregated or stripped of identifiers in a way that can no longer reasonably be linked to an individual, it is no longer personal information under applicable law, and we may use and share it without further restriction.
We use personal information for the purposes described below. The specific legal basis applicable under the GDPR and UK GDPR is listed in parentheses and expanded further in Section 4.
We do not use personal information to make decisions that produce legal or similarly significant effects on you without human involvement.
If you are located in the European Economic Area, United Kingdom, or Switzerland, we rely on one or more of the following legal bases under Article 6 of the GDPR and equivalent provisions of the UK GDPR and Swiss FADP to process your personal information:
We do not process special categories of personal data (such as health or biometric data) as part of normal Service operation. If you voluntarily include such data in content you submit, you are responsible for ensuring you have a lawful basis for doing so.
GetQR uses automated analysis of usage patterns to improve the Services and personalize the experience for our users. This includes understanding which types of destinations users link to, which customization options they prefer, and how they interact with the platform, in order to suggest relevant templates, icons, and design options.
We are also developing new AI-powered features, planned to include logo generation, landing page creation, restaurant menu builders, and additional design suggestion tools. When these features launch, the data handling specific to each feature will be described in product and incorporated into this Policy.
At present, we do not train our own AI models on the personal content you submit. Where AI-powered features make use of third-party model providers, your inputs to those features may be transmitted to those providers to generate the requested output and are subject to their terms and privacy practices. We will name any third-party AI providers we use in this Policy once they are in production.
You may be offered choices about whether your anonymized interaction data is used to improve AI features. Where we offer such controls, they will be accessible in your account settings and honored prospectively.
We use cookies, pixels, local storage, and similar technologies on the Services. These fall into the following categories:
On your first visit to the website, you will see a cookie banner that allows you to accept or manage non-essential cookies. You can change your preferences at any time through the cookie settings link in the footer of the website, or by adjusting your browser's cookie settings. Disabling certain cookies may affect Service functionality.
Our current practice regarding Do Not Track (DNT) browser signals is as follows: because no uniform industry standard for DNT exists, we do not respond to DNT signals. We do honor Global Privacy Control (GPC) signals where legally required.
We do not sell your personal information, and we do not share it for cross-context behavioral advertising as those terms are defined under California law. We share information only with the following categories of recipients:
We may also share aggregated or de-identified information that cannot reasonably be linked to an individual for research, benchmarking, marketing, or product development purposes.
We keep personal information for as long as needed to provide the Services, meet legal and regulatory requirements, and protect our legitimate interests. Specific retention practices include:
Where deletion is not immediately possible (for example, because data is present in backup archives), we isolate the data from active processing and delete it in accordance with our backup rotation schedule.
We may retain aggregated or de-identified data indefinitely for analytics and product development purposes.
We use administrative, technical, and organizational measures designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. These measures include:
Despite these measures, no online service can guarantee absolute security. You are responsible for keeping your email account secure (since it receives login authentication codes), using strong and unique passwords for any linked accounts, and notifying us promptly at privacy@getqr.com if you suspect unauthorized access.
If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of it, as required by Article 33 of the GDPR. Where the breach is likely to result in a high risk to affected individuals, we will also notify those individuals directly without undue delay, as required by Article 34. For users in other jurisdictions, we will provide notification in accordance with the applicable law.
GetQR is operated from the United States, and personal information we collect is processed in the United States and, in some cases, in other countries where our service providers operate.
If you are located in the European Economic Area, United Kingdom, or Switzerland, your personal information may be transferred to the United States and other countries that may not provide the same level of data protection as your home country. Where we transfer personal information out of the EEA, UK, or Switzerland, we rely on one or more of the following transfer mechanisms:
You can request a copy of the specific transfer safeguards we rely on by contacting privacy@getqr.com.
Depending on where you live, you may have the following rights regarding your personal information. We honor these rights across all users where feasible, even if your jurisdiction does not legally require it.
To exercise any of these rights, email privacy@getqr.com with your request and the email address associated with your account. We will respond within the timeframe required by applicable law — generally within one month under the GDPR and UK GDPR, and within 45 days under the CCPA/CPRA. We may need to verify your identity before fulfilling certain requests, and we may extend the response time in complex cases, in which case we will let you know.
You have the right to lodge a complaint with your local data protection authority if you believe we have not handled your information appropriately. For EU residents, a list of national authorities is available at edpb.europa.eu. For UK residents, contact the Information Commissioner's Office at ico.org.uk.
You can close your account at any time through the cancellation page or by emailing privacy@getqr.com. We may need to verify your identity before processing the request.
Account deletion is irreversible. Once the deletion is processed, you will lose access to your dashboard, your dynamic QR code redirects may cease to function, and your content may be removed from our active systems. We encourage you to export or download anything you want to keep before requesting deletion.
After account deletion, we retain limited information for the purposes and periods described in Section 8, including records required by tax and financial law, records needed to defend or pursue legal claims, and backup copies that will be cycled out according to our backup rotation schedule.
If you created your account using Google or Apple sign-in, deleting your GetQR account does not affect your Google or Apple account; you manage those separately through the respective provider.
If you are a resident of California, the following additional disclosures apply to you under the CCPA as amended by the CPRA.
In the past 12 months, we have collected the following categories of personal information, as defined by California law: identifiers (email, IP address, device identifiers), internet and network activity (usage logs, interactions with the Services), commercial information (subscription and transaction records), geolocation data (approximate location inferred from IP address), and inferences drawn from the above to personalize the experience. We have not collected sensitive personal information as defined by the CPRA.
We have disclosed these categories for business purposes to the service providers described in Section 7.
We do not sell personal information for monetary consideration and we do not share personal information for cross-context behavioral advertising, as those terms are defined by California law.
California residents have the right to know, right to correct, right to delete, right to opt out of sale or sharing, right to limit use of sensitive personal information (not applicable since we do not collect such data), and right to non-discrimination for exercising these rights.
To exercise any of these rights, email privacy@getqr.com with "California Privacy Request" in the subject line. You may also authorize an agent to submit a request on your behalf, in which case we may require verification of both your identity and the agent's authority.
We honor Global Privacy Control (GPC) browser signals as a valid opt-out of sale and sharing where applicable law treats them as such.
In addition to California, residents of several other U.S. states have privacy rights under state law. We honor these rights for residents of Virginia (under the Virginia Consumer Data Protection Act), Colorado (under the Colorado Privacy Act), Connecticut (under the Connecticut Data Privacy Act), Utah (under the Utah Consumer Privacy Act), Texas (under the Texas Data Privacy and Security Act), Oregon (under the Oregon Consumer Privacy Act), Montana (under the Montana Consumer Data Privacy Act), and other states with applicable consumer privacy laws.
These rights generally include the right to access, correct, delete, and obtain a portable copy of your personal information, and in some states, the right to opt out of targeted advertising, sale of personal information, or certain profiling activities. We do not engage in targeted advertising or sale of personal information as those terms are defined under these laws.
To exercise your rights, email privacy@getqr.com with your request and the state you reside in. If we deny your request, you have the right to appeal; appeals can be submitted to the same email address with "Appeal" in the subject line.
Nevada law provides residents the right to opt out of the sale of certain personal information. We do not sell personal information as defined by Nevada law. To submit a request, email privacy@getqr.com.
If you are located in Canada, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial privacy laws, including the right to access and correct your personal information.
If you are located in Australia, you have rights under the Privacy Act 1988 and the Australian Privacy Principles, including the right to access and correct your personal information and to complain to the Office of the Australian Information Commissioner.
If you are located in Brazil, you have rights under the Lei Geral de Proteção de Dados (LGPD), including rights to access, correct, delete, and port your personal information, and to object to processing.
Residents of other jurisdictions with applicable data protection laws may have additional rights. To exercise any such rights, contact privacy@getqr.com.
The Services are not directed to children, and we do not knowingly collect personal information from anyone under the age of 18. Our Terms require all users to be at least 18 years old.
If you are a parent or legal guardian and you discover that a minor under your care has provided personal information to us, please contact privacy@getqr.com so we can investigate and delete the information in accordance with applicable law.
Because QR codes in the physical world can be scanned by anyone, people under 18 may interact with QR codes that other users create. We encourage parents and guardians to supervise children's use of QR technology generally.
The Services may contain links to third-party websites, applications, and services, and dynamic QR codes redirect scanners to destinations chosen by the user who created the code. Third-party sites and destinations have their own privacy policies and data practices, which apply to any data collected by them. We are not responsible for the privacy practices or content of third-party sites.
We encourage you to review the privacy policies of any third-party site you visit through a link or QR code redirect.
We may update this Policy from time to time to reflect changes in our practices, our Services, or applicable law. When we make changes, we will update the "Last Updated" date at the top of this document.
For material changes — those that meaningfully affect how we collect, use, or share your personal information, or that reduce your rights — we will notify you at least 30 days before the change takes effect, by email or through a prominent in-product notice.
If you continue using the Services after a change takes effect, you are accepting the updated Policy. If you do not accept a change, please stop using the Services and, if appropriate, close your account.
Hint America Inc. 2093 Philadelphia Pike #3129 Claymont, DE 19703 United States
Privacy inquiries: privacy@getqr.com General support: help@getqr.com
If you have a complaint about our handling of your personal information, please contact us first so we can try to resolve it. You also have the right to lodge a complaint with your local data protection authority at any time.