Privacy Policy
QR Scanner & Code Creator
Last updated: July 1, 2026
This privacy policy describes how QR Scanner & Code Creator ("the App"), published by Eduard Bruch, handles your data. In short: your scans are processed on your device, your history never leaves your device, and the App contains no advertising, analytics, or tracking. There is no account and no registration.
1. Data Controller
Eduard Bruch
Kleinfeld 28c, 21149 Hamburg, Germany
Email: support@eduardbruch.com
2. Camera
The camera is used only to detect codes in real time. Camera frames are processed live on your device and are never stored, uploaded, or transmitted.
The App requests camera access solely so you can scan QR codes and barcodes. Decoding happens entirely on-device using Apple's system frameworks. The App does not take or save photos, and no image data leaves your device. You can revoke camera access at any time in iOS Settings.
3. Scan & Generation History
Codes you scan or create are saved locally on your device so you can view them later, mark favorites, and show recent items in the home-screen widget. This history is stored on-device (and, for the widget, in a private app group container on the same device). It is never sent to us or any third party, and it is deleted when you clear your history or delete the App.
4. Link Safety Check
When you scan a link, the App may flag potentially suspicious URLs (for example, common link shorteners or phishing-style patterns). This check runs entirely on-device against a built-in list. No scanned link, browsing activity, or URL is sent to any server as part of this feature.
5. Subscriptions & Purchases
Premium features are offered through auto-renewable subscriptions. Purchases are handled by Apple through the App Store; we never see or receive your payment details.
To verify your subscription status across your devices, the App uses RevenueCat, Inc. (USA) as a data processor. RevenueCat receives a pseudonymous app user identifier together with purchase and receipt information and basic device/OS information. It does not receive your name, email, or any scan data. Legal basis: Art. 6(1)(b) GDPR (performance of a contract). Because RevenueCat is based in the USA, this involves a transfer of data outside the EU/EEA.
See RevenueCat's Privacy Policy and Apple's Privacy Policy for details on how they process this data.
6. What We Do Not Do
No analytics. No advertising. No third-party tracking. No selling or sharing of personal data. No account.
The App does not contain any advertising or analytics SDKs and does not build a profile of you.
7. Data Retention
- Scan & generation history: stored on your device until you delete it or remove the App.
- Subscription data (RevenueCat): retained for the duration of your subscription and as required for financial/legal record-keeping.
8. California Residents (CCPA)
We do not sell your personal information and do not share it for cross-context behavioral advertising. California residents have the right to know, delete, and opt out; because we do not sell or share personal information, there is nothing to opt out of.
9. Your Rights (GDPR)
Under the GDPR, you have the right to:
- Access the personal data we process about you
- Request correction or deletion of your data
- Restrict or object to processing
- Data portability
- Lodge a complaint with a supervisory authority
Most data (your history) lives only on your device and is fully under your control. For subscription data held by our processor, contact us at support@eduardbruch.com.
10. Children
The App is not directed at children under 16 (GDPR Art. 8) or under 13 (COPPA) and does not knowingly collect data from them.
11. Changes to This Policy
We may update this policy from time to time. Material changes will be reflected by updating the "Last updated" date above.
12. Contact
Questions about this policy? Email support@eduardbruch.com.