Privacy Policy

QR Scanner & Code Creator

Last updated: July 1, 2026

This privacy policy describes how QR Scanner & Code Creator ("the App"), published by Eduard Bruch, handles your data. In short: your scans are processed on your device, your history never leaves your device, and the App contains no advertising, analytics, or tracking. There is no account and no registration.

1. Data Controller

Eduard Bruch

Kleinfeld 28c, 21149 Hamburg, Germany

Email: support@eduardbruch.com

2. Camera

The camera is used only to detect codes in real time. Camera frames are processed live on your device and are never stored, uploaded, or transmitted.

The App requests camera access solely so you can scan QR codes and barcodes. Decoding happens entirely on-device using Apple's system frameworks. The App does not take or save photos, and no image data leaves your device. You can revoke camera access at any time in iOS Settings.

3. Scan & Generation History

Codes you scan or create are saved locally on your device so you can view them later, mark favorites, and show recent items in the home-screen widget. This history is stored on-device (and, for the widget, in a private app group container on the same device). It is never sent to us or any third party, and it is deleted when you clear your history or delete the App.

4. Link Safety Check

When you scan a link, the App may flag potentially suspicious URLs (for example, common link shorteners or phishing-style patterns). This check runs entirely on-device against a built-in list. No scanned link, browsing activity, or URL is sent to any server as part of this feature.

5. Subscriptions & Purchases

Premium features are offered through auto-renewable subscriptions. Purchases are handled by Apple through the App Store; we never see or receive your payment details.

To verify your subscription status across your devices, the App uses RevenueCat, Inc. (USA) as a data processor. RevenueCat receives a pseudonymous app user identifier together with purchase and receipt information and basic device/OS information. It does not receive your name, email, or any scan data. Legal basis: Art. 6(1)(b) GDPR (performance of a contract). Because RevenueCat is based in the USA, this involves a transfer of data outside the EU/EEA.

See RevenueCat's Privacy Policy and Apple's Privacy Policy for details on how they process this data.

6. What We Do Not Do

No analytics. No advertising. No third-party tracking. No selling or sharing of personal data. No account.

The App does not contain any advertising or analytics SDKs and does not build a profile of you.

7. Data Retention

8. California Residents (CCPA)

We do not sell your personal information and do not share it for cross-context behavioral advertising. California residents have the right to know, delete, and opt out; because we do not sell or share personal information, there is nothing to opt out of.

9. Your Rights (GDPR)

Under the GDPR, you have the right to:

Most data (your history) lives only on your device and is fully under your control. For subscription data held by our processor, contact us at support@eduardbruch.com.

10. Children

The App is not directed at children under 16 (GDPR Art. 8) or under 13 (COPPA) and does not knowingly collect data from them.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be reflected by updating the "Last updated" date above.

12. Contact

Questions about this policy? Email support@eduardbruch.com.