Privacy Policy

Last updated: 17 June 2026

DropQR ("we", "us") operates the QR redirect service at drop-qr.com.au. We are privacy-first by design: we collect the minimum data needed to run the service and we never sell it.

This is a plain-language summary and not legal advice — have it reviewed by a lawyer before relying on it.

Two kinds of people, two kinds of data

DJs (account holders)

• Email address — to create and secure your account.
• Payment details — handled entirely by Stripe. We never see or store your card number.
• Your codes and destinations — the link names and URLs you create.

People who scan a code

When someone scans a DropQR code we record the absolute minimum to count the scan:

• A scan count per code.
• Coarse country (e.g. "AU"), derived from the IP address and then the IP is immediately discarded — we do not store IP addresses.
• Device type (mobile / tablet / desktop).

We do not use cookies on scans, do not fingerprint devices, and do not track individuals across sites. Scanning a code does not identify you.

How long we keep it

Raw scan records (country + device type) are automatically deleted after 90 days. Only aggregate counts are kept beyond that. Account data is kept while your account is active.

Who processes data for us

• Vercel — hosting.
• Supabase — database and authentication.
• Stripe — payments.

Your rights

You can request access to, export of, or deletion of your account data at any time by emailing harryjcmedia@gmail.com. We do not sell personal data to anyone.