Privacy Policy
Last updated: July 12, 2026
This policy is written for users in the European Economic Area (EEA), the United Kingdom, the United States, and other regions. It describes how we process personal data when you use QuickQR at toolupgo.com.
1. Who we are (data controller)
Lu Yang, operating ToolUp (“ToolUp”, “we”, “us”, “our”) operates QuickQR, a browser-based QR code generator.
Privacy contact: [email protected]
Website: https://toolupgo.com/qr
For the purposes of the EU General Data Protection Regulation (GDPR), UK GDPR, and applicable US state privacy laws, we act as the data controller (or “business”) for personal data described in this policy.
2. Scope
This Privacy Policy applies to your use of QuickQR on our website, including the home tool, SEO landing pages, Feedback form, and related pages. It does not apply to third-party websites or services linked from our site (for example Google AdSense or Cloudflare), which have their own privacy policies.
3. Summary
- QR content stays on your device. We do not receive the text, URLs, Wi‑Fi credentials, or other payload you encode.
- We collect limited data when you submit feedback, when you accept non-essential cookies (analytics and advertising), and when our infrastructure processes technical data for security.
- We do not sell or share personal information for cross-context behavioral advertising as defined under the California Consumer Privacy Act (CCPA), as amended by the CPRA. Google AdSense, if you consent, may use cookies under Google’s own policies.
- You control non-essential cookies through our cookie banner (Accept / Reject). See our Cookie Policy.
4. Data we do not collect
When you use the QR generator:
- We do not upload your QR payload to our servers.
- Logo images you select are processed locally in your browser only.
- We do not require an account to use QuickQR in v0.1.
- We do not knowingly collect QR content, scan analytics, or dynamic QR tracking data.
5. Personal data we collect
5.1 Feedback form
If you submit our Feedback form, we may process:
| Data | Source | Required? |
|---|---|---|
| Feedback category (bug / feature / other) | You | Yes |
| Message content | You | Yes |
| Email address | You | No (optional) |
| Hashed IP address | Automatic | N/A |
| Browser user-agent | Automatic | N/A |
| Submission timestamp | Automatic | N/A |
We use Cloudflare Turnstile on the feedback form to mitigate abuse. Turnstile may process device and interaction signals; see Cloudflare’s Privacy Policy.
5.2 Analytics (only with consent)
If you click Accept on our cookie banner, we may process:
- Aggregated page views and referrers via Cloudflare Web Analytics (if enabled)
- Non-identifying product events (e.g. QR type selected, download completed) sent to our API — labels such as
type,format, orreasononly; never QR content or feedback text
5.3 Advertising (only with consent)
If you accept non-essential cookies, we load Google AdSense. Google may set cookies and process online identifiers to deliver and measure ads. We do not control Google’s processing. See Google Privacy Policy and Google partner sites policy.
5.4 Cookie preference
We store your choice (accepted or rejected) in browser local storage under qq_consent.
5.5 Strictly necessary technical data
Our host Cloudflare may process IP addresses, request metadata, and security tokens to deliver the site, prevent abuse, and protect availability. This processing is necessary to provide the service you request.
6. Purposes and legal bases (EEA / UK)
Where GDPR or UK GDPR applies, we rely on the following:
| Processing | Purpose | Legal basis (Art. 6 GDPR) |
|---|---|---|
| Feedback storage | Operate, support, and improve QuickQR | Legitimate interests (Art. 6(1)(f)); Consent where required (checkbox) |
| Security (Turnstile, IP hashing, CDN) | Prevent spam and protect infrastructure | Legitimate interests (Art. 6(1)(f)) |
| Analytics beacons / events | Understand usage and fix errors | Consent (Art. 6(1)(a)) — non-essential cookies |
| AdSense cookies / scripts | Display and measure advertising | Consent (Art. 6(1)(a)) |
| Legal compliance | Respond to lawful requests | Legal obligation (Art. 6(1)(c)) where applicable |
You may withdraw consent at any time by clearing site data for toolupgo.com or contacting us. Withdrawal does not affect processing already lawfully performed. Where we rely on legitimate interests, you mayobject as described in Section 12.
7. Cookies and similar technologies
We use cookies, local storage, and similar technologies as described in our Cookie Policy. Non-essential analytics and advertising technologies are loaded only after you Accept on our cookie banner.
8. Recipients and processors
We share personal data only as needed with the following categories of recipients:
| Recipient | Role | Location |
|---|---|---|
| Cloudflare, Inc. | Hosting, CDN, D1 database, Turnstile, Web Analytics | Global / US |
| Google LLC (AdSense) | Advertising (if you consent) | US / global |
We require processors to protect personal data under contractual and applicable legal standards. We do not sell personal information to data brokers.
9. International transfers
We and our processors may process data in countries outside your own, including the United States. Where GDPR or UK GDPR requires safeguards for transfers, we rely on:
- Your consent (for non-essential cookies), where applicable
- Appropriate safeguards offered by processors (such as the EU Standard Contractual Clauses or UK International Data Transfer Addendum, where applicable)
- Legitimate interests for limited security and abuse-prevention processing
You may contact us for more information about transfer safeguards relevant to your request.
10. Retention
| Data | Retention period |
|---|---|
| Feedback records | 6 months from submission, unless deleted earlier upon request |
| Analytics / event logs | Short operational retention per Cloudflare and our logging configuration |
Cookie preference (qq_consent) | Until you clear browser storage |
| Ad-related cookies | Per Google’s policies while consent remains active |
11. Security
We implement appropriate technical and organizational measures, including HTTPS, access controls, and storing IP addresses only in hashed form for feedback. No method of transmission or storage is completely secure. If you believe your interaction with us is no longer secure, please notify us immediately.
12. Your rights (EEA / UK)
Subject to applicable law, you may have the right to:
- Access your personal data
- Rectify inaccurate data
- Erase your data (“right to be forgotten”)
- Restrict processing
- Object to processing based on legitimate interests
- Data portability where processing is based on consent or contract and carried out by automated means
- Withdraw consent at any time (without affecting prior lawful processing)
- Lodge a complaint with a supervisory authority
To exercise these rights, email [email protected] with sufficient detail for us to identify your data (for example, the email you used in feedback and approximate date). We respond within one month, as required by GDPR, and may extend by two further months for complex requests (we will inform you).
Supervisory authorities (examples):
- UK: Information Commissioner’s Office (ICO)
- EEA: your local data protection authority — see the European Data Protection Board member list
13. Notice to US residents (including California)
Depending on your state of residence, you may have additional rights under US privacy laws (including the CCPA/CPRA for California residents).
13.1 Categories collected (last 12 months)
| Category | Examples | Collected? | Source |
|---|---|---|---|
| Identifiers | Email (optional), hashed IP, cookie IDs (if consented) | Yes | You / automatic |
| Internet or network activity | Analytics events, page views (if consented) | Yes (with consent) | Automatic |
| Customer records | Feedback message | Yes | You |
| Sensitive personal information | — | No | — |
13.2 Sale or share
We do not sell personal information. We do not share personal information for cross-context behavioral advertising except where you consent to third-party advertising cookies (Google AdSense), which operates under Google’s policies. You may limit ad personalization via Google Ads Settings and our cookie controls.
13.3 Your US rights
Where applicable, you may request to know, access, delete, or correct personal information, and you have the right to non-discrimination for exercising privacy rights. Submit requests to [email protected]. We will verify your request as permitted by law.
14. Children
QuickQR is not directed at children under 16 in the EEA/UK, or under 13 in the United States. We do not knowingly collect personal information from children. If you believe a child has provided personal data, contact us and we will delete it promptly.
15. Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version on this page and revise the “Last updated” date. Where required by law, we will provide additional notice (for example, a prominent site notice or refreshed consent for material changes to cookie processing).
16. Contact
Lu Yang, operating ToolUp
Email: [email protected]
Website: https://toolupgo.com/qr
This document is provided for transparency and compliance alignment. It does not constitute legal advice. For formal legal review, consult a qualified attorney in your target markets.