What we collect
When you create an account, we collect your email address. When you create a QR code, we store the information you provide: property name, WiFi network name (SSID), WiFi password, and any template content (menus, house manual details, business hours, or business card information).
We also record the number of times each QR code is scanned and the timestamp of the most recent scan. For QR code scans, we collect a hashed device identifier (not linked to any personal account), the approximate country, and how the scan was initiated (camera app, browser, etc.). This data is used to show you scan analytics on your dashboard.
How we store it
Your data is stored in a PostgreSQL database hosted by Supabase (supabase.com), with row-level security enabled. Only your account can read or write your QR codes and subscription data.
WiFi passwords are stored as plaintext in the database. They are displayed to anyone who scans your QR code — that is the purpose of the service. Do not use PlaitQR for credentials you want to keep private from guests.
Analytics & tracking
We use the following tools to understand how you use PlaitQR and to improve our service:
- PostHog — product analytics and session recordings. Collects page views, user interactions, and session recordings (session recordings only with your explicit consent). Data retained for 90 days. Opt out: click "Essential only" in the cookie banner, or visit plaitqr.com and revoke consent. posthog.com/privacy
- Google Analytics 4 (GA4) — pageview and event analytics for marketing attribution. Collects page views, referrer sources, and custom events. Data retained for 14 months. IP anonymization enabled. Opt out: click "Essential only" in the cookie banner. policies.google.com/privacy
- Vercel Analytics & Speed Insights — first-party traffic and Core Web Vitals measurement. No cookies set; data aggregated only. Not subject to consent. vercel.com/docs/analytics/privacy
- Microsoft Clarity — heatmaps and session recordings (session recordings only with your explicit consent). Collects mouse movements, clicks, and scroll depth. Data retained for 13 months. Opt out: click "Essential only" in the cookie banner. privacy.microsoft.com
- Sentry — error and performance monitoring. Collects stack traces and request metadata when errors occur. No personal identifiable information intentionally collected. Not subject to consent (essential for service operation). sentry.io/privacy
Third-party processors
- Supabase — database and authentication hosting
- Stripe — payment processing for Basic subscriptions. Stripe stores your payment method; we never see or store card numbers.
- Resend — transactional email delivery (payment receipts, account notifications)
- Vercel — application hosting and edge delivery
Your rights
You may request deletion of your account and all associated data at any time by emailing hello@plaitqr.com. We will process deletion requests within 30 days.
We do not sell your data to third parties. We do not use your data for advertising.