Політика конфіденційності QR Code AI

PRIVACY POLICY

Last updated March 2, 2026

This privacy notice for Supernovae ("we," "us," or "our"), describes how and why we might collect, store, use, and/or share ("process") your information when you use our services ("Services"), such as when you:

• Visit our website at https://qrcode-ai.com, or any website of ours that links to this privacy notice
• Use our QR code generation tools, including AI-powered artistic QR code creation
• Engage with us in other related ways, including any sales, marketing, or events

Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at [email protected].

SUMMARY OF KEY POINTS

This summary provides key points from our privacy notice, but you can find out more details about any of these topics by reading the full notice below.

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use.

Do we process any sensitive personal information? We do not process sensitive personal information.

Do we receive any information from third parties? We do not receive any information from third parties.

How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.

Do we use AI to process your data? Yes, we use third-party AI providers (Anthropic, OpenAI, Replicate) to generate artistic QR codes based on your prompts and uploaded images. Your content is stored on our servers but is never used to train AI models.

In what situations and with which parties do we share personal information? We may share information in specific situations and with specific third parties. See our Subprocessors page for a full list.

Where is your data stored? Your data is primarily stored on servers located in the European Union (France) and the European Economic Area (Netherlands). Some data may be processed by US-based service providers under appropriate safeguards.

How do we keep your information safe? We have organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure.

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information.

How do you exercise your rights? The easiest way to exercise your rights is by contacting us at [email protected]. We will consider and act upon any request in accordance with applicable data protection laws within 30 days.

TABLE OF CONTENTS

1. What Information Do We Collect?
2. How Do We Process Your Information?
3. What Legal Bases Do We Rely On to Process Your Personal Information?
4. When and With Whom Do We Share Your Personal Information?
5. AI-Generated Content and Data Processing
6. Do We Use Cookies and Other Tracking Technologies?
7. How Do We Handle Your Social Logins?
8. How Long Do We Keep Your Information?
9. How Do We Keep Your Information Safe?
10. International Data Transfers
11. Do We Collect Information From Minors?
12. What Are Your Privacy Rights?
13. Controls for Do-Not-Track Features
14. Do We Make Updates to This Notice?
15. How Can You Contact Us?
16. How Can You Review, Update, or Delete the Data We Collect From You?

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

• Names
• Email addresses

Sensitive Information. We do not process sensitive information.

Payment Data. We may collect data necessary to process your payment if you make purchases, such as your payment instrument number, and the security code associated with your payment instrument. All payment data is stored by Stripe. You may find their privacy notice here: https://stripe.com/privacy.

Social Media Login Data. We may provide you with the option to register with us using your existing social media account details, like your Facebook, Twitter, or other social media account. If you choose to register in this way, we will collect the information described in the section called "How Do We Handle Your Social Logins?" below.

AI-Generated Content Data. When you use our AI-powered QR code generation features, we collect:

• Text prompts you provide for AI image generation
• Images you upload for QR code customization
• The generated QR code outputs

This data is stored on our servers to provide and improve the Services. It is not used to train AI models. See Section 5 for more details.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Information automatically collected

In Short: Some information, such as your Internet Protocol (IP) address and/or browser and device characteristics, is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

Like many businesses, we also collect information through cookies and similar technologies.

The information we collect includes:

• Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports, and hardware settings).
• Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
• Location Data. We collect location data such as information about your device's location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

• To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.
• To deliver and facilitate the delivery of services to the user. We may process your information to provide you with the requested service, including generating QR codes and AI-powered artistic designs.
• To request feedback. We may process your information when necessary to request feedback and to contact you about your use of our Services.
• To send you marketing and promotional communications. We may process the personal information you send to us for our marketing purposes, if this is in accordance with your marketing preferences. You can opt out of our marketing emails at any time. For more information, see "What Are Your Privacy Rights?" below.
• To identify usage trends. We may process information about how you use our Services to better understand how they are being used so we can improve them.
• To save or protect an individual's vital interest. We may process your information when necessary to save or protect an individual's vital interest, such as to prevent harm.

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.

If you are located in the EU or UK

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:

• Consent. We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time.
• Performance of a Contract. We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.
• Legitimate Interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information for some of the purposes described in order to:
  • Send users information about special offers and discounts on our products and services
  • Analyze how our Services are used so we can improve them to engage and retain users
  • Understand how our users use our products and services so we can improve user experience
• Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
• Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.

If you are located in Canada

We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time.

In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including, for example:

• If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way
• For investigations and fraud detection and prevention
• For business transactions provided certain conditions are met
• If it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim
• For identifying injured, ill, or deceased persons and communicating with next of kin
• If we have reasonable grounds to believe an individual has been, is, or may be victim of financial abuse
• If it is reasonable to expect collection and use with consent would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province
• If disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records
• If it was produced by an individual in the course of their employment, business, or profession and the collection is consistent with the purposes for which the information was produced
• If the collection is solely for journalistic, artistic, or literary purposes
• If the information is publicly available and is specified by the regulations

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We may share information in specific situations described in this section and/or with the following categories of third parties.

We may need to share your personal information in the following situations:

• Service Providers. We may share your information with third-party service providers who perform services on our behalf, including payment processing, data hosting, analytics, customer support, and AI content generation. See our Subprocessors page for a complete and up-to-date list.
• Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
• Legal Requirements. We may disclose your information where required by law, such as to comply with a subpoena or similar legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

Key Third-Party Service Providers

Provider	Purpose	Location
Stripe	Payment processing	US/EU
Scaleway	Infrastructure hosting	France (EU)
DigitalOcean	Infrastructure hosting	Netherlands (EU)
Cloudflare	CDN, security, DNS	US/Global
AWS	Cloud services	US/EU
Crisp	Customer support chat	EU
Microsoft Clarity	Analytics and heatmaps	US
Anthropic	AI content generation	US
OpenAI	AI content generation	US
Replicate	AI model hosting and inference	US
Google Firebase	Push notifications, cloud messaging	US/EU
Rewardful	Affiliate program management	US

For the most up-to-date list, please visit our Subprocessors page.

5. AI-GENERATED CONTENT AND DATA PROCESSING

In Short: We use third-party AI services to generate artistic QR codes. Your prompts and uploaded images are stored on our servers but are never used to train AI models.

Our Services include AI-powered features that allow you to generate artistic QR code designs. When you use these features:

Data we collect:

• Text prompts you provide to describe the desired QR code design
• Images you upload as references or for embedding into QR codes
• The generated QR code outputs

How we process this data:

• Your prompts and images are sent to third-party AI providers (Anthropic, OpenAI, and Replicate) to generate the artistic QR code designs
• The generated outputs are stored on our servers and associated with your account
• We retain this data to provide you access to your previously generated designs

What we do NOT do:

• We do not use your prompts, uploaded images, or generated outputs to train any AI models
• We do not share your AI-generated content with other users unless you explicitly choose to make it public
• We do not sell your AI-generated content to third parties

Third-party AI provider policies:

• Anthropic: https://www.anthropic.com/privacy
• OpenAI: https://openai.com/policies/privacy-policy
• Replicate: https://replicate.com/privacy

Please note that these third-party providers have their own privacy policies governing how they process data sent through their APIs. We have contractual agreements in place to ensure they do not use your data for model training.

6. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. We use the following types of cookies and tracking technologies:

Essential Cookies: These cookies are necessary for the website to function properly and cannot be switched off. They include session cookies, authentication tokens, and language preference cookies.

Analytics and Performance: We use Microsoft Clarity to understand how users interact with our Services through behavioral analytics, heatmaps, and session replays. Clarity collects data such as mouse movements, clicks, and scrolling behavior to help us improve usability. This data is anonymized and does not identify individual users. You can learn more about Clarity's data practices at https://clarity.microsoft.com/terms.

How to manage cookies: Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services.

7. HOW DO WE HANDLE YOUR SOCIAL LOGINS?

In Short: If you choose to register or log in to our Services using a social media account, we may have access to certain information about you.

Our Services offer you the ability to register and log in using your third-party social media account details (like your Facebook or Twitter logins). Where you choose to do this, we will receive certain profile information about you from your social media provider. The profile information we receive may vary depending on the social media provider concerned, but will often include your name, email address, friends list, and profile picture, as well as other information you choose to make public on such a social media platform.

We will use the information we receive only for the purposes that are described in this privacy notice or that are otherwise made clear to you on the relevant Services. Please note that we do not control, and are not responsible for, other uses of your personal information by your third-party social media provider. We recommend that you review their privacy notice to understand how they collect, use, and share your personal information, and how you can set your privacy preferences on their sites and apps.

8. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this privacy notice unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements).

Specific retention periods:

Data Type	Retention Period
Active account data	For the duration of your account
After account deletion request	Deleted within 30 days
Backup archives	Purged within 6 months of deletion
QR code designs and AI outputs	For the duration of your account
Payment transaction records	As required by tax law (typically 7-10 years)
Server logs	90 days
Analytics data	26 months (anonymized)

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

9. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. These measures include:

• Encryption of data in transit (TLS/HTTPS) and at rest
• Access controls and authentication for internal systems
• Regular security assessments and monitoring
• Infrastructure hosted with ISO 27001 certified providers (Scaleway, DigitalOcean)
• DDoS protection and web application firewall via Cloudflare

However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

10. INTERNATIONAL DATA TRANSFERS

In Short: Your data is primarily stored in the European Union, but some data may be transferred to service providers in other countries under appropriate safeguards.

Our primary servers are located in:

• France (EU) via Scaleway
• Netherlands (EU) via DigitalOcean

However, some of our third-party service providers are located in the United States, including Cloudflare, AWS, Anthropic, OpenAI, Replicate, Google (Firebase), Microsoft (Clarity), and Rewardful. When we transfer data to these providers, we ensure appropriate safeguards are in place, including:

• EU-US Data Privacy Framework: Where applicable, we rely on the EU-US Data Privacy Framework for transfers to US-based providers that are certified under the framework.
• Standard Contractual Clauses (SCCs): We use European Commission-approved Standard Contractual Clauses as a legal mechanism for data transfers where the Data Privacy Framework does not apply.
• Contractual obligations: All our service providers are bound by data processing agreements that require them to protect your data in accordance with this privacy notice and applicable data protection laws.

For more information about the specific safeguards in place for each provider, please refer to our Subprocessors page.

11. DO WE COLLECT INFORMATION FROM MINORS?

In Short: We do not knowingly collect data from or market to children under 18 years of age.

We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent's use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at [email protected].

12. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: Depending on your location, you may have rights including access, correction, deletion, and portability of your personal information.

European Economic Area (EEA), United Kingdom (UK), and Switzerland

If you are located in the EEA, UK, or Switzerland, you have certain rights under applicable data protection laws. These include:

• Right of access: You can request a copy of the personal information we hold about you.
• Right to rectification: You can request that we correct inaccurate or incomplete personal information.
• Right to erasure: You can request that we delete your personal information, subject to certain exceptions.
• Right to restrict processing: You can request that we limit how we use your personal information.
• Right to data portability: You can request a copy of your data in a structured, commonly used, and machine-readable format.
• Right to object: You can object to our processing of your personal information based on legitimate interests.
• Right to withdraw consent: If we rely on your consent, you can withdraw it at any time.

To exercise these rights, please contact us at [email protected]. We will respond within 30 days.

If you believe we are unlawfully processing your personal information, you have the right to complain to your local data protection authority:

• EU: Your Member State data protection authority
• UK: The Information Commissioner's Office (ICO)
• Switzerland: The Federal Data Protection and Information Commissioner (FDPIC)
• France: Commission Nationale de l'Informatique et des Libertes (CNIL)

California (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you the following rights:

• Right to know: You can request information about what personal information we have collected, used, disclosed, and sold about you in the past 12 months.
• Right to delete: You can request that we delete the personal information we have collected from you, subject to certain exceptions.
• Right to correct: You can request that we correct inaccurate personal information we maintain about you.
• Right to opt out of sale/sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
• Right to limit use of sensitive information: We do not use or disclose sensitive personal information for purposes other than those permitted by the CCPA.
• Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise your rights, please contact us at [email protected]. We will verify your identity before processing your request and respond within 45 days.

Canada

If you are located in Canada, you may have the right to request access to and correction of your personal information, or to withdraw your consent to our processing of your information. To exercise these rights, contact us at [email protected].

Opting out of marketing communications

You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, or by contacting us at [email protected]. You will then be removed from the marketing lists. However, we may still communicate with you, for example, to send you service-related messages that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.

Account Information

If you would at any time like to review or change the information in your account or terminate your account, you can contact us at [email protected]. Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases within 30 days. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements. Backup data is purged within 6 months.

Cookies and similar technologies

Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services.

If you have questions or comments about your privacy rights, you may email us at [email protected].

13. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.

14. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this privacy notice from time to time. The updated version will be indicated by an updated "Last updated" date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

15. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may email us at [email protected] or contact us by post at:

Supernovae 27 Rue Wurtz Juvisy-sur-Orge, Ile-de-France 91260 France

16. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

You have the right to request access to the personal information we collect from you, change that information, or delete it. To request to review, update, or delete your personal information, please email us at [email protected]. We will respond to your request within 30 days.