Privacy

Static QR codes

All static QR generation runs in your browser. The text, URL, Wi-Fi credentials, vCard, etc. you enter are encoded into a QR locally. We do not log, store, or transmit your input.

Dynamic QR codes

Dynamic QR codes redirect through Wrasse, so we record the slug you create and the destination URL you set. When someone scans your code, we increment a private scan counter and write a privacy-bounded analytics event (slug, country code from CDN headers, device class). We never log raw IP addresses or user-agent strings.

Account data

If you sign in (magic link or Google), we store your email address and an optional display name. We use a single-purpose session cookie (httpOnly, Secure, SameSite=Lax). You can sign out at any time, and the session row is deleted from our database.

Analytics

Scan analytics are aggregated only — slug, country, device class. We do not run third-party analytics scripts (Google Analytics, Plausible, etc.) on the public surface. Workers Analytics Engine writes are server-side only, and we never set tracking cookies.

Cookies

We use first-party cookies only: wrasse_owner_id (anonymous QR ownership), wrasse_session (sign-in), wrasse_locale (language preference), and wrasse_oauth_state (10-minute OAuth round-trip). All are httpOnly and Secure.

Third parties

We rely on Cloudflare (hosting, edge cache, D1 database), Resend (sign-in emails), and Google (OAuth sign-in only). When you sign in with Google, Google sees your IP and user-agent — that's a Google policy outside our control. Stripe will be added when paid plans launch.

Retention

Sessions expire after 30 days. Magic-link tokens expire after 15 minutes. Dynamic QR rows live until you delete them. Abuse reports are kept for 12 months for audit purposes.

Your rights

You can request export or deletion of your account data at any time by emailing the address below. We'll respond within 30 days.

Contact

[email protected]