Draft — pending review by a qualified legal professional
Drafted 2026-07-11. This document is written to accurately reflect how the site currently works, but it has not been reviewed by a lawyer and has no legal effect until the site owner has it reviewed and formally publishes it through the admin CMS.

This policy explains how QReasyUse ("this site", "we") collects, uses, and protects information when you use https://qreasyuse.com. It is written around two core principles: Privacy by Design and Data Minimization.

1. Your QR data is never stored — this is the core of this policy

Every QR type on this site — website links, Wi-Fi names and passwords, contact details (vCard), phone numbers, email subjects and bodies, free-text content, and uploaded logo files — is generated entirely inside your own browser (client-side).

What actually happens, technically: - Whatever you type is processed by JavaScript running only on your device. - The QR image is drawn on a Canvas/SVG in your browser — there is no API call to "generate" a QR code on a server. - Uploaded logo files are read as a local Data URL; nothing is uploaded anywhere. - When you click download, the PNG/SVG file is created and handed to your browser directly — it never passes through our servers. - Close the tab or refresh the page, and whatever you typed is gone instantly, because it was never stored anywhere to begin with.

We therefore have no database table for QR payloads, user-entered URLs, Wi-Fi passwords, contact details, free text, or uploaded logos — not because we "chose" not to store them, but because the system's architecture gives this data no path to ever reach us.

2. The minimal data we actually collect

For the site to function, we store the following minimum data via necessary cookies (see the Cookie Policy for full details):

  • Your language choice (the qre_locale cookie) — remembers your Thai/English preference.
  • Your cookie consent choices (the qre_consent cookie) — remembers which cookie categories you allowed.

For administrators only — not regular visitors — the system also stores: - A session cookie for authentication via Supabase Auth. - An audit log of significant admin actions (e.g. logging in, publishing an article) for security and accountability.

3. Infrastructure-level logs

For transparency: our infrastructure providers — Vercel (hosting) and Supabase (backend database) — may retain standard network-level logs (such as IP address, user agent, and access time) under their own respective privacy policies, for security and abuse-prevention purposes. This is standard practice for hosting providers and sits outside the direct control of this site's application code. These logs are not the QR data you type in, and we do not pull them to identify or profile individual users.

4. Legal basis for processing

Under Thailand's Personal Data Protection Act B.E. 2562 (PDPA), we process data on the following bases: - Necessary cookies — legitimate interest, to provide the functionality you have requested. - Anonymous aggregate usage statistics — we count page views and feature usage (e.g. how many QR codes are generated per day) using a method that involves no cookies, no IP storage, and no identifiers of any kind. These are daily totals that cannot be linked back to any individual and therefore do not constitute personal data (legitimate interest). - Analytics / advertising / personalization cookies — where any cookie-based tool is used, consent only, and always off by default.

5. Third-party services

ServicePurposeData involved
Supabase (Singapore region)Article database, admin authenticationNo end-user QR data
VercelWebsite hosting + cookieless visitor statistics (Web Analytics)Standard infrastructure logs; visitor stats are anonymous aggregates
Google AdSenseAdvertising (off by default)Only active when enabled and you consent to advertising cookies
Shopee AffiliateProduct recommendation links (off by default)Only the outbound click; no personal data is shared

6. Data retention

  • Language and consent cookies: up to 1 year, or until you clear cookies / withdraw consent.
  • Admin audit logs: retained for security and accountability.
  • User-submitted QR data: never stored, so there is no retention period.

7. Your rights under the PDPA

You have the right to: - Access and request a copy of personal data we hold about you. - Request correction of inaccurate data. - Request deletion or destruction of data. - Withdraw consent at any time via "Cookie Settings" in the footer. - Lodge a complaint with Thailand's Personal Data Protection Committee (PDPC) if you believe your rights have been violated.

Because we never collect your QR-generator data in the first place, most requests related to generator usage will have no data to act on. For requests about cookies or an admin account, please use the contact details below.

8. Security measures

We apply several technical layers: enforced HTTPS/HSTS, a Content-Security-Policy, Row Level Security on every database table, optional multi-factor authentication (MFA) for administrators, and Secure/SameSite cookies. The system is designed around Privacy by Design and data minimization, but no system is 100% secure, and we do not claim to be risk-free.

9. Children's privacy

This site is not specifically directed at children and performs no age verification. Because the QR generator collects no data from any user regardless of age, the privacy exposure for minors is limited to the same necessary cookies as any other visitor.

10. A security note for users

Static QR codes permanently embed data in the image itself; anyone who scans one can read it instantly. Please do not put personal passwords, access tokens, national ID numbers, or other secrets into a QR code you plan to display or print publicly.

11. Changes to this policy

We may update this policy from time to time to reflect changes to the site or applicable law. The latest version will always appear on this page along with its update date.

12. Contact us

For questions about this policy or to exercise your rights:

[legal entity / site owner name — to be confirmed]

A contact email is being set up — see the latest details on the Contact page

QReasyUse is designed around the principles of Privacy by Design and data minimization.