Privacy Policy
No accounts, no cookies, no tracking. QRCGen is built to generate QR codes, not collect data.
Last updated: February 19, 2026
This policy covers the QRCGen browser extension, the qrcgen.com website, and the QR code generation API at qr.qrcgen.com.
Core Principle
QRCGen is a utility. We generate QR codes and get out of the way. We don’t need your data to do that, so we don’t collect it.
What We Don’t Collect
- No accounts or registration — no email, no password, no user profiles
- No cookies — zero cookies set by the website, API, or extension
- No analytics or tracking — no Google Analytics, no pixels, no fingerprinting
- No telemetry — the extension doesn’t phone home or report usage statistics
- No ads — no advertising networks, no ad-related tracking
Browser Extension
The QRCGen extension requests the following browser permissions:
- sidePanel — to open the QR generator in a side panel
- activeTab — to read the current tab’s URL when you click the extension icon, so it can pre-fill the QR data field
- tabs — to detect tab changes and update the URL automatically
- storage — to save your preferences (theme, last used settings) locally in your browser
- host_permissions (qr.qrcgen.com) — to call the QR generation API
All extension data stays in your browser. Nothing is sent to us except the QR generation request to the API (see below).
QR Generation API
When you generate a QR code, the extension or website sends a request to qr.qrcgen.com with the following parameters:
- The text or URL to encode (
data) - Size preset, error correction level, and quiet zone (
p,ecc,q)
The API:
- Uses the input only to generate the SVG and compute a cache key
- Does not log the
dataparameter or store it beyond the request lifecycle - Returns a SHA-256 hash in canonical URLs — one-way, the original data cannot be recovered from the hash
- Does not log IP addresses, user agents, or any request metadata for analytics
Website (qrcgen.com)
- No cookies are set
- No JavaScript analytics or tracking scripts are loaded
- Theme preference (dark/light) is stored in
localStorageonly — it never leaves your browser - The site is served via Cloudflare Workers; Cloudflare may process request metadata (IP, headers) per their privacy policy
Edge Caching
Generated QR codes are cached on Cloudflare’s global edge network for performance:
- Canonical URLs (
/qr/<preset>/<hash>.svg) — cached for 1 year. The hash is derived from parameters only, not from user identity. - Inline URLs (
/qr.inline?...) — cached for 24 hours by full URL.
Cache keys are deterministic: the same input always produces the same cached result. There is no per-user or per-session caching.
Third-Party Services
- Cloudflare Workers & CDN — hosts the website and API. Cloudflare processes request metadata per their own privacy policy. We do not use Cloudflare Analytics or any Cloudflare tracking features.
No other third-party services are used. No data is shared with or sold to third parties.
Children’s Privacy
QRCGen does not knowingly collect any personal information from anyone, including children under 13. Since we collect no data at all, there is nothing to manage or delete.
Changes to This Policy
If we change this policy, we will update the “Last updated” date above. Since we have no user accounts or email addresses, we cannot send notifications — please check this page periodically.
Contact
Questions about this privacy policy? Reach us at support@qrcgen.com or open an issue on GitHub.