Privacy policy
Last updated: 7 July 2026 · Loxima Limited, trading as bulkqr.com ("we", "us")
What we collect
- Account data — your email address and a salted hash of your password (we never store the password itself), plus your organisation name and membership.
- Job data — for signed-in jobs, the content you submit for QR generation and the generated images. Both are stored for 90 days, then deleted automatically. Anonymous batches are generated entirely in your browser: their content never reaches our servers and nothing is stored.
- IP address — used for rate limiting and abuse prevention (e.g. the anonymous monthly quota), retained only in that context.
- Payment data — payments are processed by Stripe; we never see or store card details. We keep a reference to the checkout session and the credit amounts in our ledger.
What we don't do
- No advertising, no analytics trackers, no sale or sharing of personal data.
- The only cookie we set is a session cookie to keep you signed in.
Who processes data for us
- Cloudflare — hosting, storage, and bot protection (Turnstile) for the whole service.
- Stripe — payment processing.
- Resend — transactional email (verification, password resets, job delivery).
Your rights
You can delete your account (and its data) yourself from the account page at any time. Under UK/EU data protection law you also have the right to access, correct, export, or erase your personal data — email admin@bulkqr.com and we'll act within 30 days.
Changes
If this policy changes materially we'll note the new date above and, for account holders, email you.