QR Code Reader - Privacy Policy

Last Updated: January 23, 2025

1. Introduction

As the QR Code Reader application ("Application", "we"), we take our users' privacy seriously. This Privacy Policy has been prepared in accordance with the European Union General Data Protection Regulation (GDPR) and relevant data protection laws. By using our application, you accept the data processing practices described in this policy.

2. Data Controller

Developer: Fatma Zehra ASLANTAŞ
Email: fatmazehraaslantas@gmail.com

3. Data We Collect

3.1 Automatically Collected Data

Device Information: Device model, operating system version, unique device identifiers
Usage Data: Application feature usage, app launch count, feature usage metrics
Crash Reports: Technical error information in case of application crashes
Advertising Identifiers: Google Advertising ID (GAID) or Apple IDFA
SKAdNetwork Data: iOS advertising attribution data for 47 different ad networks

3.2 User-Provided Data

Scanned Codes: QR code content, code type (QR, Barcode, EAN-13, etc.), category (Contact, Website, Email, Phone, WiFi, etc.), scan date and time, thumbnail data
Folders: Folder names and colors you create to organize codes
Notes and Tags: Notes and tags you add to codes
Event Notifications: Notification preferences for QR codes containing calendar events
Application Preferences: Sound effects, vibration, dark mode, export format preferences

3.3 Data Collected Through Third-Party Services

Google AdMob: Display and interaction data for banner, interstitial, rewarded, and app open ads
Google Analytics: Anonymized usage statistics, feature usage metrics
Google User Messaging Platform (UMP): GDPR consent status and preferences

4. Data Processing Purposes and Legal Bases

4.1 Service Provision (GDPR Article 6(1)(b) - Performance of Contract)

Providing QR code reading and creation features
Maintaining application functionality
Storing user preferences

4.2 Application Development (GDPR Article 6(1)(f) - Legitimate Interest)

Improving application performance
Detecting and fixing errors
Enhancing user experience

4.3 Advertising Display (GDPR Article 6(1)(a) - Consent)

Showing personalized ads (Banner, interstitial, rewarded, app open ads)
Measuring advertising performance
Controlling ad frequency
Rewarded ad display for export/import features

4.4 Legal Obligations (GDPR Article 6(1)(c))

Responding to legal requests
Enforcing our terms of service

5. Data Retention Periods

Scanned QR Codes: On your device until you delete them (UserDefaults and Core Data)
Application Preferences: On your device until the app is deleted
Folders and Notes: On your device until you delete them
Analytics Data: 14 months
Advertising Data: According to Google AdMob policies (typically 18 months)
Crash Reports: 90 days
Temporary Data: Session-based (deleted when app is closed)

6. Data Sharing

We only share your data in the following circumstances:

6.1 Service Providers

Google AdMob: For advertising display
Google Analytics: For usage analysis

6.2 Legal Requirements

Court orders
Legal investigations
Public safety requirements

6.3 Business Transfers

In case of merger, acquisition, or asset sale

7. Data Security

We take the following measures to protect your data:

Sensitive data is encrypted and stored on your device
Network communications are encrypted with SSL/TLS
Regular security updates are performed
Minimum data collection principle is applied

8. Camera and Photo Library Access

8.1 Camera Access

Required for QR code scanning
Real-time processing is performed, images are not stored
Used for flashlight control

8.2 Photo Library Access

For scanning QR codes from saved images
For saving generated QR codes
Accessed only with user permission

9. User Rights (Under GDPR)

9.1 Right of Access (Article 15)

You can request access to the data we have collected about you.

9.2 Right to Rectification (Article 16)

You can request correction of incorrect or incomplete data.

9.3 Right to Erasure - "Right to be Forgotten" (Article 17)

You can request deletion of your data under certain conditions.

9.4 Right to Restrict Processing (Article 18)

You can request restriction of the processing of your data.

9.5 Right to Data Portability (Article 20)

You have the right to receive your data in a structured, commonly used, and machine-readable format.

9.6 Right to Object (Article 21)

You can object to data processing activities based on our legitimate interests.

9.7 Automated Decision Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing.

10. Consent Management

10.1 Advertising Consent

We ask for your advertising preferences when you first open the app
You can change your consent at any time from Settings > Privacy
You can disable personalized ads

10.2 Analytics Consent

You can disable the collection of anonymous usage data
This does not affect application performance

11. Notifications

11.1 Monthly Reminders

Automatic reminders to use the app
Can be disabled from settings

11.2 Event Notifications

For QR codes containing calendar events:

1 day before notification
1 hour before notification
Notification at event time

11.3 Badge Count

Notification count on app icon

12. Children's Privacy

Our application is not intended for children under 13 years of age. We do not knowingly collect data from children under 13. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us.

13. International Data Transfers

Your data may be transferred to countries outside the EU with appropriate safeguards under GDPR Articles 46-49:

For Google services: EU-US Data Privacy Framework
Standard Contractual Clauses (SCC)

14. Data Breach Notification

In case of a data breach:

The relevant supervisory authority is notified within 72 hours
Users are informed in high-risk situations
Breach records are kept and measures are taken

15. Privacy Policy Changes

We may update this policy from time to time. For significant changes:

We send in-app notifications
We may request new consent
We update the change date

16. Contact and Complaints

16.1 Contact Us

For privacy-related questions:
Email: fatmazehraaslantas@gmail.com
Response time: Within 30 days

16.2 Right to Complain to Supervisory Authority

If you are not satisfied with our data processing practices, you have the right to lodge a complaint with your local data protection authority.

For Turkey:
Personal Data Protection Authority (KVKK)
Website: https://www.kvkk.gov.tr

17. Data Protection Officer

[If appointed]
Name: [DPO Name]
Email: [dpo@yourcompany.com]
Phone: [DPO Phone]

18. Technical and Organizational Measures

Data minimization principle
Privacy by design and by default
Regular security audits
Employee training
Access control and authorization
Data encryption (both at rest and in transit)

19. Export/Import Features

Export of all scanned codes in JSON and CSV formats
Access in exchange for watching rewarded ads
Data is processed only on your device
No cloud synchronization

20. Legal Basis Summary

Data Type	Processing Purpose	Legal Basis
Device Information	Application functionality	Performance of contract
Scanned QR Codes	Core service provision	Performance of contract
Usage Data	Application development	Legitimate interest
Advertising Data	Ad display	Consent
Crash Reports	Bug fixing	Legitimate interest
Notification Preferences	Reminder service	Consent

This Privacy Policy has been prepared in accordance with GDPR and relevant data protection laws. Please contact us if you have any questions.