SecuQR® · Privacy Policy

A scan is a verification.
Not a tracking event.

This is the privacy policy for SecuQR®: what we collect when a customer scans a SecuQR-protected code, what we don't collect, what brands see, and what they never see. SecuQR validates SecuQR-protected codes only — not every QR code in the world.

SecuQR Privacy v1.0 · Effective at v1.0 launch · Inherits the 5 shared commitments
On a single scan

What happens — line by line — when someone scans a SecuQR.

The customer points their phone camera at a SecuQR-protected QR. In under a second, our backend returns an authentic / not-authentic verdict. Here is exactly what that touches.

What we collect

Only what's needed to verify the code and protect the brand.

  • The SecuQR code identifier being scanned.So we can verify it on the backend.
  • A timestamp.So scan history is correctly ordered.
  • Approximate scan region (country / state).For brand counterfeit-distribution insight.
  • Anonymous scanner fingerprint.To detect re-use, sticker-over, and replay attacks.
  • A verdict response served back to the scanner.Authentic, not authentic, or under review.
What we never collect

The scan stays a scan. Nothing more.

  • Your name, email, or phone number.SecuQR scanning never asks for sign-in.
  • Your precise GPS location.Region only — never an exact coordinate.
  • Your contacts, photos, or device files.None of these are accessed by the verification flow.
  • A persistent identity that follows you across scans.Anonymous, per-context, with limited lifespan.
  • Anything used to build a behavioural or advertising profile.Not for us. Not for the brand. Not for anyone.
Brand visibility

What brands see — and what they never see.

Brands buy SecuQR to protect their products. They see what they need to investigate counterfeits. They never see who you are.

Per-code scan count
How many times each SecuQR has been scanned, and when.So a re-scanned counterfeit attempt becomes obvious.
Brand sees
Region distribution
Country / state-level scan map for each batch or campaign.So counterfeit hotspots can be addressed at source.
Brand sees
Authenticity verdict log
Authentic, not authentic, or anomalous — with timestamps.So fraud reviewers can act on real signals.
Brand sees
Tamper / replay anomalies
Sticker-over, batch reuse, and replay-attack flags.The brand sees the attempt, not the customer behind it.
Brand sees
Scanner identity
No name, no email, no phone, no account.SecuQR doesn't ask for any of these on the customer side.
Brand never sees
Precise location
No GPS coordinates, no street address, no IP-level lookup.Region only — and only when relevant to fraud signal.
Brand never sees
Cross-brand activity
A scanner's history does not follow them across brands.What you scanned for Brand A is invisible to Brand B.
Brand never sees
Behavioural profiles
No customer profile, ad segment, or scoring is ever produced.Not for the brand. Not for any third party.
Brand never sees
The five commitments — applied to SecuQR

How the shared commitments hold inside this product.

Every SecuQR product decision passes through these five filters. If a feature would weaken any of them, we don't ship the feature.

01 · No-collect default

If the verification doesn't need it, SecuQR doesn't collect it. Identity, location, contacts — none are required for a scan.

02 · No ad profiles

SecuQR scan data never enters an ad profile. Not ours. Not the brand's. Not a third party's.

03 · No behavioural profiling

We do not score, rank, or segment scanners. A scan is a verification, not a behavioural signal.

04 · No AI training on scans

SecuQR scan logs are never used to train AI models — ours, our partners', or any third party's.

05 · Brand-scoped, retention-bounded

Brand forensic data stays scoped to that brand and that campaign, with a defined retention window. Beyond it, data is purged.

+ · Live revisions

This policy is versioned. Material changes are dated and announced. Current: v1.0.

Data retention & deletion.

SecuQR keeps brand-forensic data only as long as it serves the protection of that brand's products and customers. Different categories follow different windows:

  • Live verification window — kept for as long as the SecuQR is in active circulation, plus a defined buffer for fraud investigation.
  • Anomaly & tamper logs — retained on a brand-by-brand basis under the brand's own retention policy.
  • Anonymous fingerprints — short-lived, scoped to fraud-detection, and cycled on a rolling basis.
  • Aggregated, de-identified statistics — may be retained without an expiry, because they are not personal.

Brands operating SecuQR can request export, restriction, or deletion of their forensic dataset at any time. End-customers do not have a SecuQR account, because SecuQR does not create one for them.

Who SecuQR shares data with.

SecuQR does not sell data, does not rent data, and does not share user activity with advertisers, ad networks, or data brokers. Ever.

The only parties involved in a SecuQR verification are:

  • The brand whose product the SecuQR protects — they see the visibility surfaces listed above, and nothing else.
  • Our infrastructure providers — for hosting, secure storage, and verification compute, under standard data-processing agreements.
  • Lawful authorities — only when required by valid legal process, and only for the narrow scope demanded.

Cross-brand activity is partitioned at the architectural level. A SecuQR scan for Brand A is never visible to Brand B, even if it's the same scanner.

Your rights.

SecuQR is built so that most user-rights questions never need to be asked — because there is no account, no profile, and no identifying data tied to your scans.

Where data does exist (for example, brand forensic records that touch a region you scanned in), you have:

  • The right to ask what is held about a scan you can demonstrate ownership of.
  • The right to ask for correction of any inaccurate record.
  • The right to ask for deletion, subject to legitimate fraud-investigation retention.
  • The right to contact a real human on the privacy team and receive an answer.

Brand operators of SecuQR have additional contractual rights, set out in the SecuQR Brand Agreement.

Questions about SecuQR privacy?

Write to us. A real person will reply.

Privacy questions, brand-side data requests, regulatory queries, or research — we read every message.

Contact us →