Privacy Policy
Last updated: March 22, 2026
1. Introduction
VQ Codes ("we", "our", "us") operates the VQ Codes API and website at vqcodes.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.
2. Information we collect
Account information
When you create an account, we collect:
- Email address
- Password (stored encrypted via bcrypt)
- OAuth profile data (name, email, avatar URL) if you sign in with Google, GitHub, or LinkedIn
Payment information
Payment processing is handled entirely by Stripe. We do not store your credit card number, CVC, or full card details on our servers. We retain only your Stripe customer ID and subscription status to manage your plan.
API usage data
When you use the VQ Codes API, we log:
- API token identifiers (JTI)
- Timestamps of API requests
- Request endpoints and response status codes
We do not log request bodies or the content of API responses.
Automatically collected data
When you visit our website, we may collect:
- IP address
- Browser type and version
- Pages visited and time spent
- Referring URL
3. How we use your information
We use the information we collect to:
- Provide, maintain, and improve the VQ Codes service
- Process payments and manage subscriptions
- Authenticate your identity and authorize API access
- Send transactional emails (password resets, billing receipts)
- Monitor and prevent abuse of the API
- Comply with legal obligations
We do not sell your personal data to third parties. We do not send marketing emails unless you opt in.
4. Third-party services
We share data with the following third-party services, only as necessary to operate VQ Codes:
| Service | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing | Email, payment method |
| Google OAuth | Authentication | Email, name, avatar |
| GitHub OAuth | Authentication | Email, name, avatar |
| LinkedIn OAuth | Authentication | Email, name, avatar |
| Hetzner | Infrastructure hosting | All data at rest |
5. Data retention
We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where we are required by law to retain it (e.g., billing records for tax purposes).
API usage logs are retained for 90 days and then automatically purged.
6. Data security
We protect your data with the following measures:
- All traffic is encrypted in transit via TLS (HTTPS)
- Passwords are hashed using bcrypt
- API tokens use RS256-signed JWTs with revocation support
- Database access is restricted to application services only
- Infrastructure is hosted in the EU (Hetzner, Germany)
7. Your rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Delete your account and associated data
- Export your data in a portable format
- Object to processing of your data
To exercise any of these rights, contact us at privacy@vqcodes.com.
8. Cookies
We use only essential cookies required for authentication and session management. We do not use tracking cookies, analytics cookies, or advertising cookies.
9. Children's privacy
VQ Codes is not intended for use by individuals under the age of 18. We do not knowingly collect data from minors.
10. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on our website or sending you an email. Your continued use of VQ Codes after changes are posted constitutes acceptance of the updated policy.
11. Contact
If you have questions about this Privacy Policy, contact us at:
privacy@vqcodes.com