Data Processing Addendum
Last updated: 2 June 2026. This page summarizes the data processing terms for qr-ify.ai. A signed DPA is available for paid business customers by contacting support@qr-ify.ai.
Roles
Radom UG acts as processor for customer-controlled QR campaigns where personal data is processed on behalf of a customer. Customers act as controller for their campaign content, QR destinations, uploaded or entered payloads, and end-user scan data. Radom UG acts as controller for account administration, billing, security, legal compliance, and direct support communications.
Processing scope
Processing is limited to hosting, authentication, billing support, QR generation, editable redirects, scan analytics, AI QR Art, AI landing page and insight generation, transactional email, API access, security, and customer support.
Categories of personal data may include account email, name, password hash, subscription metadata, QR destinations, QR payloads, AI prompts, reference image URLs, generated images or text, API key metadata, support messages, and minimized scan analytics such as scan time, country, device class, and referrer hostname.
Categories of data subjects may include customer administrators, team members, people whose contact details are encoded in customer QR content, scan end users, and support correspondents.
Subprocessors
We use each subprocessor only as needed to provide qr-ify.ai. International transfers are handled through the relevant provider data-processing terms, standard contractual clauses, adequacy decisions, or equivalent safeguards where applicable.
| Provider | Purpose | Data categories |
|---|---|---|
| Hetzner | Hosting, database, storage, network infrastructure | Account, QR, scan analytics, generated asset, and operational data |
| Stripe | Checkout, subscriptions, invoices, VAT/tax, metered AI overage | Billing contact, payment, tax, subscription, and transaction metadata |
| Microsoft Azure OpenAI | AI landing pages and weekly scan insight summaries | AI prompts, aggregate scan summaries, generated text |
| Fal.ai | AI QR Art image generation | AI prompts, palette instructions, reference image URLs, generated images |
| Transactional email provider via SMTP | Password reset, account, support, and weekly insight emails | Recipient email address, email body, delivery metadata |
| Umami | Privacy-friendly analytics when enabled and consented | Pageview and event analytics without advertising profiles |
| Sentry | Error monitoring when enabled | Error traces, request metadata, browser and runtime diagnostics |
Security and assistance
We use access controls, hashed secrets where applicable, TLS for transport, provider DPAs where available, and operational backups to protect customer data. We assist customers with data subject requests, deletion, export, and security questions to the extent the request relates to data processed through qr-ify.ai.