Cookie Policy

Last updated: 2026-05-11

This Cookie Policy explains what cookies and similar tracking technologies QR Code Agency uses, why, and how you can control them. We default to cookieless analytics and never share your browsing data with advertisers.

1. The three categories

Our cookie banner lets you opt in or out of three independent categories. Necessary is always on; the other two require your explicit consent.

Necessary

Required for the site to function. Cannot be disabled because turning them off breaks login, the dashboard, or payment.

  • JWT access + refresh tokens (localStorage): keep you signed into the dashboard. Cleared on logout.
  • next-intl locale: remembers your language preference (EN/FR).
  • Stripe Checkout session cookies: set by Stripe during payment to prevent fraud and complete the transaction. Stripe is the data controller here - see their cookie policy.
  • CSRF tokens: prevent cross-site request forgery on forms. Session-scoped, never linked to your identity.

Analytics

We use Plausible - a cookieless, privacy-respecting analytics tool. Plausible counts pageviews and outbound link clicks without dropping any cookies, without fingerprinting you, and without collecting personal data. Page counts roll up to country-level only.

Even though Plausible doesn't use cookies, we still gate it behind your consent because Quebec's Law 25 treats any analytics collection as personal data processing.

Marketing

Currently we run zero marketing trackers. No Google Ads, no Facebook Pixel, no LinkedIn Insight, no retargeting. If we ever add one, we will bump the consent version so your saved preference is re-prompted - your prior "no marketing" answer carries forward by default.

2. How to change your choice

Click "Cookie preferences" in the site footer at any time to re-open the consent modal. Your previous choice is pre-loaded so you can toggle one category without re-doing the rest.

You can also clear the consent by removing the qrs_cookie_consent key from your browser's localStorage. The banner will reappear on your next visit.

3. What happens if you reject all

The site works normally - the dashboard, API generation, and billing pages don't depend on analytics or marketing. We simply don't track your pageviews. Necessary cookies still set (otherwise you can't sign in).

4. Server-side error monitoring (Sentry)

We use Sentry to capture server-side errors so we can fix bugs. Sentry runs server-side only in our default configuration - it does not set browser cookies or track users. Stack traces include the requesting URL but not your identity unless an error explicitly mentions your account.

5. Changes to this policy

We bump the consent version when we add a new tracker category. Your preferences will be reset and the banner will re-appear. Minor wording fixes update the "Last updated" date above without re-prompting.

Questions: privacy@qrstudio.agency.

A question?

privacy@qrstudio.agency