Privacy Policy

Last updated: February 28, 2026

1. Introduction

Welcome to QRLeap. IoTera Oy ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.

2. Controller

IoTera Oy (Business ID: 3454475-1) is the controller and responsible for your personal data.

Contact Details:
IoTera Oy
Tampere, Finland
Email: qrleap@iotera.fi

3. The Data We Collect About You

Personal data, or personal information, means any information about an individual from which that person can be identified. We may collect, use, store and transfer different kinds of personal data about you:

  • Identity Data: first name, last name, username or similar identifier (provided via your authentication provider).
  • Contact Data: email address.
  • Technical Data: IP address (stored as an anonymized hash), browser type and version, device type, operating system, and platform.
  • Usage Data: information about how you use QRLeap, including QR code creation, scan events, and feature usage.
  • Transaction Data: subscription plan, billing status, and payment history (payment card details are handled exclusively by our payment processor and never stored by us).

4. How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Contract performance: to provide you with the QRLeap service, manage your account, process subscriptions, and deliver QR code functionality.
  • Legitimate interests: to improve our service, analyze usage patterns (in aggregate), prevent abuse, and ensure security.
  • Legal obligation: to comply with applicable laws and regulations.

5. Cookies

QRLeap uses the following types of cookies:

  • Essential cookies: Required for authentication and session management. These are set by our authentication provider (Clerk) and are necessary for the service to function. They cannot be disabled.
  • Functional cookies: Used to remember your preferences (e.g., billing toggle state). These do not track you across websites.

We do not use third-party advertising or tracking cookies. We do not use Google Analytics or similar tracking services.

6. Third-Party Service Providers

We use the following third-party services to operate QRLeap. Each processes personal data on our behalf under appropriate data processing agreements:

  • Clerk (Clerk, Inc. — USA) — Authentication and user management. Processes identity and contact data.
  • Lemon Squeezy (Lemon Squeezy LLC — USA) — Payment processing and subscription management. Processes transaction and contact data.
  • Vercel (Vercel, Inc. — USA) — Application hosting and content delivery. Processes technical data (IP addresses, request logs).
  • Neon (Neon, Inc. — USA) — Database hosting. Stores account data, QR code data, and anonymized scan analytics.

7. International Data Transfers

Our third-party service providers are based in the United States. When your personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place in accordance with the EU General Data Protection Regulation (GDPR):

  • Our service providers maintain Standard Contractual Clauses (SCCs) approved by the European Commission, which provide adequate protection for your personal data.
  • Where applicable, our providers also participate in recognized data protection frameworks.

You may request a copy of the relevant safeguards by contacting us at qrleap@iotera.fi.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Account data: retained for as long as your account is active. Upon account deletion, personal data is deleted within 30 days.
  • QR code data: deleted when you delete a QR code or your account.
  • Scan analytics: IP addresses are stored only as anonymized hashes. Scan event data is retained for 12 months for analytics purposes, after which it is aggregated and anonymized.
  • Transaction data: billing records are retained for up to 6 years as required by Finnish accounting law (kirjanpitolaki).

9. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

10. Your Legal Rights

Under the GDPR and Finnish data protection law, you have the following rights regarding your personal data:

  • Right of access: request a copy of the personal data we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete data.
  • Right to erasure: request deletion of your personal data (subject to legal retention requirements).
  • Right to restrict processing: request that we limit how we use your data.
  • Right to data portability: request your data in a structured, machine-readable format.
  • Right to object: object to processing based on legitimate interests.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at qrleap@iotera.fi. We will respond within 30 days.

You also have the right to lodge a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutetun toimisto) at tietosuoja.fi.

11. Third-Party Links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

12. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically. Continued use of QRLeap after changes constitutes acceptance of the revised policy.