Cookie Policy
How GetQRFree uses cookies and similar technologies to provide our QR code services
2026/05/27
Introduction
This Cookie Policy explains how GetQRFree ("we," "us," or "our") uses cookies and similar technologies when you visit our website and use our QR code generation and management services. This policy should be read together with our Privacy Policy.
GetQRFree offers two types of services with different cookie implications:
- Free Static QR Code Generator: Cookies for security, preferences, and limited website analytics
- Paid Dynamic QR Code Service: Additional cookies for authentication, payments, preferences, and product analytics
What Are Cookies
Cookies are small text files placed on your device when you visit a website. They serve various purposes including:
- Remembering your preferences (language, theme)
- Keeping you logged in (authentication)
- Processing payments securely (payment providers)
- Measuring website and product usage (analytics)
- Protecting against fraud and abuse (security)
Similar technologies include local storage, session storage, and pixel tags.
Cookie Categories We Use
1. Strictly Necessary Cookies
These cookies are essential for the website to function. You cannot opt out of these cookies as they are required for basic functionality.
| Cookie Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
session_token | GetQRFree | User authentication session | Session | First-party |
csrf_token | GetQRFree | Cross-site request forgery protection | Session | First-party |
__cf_bm | Cloudflare | Bot management and security | 30 minutes | Third-party |
cf_clearance | Cloudflare | Security challenge verification | 30 minutes | Third-party |
__Host-authjs.csrf-token | GetQRFree | Authentication CSRF protection | Session | First-party |
__Secure-authjs.session-token | GetQRFree | Secure session management | 30 days | First-party |
2. Functional Cookies
These cookies enable enhanced functionality and personalization. Disabling them may affect your experience.
| Cookie Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
theme | GetQRFree | Remembers dark/light mode preference | 1 year | First-party |
locale | GetQRFree | Saves your language preference (en/zh) | 1 year | First-party |
view_mode | GetQRFree | Remembers QR list view preference | 1 year | First-party |
sidebar_collapsed | GetQRFree | Dashboard sidebar state | 1 year | First-party |
3. Analytics Cookies
These cookies help us understand website and product usage so we can improve the Service. They are not required for core QR generation functionality.
| Cookie Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
_ga | Google Analytics | Distinguishes users and sessions for website and product analytics | Up to 2 years | First-party |
_ga_* | Google Analytics | Maintains Google Analytics session and property state | Up to 2 years | First-party |
We use Google Analytics events to measure page views, sign up, login, QR creation, QR downloads, link copying, analytics views, media actions, custom domain actions, checkout, purchase, subscription changes, settings updates, and marketing form submissions. We do not currently enable GA4 User-ID and do not intentionally send email addresses, phone numbers, QR contents, target URLs, WiFi passwords, file names, raw domain names, or Stripe customer/subscription IDs as analytics event parameters.
4. Authentication Cookies (Paid Service Only)
When you log in to use our paid dynamic QR code service, we use authentication cookies from our identity provider.
| Cookie Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
| Google OAuth cookies | Single sign-on authentication | Varies | Third-party | |
__Secure-authjs.callback-url | GetQRFree | OAuth callback handling | Session | First-party |
Note: Google OAuth cookies are governed by Google's Privacy Policy. We only receive basic profile information (name, email, avatar) for account creation.
5. Payment Cookies (Paid Service Only)
When you make payments, our payment processor Stripe uses cookies for secure transaction processing and fraud prevention.
| Cookie Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
__stripe_mid | Stripe | Device identification for fraud prevention | 1 year | Third-party |
__stripe_sid | Stripe | Session tracking for payment flow | 30 minutes | Third-party |
stripe.csrf | Stripe | Payment form CSRF protection | Session | Third-party |
Note: Stripe cookies are governed by Stripe's Privacy Policy. We do not store your complete credit card information.
6. Security Cookies
These cookies help protect against malicious activity and ensure the security of our services.
| Cookie Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
cf_chl_* | Cloudflare | DDoS protection challenge tokens | Varies | Third-party |
| Turnstile tokens | Cloudflare | CAPTCHA verification | Session | Third-party |
Cookies by Service Type
Free Static QR Code Service
When using our free static QR code generator without logging in, we use only:
| Category | Cookies Used |
|---|---|
| Strictly Necessary | Cloudflare security cookies |
| Functional | Theme, language preferences (optional) |
| Analytics | Google Analytics cookies, if analytics is enabled |
| Authentication | None |
| Payment | None |
Your QR code content is processed entirely in your browser and is never stored on our servers or associated with any cookies.
Paid Dynamic QR Code Service
When you create an account and use our paid services, we use:
| Category | Cookies Used |
|---|---|
| Strictly Necessary | All security and session cookies |
| Functional | All preference cookies |
| Analytics | Google Analytics cookies |
| Authentication | Session tokens, Google OAuth cookies |
| Payment | Stripe cookies (during checkout) |
Third-Party Cookies
We use the following third-party services that may set cookies:
| Service | Purpose | Cookie Policy |
|---|---|---|
| OAuth authentication | Google Privacy Policy | |
| Google Analytics | Website and product analytics | Google Privacy Policy |
| Stripe | Payment processing | Stripe Cookie Policy |
| Cloudflare | Security, CDN, DNS | Cloudflare Cookie Policy |
We do not use:
- Advertising or retargeting cookies
- Social media tracking pixels
- Analytics cookies for sending account User-ID values, QR contents, target URLs, payment identifiers, or personal contact details
Local Storage and Session Storage
In addition to cookies, we use browser storage technologies:
| Technology | Purpose | Data Stored |
|---|---|---|
| Local Storage | Persistent preferences | Theme, locale, view settings |
| Session Storage | Temporary session data | QR creation wizard state, form data |
This data remains on your device and is not transmitted to our servers unless necessary for service functionality.
Your Choices
Browser Settings
Most web browsers allow you to control cookies through settings:
- View cookies: See what cookies are stored
- Delete cookies: Remove all or specific cookies
- Block cookies: Prevent new cookies from being set
- Allow specific cookies: Whitelist certain domains
Common browser cookie settings:
Impact of Blocking Cookies
| If You Block | Impact |
|---|---|
| All cookies | Cannot log in to paid services; preferences not saved; security features may not work |
| Third-party cookies | Cannot log in via Google OAuth; payment processing may fail |
| Analytics cookies | Core QR functionality works; our usage and conversion reports may be less complete |
| Functional cookies only | Core functionality works; preferences reset each visit |
Cookie Consent
For users in the EU/EEA/UK: We display a cookie consent banner on your first visit. You can:
- Accept all cookies
- Reject non-essential cookies
- Customize your preferences
You can change your cookie preferences at any time by:
- Clearing your browser cookies and revisiting the site
- Contacting us at privacy@getqrfree.com
For users elsewhere: By continuing to use our website, you consent to our use of cookies as described in this policy.
Do Not Track
Some browsers have a "Do Not Track" (DNT) feature. We currently do not respond to DNT signals because:
- There is no industry standard for DNT implementation
- We do not engage in cross-site tracking
- Our essential cookies are required for service functionality
Updates to This Policy
We may update this Cookie Policy to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes:
- We will update the "Last Updated" date at the bottom of this policy
- We will notify logged-in users via email for significant changes
- We may display a notice on our website
We encourage you to review this policy periodically.
Contact Us
If you have questions about our use of cookies or this policy:
Email: privacy@getqrfree.com
For EU/UK Users: You may also contact your local data protection authority if you have concerns about our cookie practices.
Summary
| Aspect | Free Service | Paid Service |
|---|---|---|
| Strictly Necessary Cookies | Cloudflare security | All security + session |
| Functional Cookies | Optional (theme, language) | Full preference storage |
| Analytics Cookies | Google Analytics | Google Analytics |
| Authentication Cookies | None | Google OAuth + session tokens |
| Payment Cookies | None | Stripe (during checkout) |
| Third-Party Services | Cloudflare, Google Analytics | Cloudflare, Google Analytics, Google OAuth, Stripe |
| Cookie Control | Browser settings | Browser settings + consent banner |
Last Updated: May 27, 2026
Previous Version: November 15, 2025