Privacy Policy

This Privacy Policy describes how EzraLink.org ("we", "us") collects, uses, and shares information when you use the EzraLink.org QR code platform, the service hosted at ezralink.org, and any related APIs, dashboards, and hosted pages (together, the "Service").

By using the Service, you agree to the handling of your information as described here. If you do not agree, please do not use the Service.

Account information. When you create an account we collect your name, email address, and password (stored as a one-way hash by our authentication provider).

Organization and team data. We store the organizations you own or belong to, the roles of members, and any invitations you send.

Content you create. QR code destinations, landing-page content, form fields you build, and any assets you upload are stored to deliver the Service to you.

Scan and visit data. When someone scans a QR code or visits a landing page under your account, we record a timestamp, approximate geography derived from the scanner's IP address, device type, browser, referring URL, and the QR code or page they interacted with. This data is attributed to your organization and only visible to its members.

Billing information. If you upgrade to a paid plan, Stripe collects your payment details on our behalf. We never see or store your full card number. Stripe returns us a customer ID and subscription metadata.

Communications. If you contact support we keep the messages you send so we can follow up and improve the Service.

Abuse reports. If you report a link through the public abuse-report form, we keep the report you submitted along with the IP address and user-agent the request was made from, so we can investigate and respond.

Technical telemetry. We collect error reports and performance traces to keep the Service running. These include the URL, a stack trace, and anonymised user-agent data but not the contents of your forms or landing pages.

To provide and operate the Service — serving QR redirects, rendering landing pages, surfacing analytics, sending invite emails, and processing your subscription.

To secure the Service — detecting abuse, rate-limiting suspicious traffic, and keeping audit logs of sensitive actions such as logins and Terms acceptances.

To support you — responding to your questions and following up on issues.

To improve the Service — measuring which features are used so we can prioritise what to build next. Where we use third-party analytics tools, we configure them to minimise personal data collection.

To comply with the law — responding to lawful requests from courts and regulators, and meeting our own legal obligations.

What we will not do with your data. We will not sell scan data, visit data, account data, or any other personal information to third parties. We will not share it with advertisers or use it for cross-site behavioural advertising. We will not use the content of QR destinations, landing pages, forms, scan logs, or any other customer data to train AI or machine-learning models — our own or anyone else's — and we will not provide that data to third-party AI vendors for training. The only purpose of the data we hold is to operate the Service for you and the organization you belong to.

Inside your organization. Members of an organization you belong to can see the QR codes, landing pages, forms, scan analytics, and team roster of that organization. Nothing you create is visible to other organizations or to the public unless you publish it yourself.

Service providers (processors). We share the minimum data needed with the vendors that run our infrastructure: Supabase (database, authentication), Vercel (hosting), Stripe (payments), Resend (transactional email), Sentry (error reporting), and — only when you've granted consent — Google Analytics (product analytics).

Google Safe Browsing. When a QR code or short link is scanned, we check the destination URL against Google Safe Browsing's threat list to block known malware and phishing pages before redirecting. Only the destination URL is sent; no personal data, scanner IP, or account identifier accompanies the check.

AI landing pages. When an organization enables the personalized-landing-page feature on a QR code, we send the scan context (country, language, device type, time of day) and the destination URL — but no personally identifying information — to Anthropic to generate the page. Outputs are cached so we do not call the AI on every scan. Anthropic processes the data under its own published terms and does not use customer inputs or outputs to train its models.

Legal and safety. We may share information when we have a good-faith belief that disclosure is required by law, necessary to protect the rights or safety of any person, or necessary to investigate fraud, abuse, or a security incident.

Business transfers. If EzraLink.org is acquired or merges with another company, your information may be transferred as part of that transaction. We will update this Policy and notify affected users.

Account data is retained while your account is active and for up to 90 days after you delete it, after which it is purged from production systems. Backups that contain deleted data are overwritten on a rolling schedule of up to 35 days.

Scan and visit data is retained for 13 months from the time of the scan so you can run year-over-year comparisons, after which it is automatically deleted.

Support correspondence is retained for 2 years to help us respond to repeat questions.

Audit records of Terms and Privacy Policy acceptances are retained for the life of your account plus 6 years after deletion, as they are evidence of agreements between us and you.

Cookie-consent records (for signed-in users) are pseudonymous and are deleted automatically when your account is deleted.

Depending on where you live, you may have the right to access the personal data we hold about you, correct it if it is wrong, receive a portable copy of it, object to certain processing, or have it deleted. To exercise any of these rights, email privacy@ezralink.org from the address on your account and we will respond within 30 days.

EU and UK residents: the legal bases we rely on are performance of a contract (to run your account), legitimate interests (to secure the Service), consent (for optional analytics), and legal obligation. You have the right to lodge a complaint with your local data protection authority.

California residents: you have additional rights under the CCPA, including the right to know, the right to delete, and the right to opt out of sale. We do not sell personal information.

Strictly necessary cookies. We use first-party cookies that the Service cannot function without: the Supabase authentication session cookies that keep you signed in; a short-lived signed cookie used after you re-enter your password to access Settings and Billing; and a short-lived signed cookie used when a scanner enters the password for a password-protected QR code. These cookies are not used for tracking and require no consent.

Browser storage (not cookies). Your light/dark theme preference and your cookie consent choice are stored in your browser's localStorage, recorded against the version of this Policy you saw. They are not cookies.

Proof of consent. If you are signed in, we additionally keep a pseudonymous record of each analytics-cookie choice you make — your account ID, whether you accepted or declined, the Policy version, and a timestamp. We do not attach your IP address to it, and it is deleted together with your account. If you are not signed in, your choice stays in your browser only. We honour a browser "Global Privacy Control" signal as a decline.

Optional analytics. Where Google Analytics is enabled, it sets its own cookies (e.g. _ga) to measure aggregate usage. We do not load Google Analytics until you accept the cookie banner; declining means no analytics cookies are ever set on your device. You can change your choice at any time using the "Cookie preferences" link in the footer, and if we materially change this Policy we will ask you to choose again.

We do not use cookies for advertising or for cross-site tracking.

All traffic to EzraLink.org is encrypted in transit (HTTPS with HSTS). Data at rest in our database is encrypted by the provider. Access to customer data inside the database is protected by row-level security: a query run by one organization cannot return another organization's rows.

Account-level safeguards include optional two-factor authentication (authenticator-app TOTP), backup codes for recovery, rate-limited sign-in and password attempts, password-strength enforcement, and a fresh-password prompt before sensitive actions (changing email/password, accessing billing, deleting your account). Sessions have a maximum lifetime regardless of activity, and signing out invalidates the session immediately.

We rotate secrets, apply least-privilege access for employees, and log privileged actions. No system is perfectly secure, and we encourage you to choose a strong unique password and to report any suspected incidents to security@ezralink.org.

EzraLink is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has given us personal information, email privacy@ezralink.org and we will delete the account.

EzraLink is operated from the United States and our primary infrastructure is hosted in the United States. If you use the Service from outside the US, you are transferring your information to the US, which may have different data-protection laws than your country. Where required (e.g. for EU/UK personal data) we rely on Standard Contractual Clauses with our processors to provide an adequate level of protection.

We may update this Privacy Policy from time to time. If the change is material we will prompt you to acknowledge the new version on your next sign-in, in the same way we handle Terms of Service changes. The effective date at the top of the policy shows when it was last updated.

Privacy questions and rights requests: privacy@ezralink.org. Security reports: security@ezralink.org. Abuse / copyright (DMCA): abuse@ezralink.org. General support: support@ezralink.org. You can also report a link directly through the public form at ezralink.org/report.