Torii QR
Dashboard Log in Try free for 30 days

Privacy Policy

Last updated: April 9, 2026

Torii QR ("Service") respects your privacy and is committed to protecting your personal information. This policy explains what data we collect, how we use it, and how we protect it.

1. Data We Collect

Information you provide directly

  • Account information: Email address and password (stored as a bcrypt hash)
  • QR code content: The content you create and edit (URLs, menu data, business information, etc.)

Information collected automatically

  • Scan analytics: When a QR code is scanned, we record the country (from Cloudflare's CF-IPCountry header), device type, and scan timestamp. We do not store IP addresses. User-agent strings are stored as SHA-256 hashes only.

Payment information

Payment details (credit card numbers, etc.) are handled by Paddle (paddle.com). We never collect or store payment information directly. Paddle acts as the Merchant of Record and is responsible for billing and tax processing. See Paddle's privacy policy at paddle.com/legal/privacy.

2. How We Use Your Data

  • Providing and operating the Service (authentication, QR code management, redirect processing)
  • Generating scan analytics reports
  • Sending transactional emails (trial expiry notices, billing updates, etc.)
  • Detecting and preventing fraudulent or abusive use
  • Improving and developing the Service

3. Data Sharing

We do not sell your personal data. We share data only in the following cases:

  • Paddle: Your email address is shared with Paddle to create a billing customer record
  • Resend: Your email address is shared with Resend (resend.com) solely to send transactional emails
  • Legal requirements: We may disclose data if required by law or a valid legal process

4. Data Storage

Your data is stored on servers located in Japan (Tokyo). If you delete your account, your personal information and associated QR code data will be permanently deleted within 30 days. Anonymised scan statistics may be retained for aggregate reporting purposes.

5. Cookies and Local Storage

We use cookies and local storage solely to maintain your authentication session. We do not use third-party tracking cookies.

6. Your Rights

You have the right to:

  • Request access to the personal information we hold about you
  • Request correction or deletion of your personal information (via account settings or by emailing us)
  • Delete your account at any time from the account settings page

7. Children

The Service is not directed at children under 13. We do not knowingly collect personal information from anyone under 13.

8. Policy Updates

If we make material changes to this policy, we will notify you via your registered email address or through an in-service notice before the changes take effect.

Contact

For privacy-related questions, please contact us at [email protected].