When a dynamic QR code is scanned, the redirector receives an HTTP request and logs the following fields: timestamp, device type (mobile, tablet, desktop, or bot), operating system and version, browser name, country code derived from IP geolocation, and the Referer header if the scanner came from a browser with one set.
The IP address itself is never stored. It is hashed with a per-install salt before being written to the database, which lets us count unique visitors without retaining any personally identifiable identifier. Because the salt is specific to this installation, the same IP produces a different hash on any other deployment, so even in the case of a data leak, cross-referencing visitor identity across installations is not possible.
Bot traffic is detected via user-agent patterns and excluded from scan counts — it's logged with device_type set to 'bot' but doesn't inflate the unique-visitor metric. Known crawlers, link preview fetchers (Slack, iMessage, WhatsApp), and scripted scanners all fall into this category.
We do not set cookies on the redirector, do not use third-party analytics, and do not share scan data with any external service. The data is yours; the dashboard lets you view it, and if you close your account we delete it within 7 days.