Barion
Privacy Policy

Last updated: February 18, 2026

This Privacy Policy describes how QRW.io processes personal data in connection with providing a dynamic URL shortening, QR code generation, and redirection platform.

1. Data Controller

  • Company name: Indaplan Kft.
  • Address: 1039 Budapest, Batthyány utca 35/B., Hungary
  • Email: hello@indaplan.hu
  • Phone: +36 124 20629

2. Nature of the Service

QRW.io provides dynamic short links, QR code generation, redirect management, and aggregated analytics. When a short link is accessed, our system performs redirection and may generate anonymized statistics.

3. GDPR Roles

Account Data

For registered users, Indaplan Kft. acts as Data Controller.

Link Visitor Data

For visitors accessing user-created links:

  • The link creator may act as Data Controller.
  • Indaplan Kft. acts as Data Processor providing infrastructure.

4. Categories of Data Collected

4.1 Account Data

Email address and authentication-related identifiers.

Legal basis: Contract performance (Art. 6(1)(b) GDPR)

4.2 Link Redirection Data

  • IP address (processed temporarily)
  • Date and time of access
  • Browser / device type
  • Referrer (if available)
  • Link identifier

This data is used solely for redirection, abuse prevention, and generating aggregated analytics.

We do not sell personal data and do not create behavioral profiles.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR)

4.3 Aggregated Analytics

We generate anonymized statistics such as total clicks, approximate country (based on truncated IP), and device category. These are visible only to the link owner.

5. Cookies Policy

Types of Cookies

Essential Cookies

Required for authentication, security, and core functionality. These cannot be disabled.

Analytics Cookies

Used to understand website usage patterns. Activated only after consent for EU users.

Functional Cookies

Store user preferences to improve usability.

Managing Cookies

You may manage cookie preferences via our consent banner or your browser settings. EU users may withdraw consent at any time.

Analytics Providers

We use Google Analytics and Vercel Analytics to understand general website usage. We also use the Barion Pixel for payment fraud prevention (see Section 6).

6. Hosting

The Service is hosted by Vercel Inc., USA. Technical request data may be processed to operate the infrastructure.

7. Barion Pixel — Fraud Prevention

Our website uses the Barion Pixel, a tracking technology provided by Barion Payment Zrt. (1117 Budapest, Alíz utca 2., Hungary). The Barion Pixel collects behavioural data about website visitors — such as page views and interaction patterns — and transmits it to Barion for the purpose of payment fraud prevention and risk assessment.

Data controller for Barion Pixel data: Barion Payment Zrt.
Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) — fraud prevention in the context of online payments.
Barion Privacy Policy: barion.com/adatkezelesi-tajekoztato

Barion Payment Zrt. is supervised by the Hungarian National Bank; licence number: H-EN-I-1064/2013.

8. Stripe Payment Processing

Online card payments on QRW.io are processed by Stripe, Inc. Card and payment-related data do not reach the merchant (Indaplan Kft.); they are handled exclusively by Stripe.

Data controller for payment data: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA
Data processed: cardholder name, card number (tokenised), billing address, transaction amount — solely for payment execution and fraud prevention.
Legal basis: Contract performance (Art. 6(1)(b) GDPR) and legal obligation (Art. 6(1)(c) GDPR).
Retention: As required by applicable accounting and financial regulations (typically 8 years).
Stripe Privacy Policy: stripe.com/privacy

9. International Data Transfers

Where data is transferred outside the European Economic Area, appropriate safeguards such as Standard Contractual Clauses apply.

10. Data Retention

Account data is retained while the account remains active. Analytics data is retained while the link remains active. Server logs are stored only as necessary for security purposes.

11. EU Privacy Rights (GDPR)

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction
  • Right to data portability
  • Right to object
  • Right to withdraw consent

To exercise these rights, contact: hello@indaplan.hu

12. US Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect
  • Request deletion
  • Request correction
  • Opt out of sale or sharing of personal information
  • Non-discrimination for exercising your rights

QRW.io does not sell personal information.

13. Security Measures

We implement HTTPS encryption, access control mechanisms, and monitoring systems to protect personal data.

14. Children's Privacy

The Service is not intended for individuals under 16 years of age.

15. Changes to This Policy

We may update this Privacy Policy periodically. Updates will be published on this page.

16. Contact

  • Email: hello@indaplan.hu
  • Phone: +36 124 20629
  • Address: 1039 Budapest, Batthyány utca 35/B., Hungary