Close Cookie Popup
Cookie settings
By clicking "Accept all cookies", you agree to storing cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts as outlined in our privacy policy.
Accept all cookiesCookie settings
Close Cookie Preference Manager
Cookie settings
By clicking 'Accept all cookies', you agree to storing cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts as outlined in our privacy policy.
Strictly necessary (always active)
Cookies required to enable basic website functionality.
Accept all cookiesSave settings

Privacy Policy

Effective date: March 3, 2026

CodeDibs ("we," "our," or "us") operates the CodeDibs platform, a dynamic QR code generation and analytics service available at codedibs.com. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our website, platform, or services.

This policy describes our data practices. Where required by applicable law, we will seek your express consent prior to collecting or using your personal information. If you do not agree with these practices, please discontinue use of our services.

Table of contents

1. Types of Personal Information Collected

1. Data We Collect

We collect two categories of data: information you provide to us directly, and information collected automatically through your use of the platform and QR code scans.

Information You Provide

  • Account Data — Name, email address, password (hashed), billing details, and company name provided during registration.
  • QR Configuration — Destination URLs, QR code labels, campaign names, and any custom branding settings you configure.
  • Payment Data — Processed via a third-party payment provider. We do not store full card numbers on our servers.
  • Communications — Messages you send us via email or support channels, including any attached files or context.

Automatically Collected Data

When you visit our website or when end-users scan your QR codes, we automatically collect technical information including IP addresses, browser type and version, referrer URLs, and timestamps.

2. QR Code Redirect Data

Every time a QR code created through CodeDibs is scanned, our servers process the redirect and record analytics data. The following data is logged on each scan event:

  • Device Information — Device type (mobile, tablet, desktop), device model where available, screen resolution, and hardware class.
  • Operating System — OS name and version (e.g., iOS 17.4, Android 14, Windows 11) parsed from the User-Agent header.
  • Location Data — Country, region, and city derived from the scanner's IP address via geolocation. Precise GPS is never requested.
  • Scan Context — Timestamp, QR code ID, destination URL, browser or app used to scan, and language settings.

Location data is derived from IP geolocation only — we do not request or access GPS coordinates or device location permissions.

Scan data is associated with the CodeDibs account that owns the QR code, but is not associated with the identity of the end-user who performed the scan.

3. Analytics & Advertising Trackers

Our website and application use third-party tracking tools to understand visitor behaviour and measure advertising effectiveness.

Google Analytics

We use Google Analytics 4 (GA4), operated by Google LLC. Google Analytics collects data such as pages visited, session duration, traffic source, device type, and approximate location. This data is subject to Google's Privacy Policy. You can opt out via the Google Analytics Opt-out Browser Add-on or by adjusting your cookie preferences on our site.

Meta Ads (Facebook Pixel)

We use the Meta Pixel, operated by Meta Platforms, Inc. The Pixel tracks visitor actions on our website to measure ad conversions and build remarketing audiences. Under CCPA/CPRA, sharing data with Meta for cross-context behavioral advertising may constitute "sharing" of personal information. California residents have the right to opt out — see Section 10. Data collected by Meta is subject to Meta's Data Policy. You may opt out of interest-based advertising at youradchoices.ca or youradchoices.com.

Note: Neither Google nor Meta have access to QR scan analytics data stored in your CodeDibs dashboard. These third-party trackers do not have access to your QR code destination URLs, scan counts, or other account-specific data.

4. How We Use Your Data

We use collected data for the following purposes:

  • Service delivery — creating and managing your account, generating QR codes, processing redirects, and serving your analytics dashboard.
  • Billing and transactions — processing payments for lifetime purchases and subscription plans.
  • Platform improvement — analyzing aggregate usage patterns to improve features, reliability, and performance.
  • Communications — sending transactional emails (receipts, password resets), product updates, and optional marketing messages (with your consent).
  • Security and fraud prevention — detecting abuse, unauthorized access, or misuse of our infrastructure.
  • Legal compliance — fulfilling obligations under Canadian federal and provincial law, US state privacy laws, and applicable tax legislation.

We do not sell your personal data or the personal data of your end-users to any third party.

5. Data Sharing & Disclosure

We share data only in the following circumstances:

Service Providers (Sub-processors)

We engage trusted third-party vendors who process data on our behalf, including cloud infrastructure providers (AWS), payment processors (Stripe), and email delivery services (AWS SES). These providers are contractually bound to process data only as directed by us.

Legal Requirements

We may disclose information if required to do so by law, court order, or lawful government request, or to protect the rights, safety, or property of CodeDibs, our users, or the public.

Business Transfers

If CodeDibs is acquired, merged, or undergoes a significant restructuring, user data may be transferred as part of that transaction, subject to applicable legal restrictions.

With Your Consent

We may share data with third parties if you have explicitly consented to such sharing.

6. Data Retention

We retain your account data for as long as your account remains active and for as long thereafter as required by applicable law, including tax and accounting obligations. If you delete your account, we will remove or anonymize your personal data without undue delay, except where retention is required by law.

QR scan analytics data is retained for as long as your plan is active and for up to 12 months after plan termination. Aggregate, anonymized analytics data may be retained indefinitely.

7. Security Safeguards

We implement reasonable technical and organizational safeguards appropriate to the sensitivity of the personal information we hold. No method of transmission or storage is 100% secure. In the event of a data breach that creates a real risk of significant harm, we will notify affected individuals and applicable regulatory authorities as required by law.

8. Your Rights (Canada)

Under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation, you have the right to:

  • Access — request a copy of the personal information we hold about you.
  • Correction — request that inaccurate or incomplete information be corrected.
  • Withdrawal of Consent — withdraw consent to non-essential data processing at any time, subject to legal and contractual restrictions.
  • Complaint — file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.

To exercise any of these rights, contact us at support@codedibs.com.

9. US State Privacy Rights

This section applies to residents of US states with applicable privacy laws, including California, Virginia, Colorado, Connecticut, and Texas.

Rights Available to US Residents

Depending on your state of residence, you may have the right to:

  • Know / Access — request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the categories of third parties with whom it has been shared.
  • Delete — request deletion of personal information we have collected about you, subject to certain exceptions.
  • Correct — request correction of inaccurate personal information.
  • Opt Out of Sale or Sharing — opt out of the sale of your personal information or its sharing for cross-context behavioral advertising. We do not sell personal information. However, our use of the Meta Pixel may constitute "sharing" under CCPA/CPRA. You may opt out by clicking the "Do Not Sell or Share My Personal Information" link in the footer of our website, or by contacting support@codedibs.com.
  • Non-Discrimination — we will not deny service, charge different prices, or provide a different level of quality as a result of you exercising your privacy rights.

California-Specific Disclosures

Since our launch, we have collected the following categories of personal information from California residents: identifiers (name, email, IP address); commercial information (purchase history); internet or other electronic network activity (browsing behavior on our site); geolocation data (city/region level, derived from IP).

We have not sold personal information since our launch. We have shared personal information with Meta Platforms, Inc. for cross-context behavioral advertising, as described in Section 4.

Submitting a Request

To exercise any US privacy right, submit a verifiable consumer request to support@codedibs.com. We will respond within 45 days. Where reasonably necessary, we may extend this period by an additional 45 days with notice. If we deny your request, you may appeal by contacting us at support@codedibs.com with the subject line "Privacy Rights Appeal."

10. Cross-Border Data Transfers

Our infrastructure is hosted on Amazon Web Services (AWS), which may process and store data on servers located in the United States or other jurisdictions outside Canada. Your personal information may therefore be subject to the laws of those jurisdictions, including lawful access by foreign governments or law enforcement. We take reasonable steps to ensure third-party service providers maintain appropriate protections for transferred data.

11. Cookies & Tracking Technologies

We use cookies and similar technologies for the following purposes:

  • Essential cookies — required for authentication, session management, and core platform functionality.
  • Analytics cookies — set by Google Analytics. Can be disabled via our cookie banner or browser settings.
  • Advertising cookies — set by Meta Pixel. California residents may opt out as described in Section 10.

You can manage cookie preferences through our on-site cookie consent banner or via your browser settings. California residents may additionally opt out of advertising cookies as described in Section 10.

12. Children's Privacy

CodeDibs is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. In compliance with the Children's Online Privacy Protection Act (COPPA) and applicable Canadian law, if we become aware that we have collected information from a child under 13 without verifiable parental consent, we will delete it promptly. Contact us at support@codedibs.com if you believe this has occurred.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our website. Continued use of CodeDibs after changes take effect constitutes acceptance of the revised policy.

14. Contact Us

Privacy Officer

CodeDibs Inc.

Woodbridge, Ontario, Canada

support@codedibs.com