Privacy Policy

Last updated: February 26, 2026

1. Introduction

DotBox ("we," "us," or "our") is operated by Cyberdime Development. This Privacy Policy explains what information we collect, how we use it, and your choices regarding your data when you use the DotBox website and application at qrdotbox.com (the "Service").

2. Information We Collect

2.1 QR Code Generation (No Data Collected)

Basic QR code generation is performed entirely on your device (client-side). The content you encode into a QR code is never sent to our servers unless you explicitly save it as a dynamic QR code.

2.2 Account Information

When you create an account, we collect the information provided by your authentication method:

  • Email address
  • Display name (if provided via Google or Apple sign-in)
  • Profile photo URL (if provided via Google or Apple sign-in)

Authentication is handled by Firebase Authentication (Google LLC). We store your account profile in Google Cloud Firestore.

2.3 Saved QR Codes

If you sign in and save QR codes to your dashboard, we store the QR code content, style settings, and metadata (creation date, scan count) in Firestore linked to your account.

2.4 Dynamic QR Code Scan Data

When someone scans a dynamic QR code, the redirect service logs:

  • Timestamp of the scan
  • Country (derived from the scanner's IP address via ipapi.co)
  • Device type (mobile, desktop, or tablet — derived from User-Agent)
  • User-Agent string
  • HTTP referrer

IP addresses are sent to ipapi.co solely for country-level geolocation and are not stored by DotBox. Scan data is associated with the QR code, not with the person who scanned it.

2.5 Payment Information

Payments are processed by Stripe, Inc. We never receive or store your full credit card number. Stripe provides us with a customer ID, subscription ID, and subscription status, which we store to manage your Pro access. Stripe's privacy policy is available at stripe.com/privacy.

2.6 Analytics and Error Monitoring

We use the following third-party services to understand usage and improve reliability:

  • Vercel Analytics — collects anonymous page view and interaction data.
  • Vercel Speed Insights — collects Core Web Vitals and performance metrics.
  • Sentry — captures error reports and stack traces when something goes wrong, to help us fix bugs. This may include request URLs and browser information.

3. How We Use Your Information

We use collected information to:

  • Provide and maintain the Service
  • Authenticate your account and manage your subscription
  • Display scan analytics for your dynamic QR codes
  • Process payments through Stripe
  • Monitor and fix errors and performance issues
  • Improve the Service based on aggregated usage data

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

4. Third-Party Services

The Service relies on the following third-party providers, each governed by their own privacy policies:

  • Firebase (Google LLC) — authentication and database
  • Stripe, Inc. — payment processing
  • Vercel, Inc. — hosting, analytics, and speed insights
  • Sentry (Functional Software, Inc.) — error monitoring
  • ipapi.co — IP geolocation for scan analytics

5. Data Retention

Account data and saved QR codes are retained as long as your account is active. Scan analytics are retained for as long as the associated dynamic QR code exists. If you delete your account, we will delete your profile data, saved QR codes, and associated scan records.

6. Your Rights

You may:

  • Access, update, or delete your account information from your dashboard
  • Delete individual QR codes and their associated scan data
  • Request a full deletion of your account and all associated data by contacting us

7. Cookies

DotBox uses essential cookies for authentication session management. Vercel Analytics uses anonymous, cookie-less tracking. We do not use advertising or third-party tracking cookies.

8. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected such information, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page.

10. Contact Us

If you have questions about this Privacy Policy, contact us at cyberdime.dev.