Privacy Policy
Last updated: 20 October 2025
This Privacy Policy explains how QRPix (“we”, “us”, “our”) collects, uses and shares personal data when you use our website, event pages and QR upload tools (“Service”). We act as a data controller for organiser data and as a controller for guest data uploaded to events hosted on our platform.
1) Who we are
Controller: QRPix
Contact: support@qrpix.co.uk
Supervisory authority: UK Information Commissioner’s Office (ICO). You have the right to complain to the ICO at ico.org.uk.
2) What data we collect
- Account data: name, email, password hash, plan, billing history.
- Event data: event title, dates, configuration (guest visibility, etc.), subdomain (e.g.
eventname.qrpix.co.uk). - Upload data: photos and captions submitted by guests to an event, upload timestamps, device/browser metadata.
- Support data: messages you send to us and related details.
- Technical data: IP address, user agent, cookie IDs and usage logs.
- Marketing/analytics: page views, referrers, campaign UTM parameters where used.
3) How we use data and legal bases
| Purpose | Data | Legal basis |
|---|---|---|
| Provide and operate the Service | Account, event and upload data; technical logs | Contract performance |
| Process guest uploads to event galleries | Upload and event data | Legitimate interests of organiser and guests to share event photos; consent where organiser requests it |
| Security, fraud prevention and abuse detection | Technical and usage data | Legitimate interests; legal obligation |
| Customer support and service communications | Contact and support data | Contract performance; legitimate interests |
| Billing and invoices | Account and billing data | Contract performance; legal obligation |
| Analytics to improve the Service | Technical data, usage patterns | Legitimate interests; consent where required (cookies) |
| Legal compliance and reporting | Any relevant category | Legal obligation |
4) Sharing your data
We use trusted service providers to help operate QRPix, such as hosting, storage, analytics, and payment processing. These processors act on our instructions and are bound by contractual data protection obligations. We may also disclose data to authorities where required by law or to investigate abuse.
5) International transfers
Where data is transferred outside the UK, we use lawful transfer mechanisms such as the UK International Data Transfer Agreement (IDTA), UK Addendum to the EU SCCs, or other safeguards recognised by the ICO.
6) Retention
- Event galleries are available for 12 months per plan unless you delete content earlier.
- Deleted photos are typically removed from active systems promptly and may persist briefly in backups.
- Account and billing records are retained as required by law and for our legitimate interests (e.g. fraud prevention, accounting).
7) Security
We implement technical and organisational measures appropriate to the risk, including access controls, encryption in transit, logging and regular updates. No online service can be 100% secure; please keep your password safe and contact us if you suspect unauthorised access.
8) Your rights
Under UK GDPR you have rights to access, rectify, erase, restrict or object to processing, and to data portability. You may also withdraw consent where processing is based on consent. To exercise your rights, contact support@qrpix.co.uk. We will verify your identity before responding.
If you are a guest uploader, please first contact the event organiser for requests related to their event; we can assist the organiser as needed.
9) Children
QRPix is intended for use by adult organisers. Guests must be 13+ to upload, or have parental permission where applicable. Organisers are responsible for ensuring their event complies with applicable laws and venue policies.
10) Cookies and similar technologies
We use essential cookies to operate the site and optional analytics/advertising cookies subject to your consent where required. You can control cookies in your browser or via the cookie banner when presented.
| Type | Purpose | Examples | Retention |
|---|---|---|---|
| Essential | Keep you signed in, deliver pages securely | Session IDs, CSRF tokens | Session or short-term |
| Analytics | Understand site usage to improve the Service | Google Analytics | Per provider defaults |
| Marketing | Measure ad performance | TikTok Pixel | Per provider defaults |
You can opt out of Google Analytics with available browser add-ons and manage TikTok tracking preferences in your account settings on those platforms.
11) Third-party links
Event pages and organiser links may point to third-party sites. Their privacy practices are not controlled by QRPix.
12) Changes
We may update this policy from time to time. We will post the new version with an updated date and, where appropriate, provide additional notice.
13) Contact
Email: support@qrpix.co.uk