Privacy Policy

Last updated: June 15, 2026

This policy explains what personal data NimbleQR processes, why, and what rights you have. The data controller is Digitalt Håndverk (Org. no. 936 706 916), Norway. Contact: apps@digitalthandverk.no.

1. Data we process about account holders

• Account data — your email address and a hashed version of your password (we never store the password itself). Legal basis: performing our contract with you.
• Your content — the QR codes you create: titles and destination URLs. Legal basis: performing our contract.
• Billing data — if you subscribe, our payment provider Paddle (the merchant of record) processes your payment and billing details under its own privacy policy. We store only Paddle’s identifiers for your customer record and subscription, and the subscription status. We never receive your card details. Legal basis: performing our contract and legal obligations.
• Support correspondence — emails you send us. Legal basis: legitimate interest in supporting you.

2. Data we process when someone scans a code

When a visitor opens a NimbleQR short link, we redirect them to the code’s destination and record a scan event consisting of: a timestamp, the approximate country (derived from the IP address at the moment of the request), and a coarse device category (mobile, tablet, or desktop, derived from the browser’s user-agent string).

We do not store the visitor’s IP address or user-agent in our database, we set no cookies on redirects, and we do not build profiles of visitors. IP addresses may appear transiently in our hosting provider’s standard server logs. Legal basis: our and our customers’ legitimate interest in aggregate usage statistics.

3. Processors and transfers

We use these processors to operate the Service:

• Vercel — application hosting and content delivery (servers may be located outside the EEA; transfers are safeguarded by EU standard contractual clauses and, where applicable, the EU–US Data Privacy Framework).
• Neon — database hosting.
• Paddle — payments, as an independent controller / merchant of record for checkout and billing data.

We do not sell personal data or share it with advertisers.

4. Cookies

The app sets a single, strictly necessary session cookie to keep you logged in. We use no analytics or advertising cookies. During checkout, Paddle may set cookies needed to process the purchase.

5. Retention

• Account data and content: kept until you delete them or your account.
• Scan events: kept while the related code exists.
• Billing records: kept by Paddle and by us as required by bookkeeping and tax law.

You can delete individual codes (including their scan history) and your entire account from the app at any time — account deletion cancels any subscription and removes your data immediately.

6. Your rights

Under the GDPR you have the right to access, correct, delete, and receive a copy of your personal data, to object to or restrict certain processing, and to withdraw consent where processing is based on it. Contact apps@digitalthandverk.no to exercise these rights.

7. Changes

We will update this policy as the Service evolves and note the date above. For material changes we will notify account holders. See also our Terms of Service.