Are the IPs of unique visitors tracked GDPR and CCPA compliant when scanning a QR Code?
Yes, the way we track unique visitors is GDPR / CCPA compliant. This is done by anonymizing the IP address of the user who scans the QR Code.
You as account owner can set the detail of anonymization in your account settings.
Depending on the strategy you are using to anonymize IP addresses, you can be fully compliant to GDPR / CCPA. However, the number of unique visitors might not be accurate. The following strategies give you an overview about compliancy and accuracy.
Hashed IP (sha256)
When hashing the IP address, we use the sha256-hash function and add a salt before hashing. Using this strategy, you get the most accurate number of unique visitors that are scanning your QR Codes. Only if users are using the same Wi-Fi network, we cannot distinguish them as separate unique users because they share the same IP address. To be fully GPDR / CCPA compliant we recommend not only hashing but also anonymizing the IP described in the next step.
Anonymized & Hashed IP
Before the IP address is hashed, we truncate the last byte of the IP address e.g., 192.168.178.123 -> 192.168.178.XXX. Using anonymization might makes the number of unique visitors smaller in your statistics, because if there are 2 unique visitors that have a different IP just in the last byte e.g., 192.168.178.123 and 192.168.178.125 they will be counted as the same unique visitor.
This strategy is set as the default behavior and this way is fully GDPR / CCPA compliant.
Do not store unique visitors
By choosing this option we do not store any information about unique visitors at all. In your statistics you will just see the number of QR Code scans but not how many people scanned your QR Codes. Please note when unique visitors are not recorded, some functions, like one-time scannable QR Codes based on IP address, do not work.
How to set the anonymization level
1. Login your account
Login into your account. The anonymization level can only be set in paid accounts. In free accounts the IP is always anonymized & hashed.
2. Go to your account settings and choose an IP anonymization strategy
Go to your account settings and search for the section Data Protection. In the IP Anonymization drop-down you can set one of three anonymization levels. Click on Save to update the data protection settings.