This website uses necessary cookies to ensure that our website is ideally usable. We do not use cookies that process personal data without your prior consent. Read our Cookie Policy

Are the IPs of unique visitors tracked GDPR and CCPA compliant when scanning a QR Code?

book reader icon
1 Minute
facebook logo gray
linkedin logo gray
mail logo gray

Yes, the way we track unique visitors is GDPR / CCPA compliant. This is done by anonymizing the IP address of the user who scans the QR Code.

You as account owner can set the detail of anonymization in your account settings.

Anonymization strategies

Depending on the strategy you are using to anonymize IP addresses, you can be fully compliant to GDPR / CCPA. However, the number of unique visitors might not be accurate. The following strategies give you an overview about compliancy and accuracy.

Hashed IP (sha256)

When hashing the IP address, we use the sha256-hash function and add a salt before hashing. Using this strategy, you get the most accurate number of unique visitors that are scanning your QR Codes. Only if users are using the same Wi-Fi network, we cannot distinguish them as separate unique users because they share the same IP address. To be fully GPDR / CCPA compliant we recommend not only hashing but also anonymizing the IP described in the next step.

Anonymized & Hashed IP

Before the IP address is hashed, we truncate the last byte of the IP address e.g., -> 192.168.178.XXX. Using anonymization might makes the number of unique visitors smaller in your statistics, because if there are 2 unique visitors that have a different IP just in the last byte e.g., and they will be counted as the same unique visitor.

This strategy is set as the default behavior and this way is fully GDPR / CCPA compliant.

Do not store unique visitors

By choosing this option we do not store any information about unique visitors at all. In your statistics you will just see the number of QR Code scans but not how many people scanned your QR Codes. Please note when unique visitors are not recorded, some functions, like one-time scannable QR Codes based on IP address, do not work.

How to set the anonymization level

1. Login your account

Login into your account. The anonymization level can only be set in paid accounts. In free accounts the IP is always anonymized & hashed.


Login Form

2. Go to your account settings and choose an IP anonymization strategy

Go to your account settings and search for the section Data Protection. In the IP Anonymization drop-down you can set one of three anonymization levels. Click on Save to update the data protection settings.

Account settings - Data Protection - IP Anonymization
Account settings - Data Protection - IP Anonymization
Last update 5 months ago