The good news is that the tracking process itself does not store any personal data. When requesting a tracking URL or scanning a dynamic QR Code you do not have to worry about GDPR or CCPA.
We just store the following data
Anonymized IP
The IP is encrypted and stored anonymously in the database as a hash value that cannot be decrypted. It is not possible to relate to a person with the anonymized IP address. The anonymized IP is stored to calculate the number of unique visitors who scanned a QR Code
Country and City
Before the IP address is anonymized, the country and city are extracted from it, if possible. For this we use a local database from which we can read the country information. No third-party server or API is included.
Local time and date
We also store the local time and date when the QR Code has been requested. We extract the time zone of the device by its IP address.
The device who scans the QR Code sends us a user agent that contains information about the brand, the device name, the operating system and browser used.
No Cookies are left on the device
The redirection to the destination address is executed directly via a 301 redirect and we do not place any cookies on the device scanning the QR Code.
No browser finger printing
GDPR compliance
You can find a detailed description of how we deal with the data we collect under our GDPR page. To avoid data breaches and other complications, we regularly undergo pen tests by an external company.