Legal

Privacy Policy

Last updated: March 2026 · This is a placeholder — full policy coming soon.

1. What We Collect

When you sign in with an OAuth provider (Google, GitHub, or Discord), we receive your email address and a unique identifier from that provider. We use this solely to identify your account and associate your scan history with you.

2. Scan Data

When you submit a URL for scanning, we store the URL, the scan result, and associated metadata (risk score, findings, screenshot). This data is linked to your account and is not shared with third parties. We never store the raw QR code images you upload — processing happens entirely in your browser.

3. How We Use Your Data

Your scan history is used to power the analytics dashboard and to enforce your plan's monthly scan quota. Anonymized scan outcomes (domain and verdict only — no URLs or user IDs) may appear in the public platform feed on the Analytics page.

4. Third-Party Services

  • Supabase — database and authentication hosting.
  • Google Cloud — job queue (Pub/Sub) and scanner infrastructure.
  • URLhaus / PhishTank — external threat intelligence APIs. Submitted URLs are checked against these services.

5. Data Retention

Scan records are retained indefinitely unless you delete your account. Account deletion removes your profile and personal scan history from our systems.

6. Contact

Questions? Reach out via the contact page.
← Back to Quinot
Quinot — QR Phishing Scanner