Privacy Policy

Last updated: 4 May 2026

We acknowledge the importance of protecting personal data. This Privacy Policy explains how Faliane Ltd. (“we”, “us” or “our”) collects, uses, shares, and otherwise processes your personal data in connection with your use of the App and Services, as defined in our Terms of Service.

Please read this Privacy Policy carefully to understand our privacy practices. This Policy describes how we process personal data in accordance with applicable data protection laws, including Regulation (EU) 2016/679 (the “GDPR”).

For the purposes of this Privacy Policy, Faliane Ltd acts as the data controller within the meaning of GDPR. For clarity, “personal data” means any information relating to an identified or identifiable natural person, either directly or indirectly, as defined under the GDPR.

Categories and Examples of Personal Data Collected

Personal Information that we collect directly from you. We collect certain personal data when you: (a) subscribe to, access, or use our Services; (b) communicate with us, including by submitting inquiries, feedback, or support requests via email, post, or telephone. The categories of personal data we collect, and the circumstances in which they are collected, include the following:

b) Your identifiers (such as your name, email and/or postal address, or phone number) are collected when you voluntarily provide such information, for example when you: (i) contact our support team or request assistance; (ii) submit feedback, refund requests, or other inquiries; or (iii) include such information in correspondence with us.

d) Device and internet activity information is automatically collected when you access or use the Services. This may include:

Your device identifiers;
advertising identifiers (IDFA) if available); and
usage data such as session duration, accessed features, and interactions with Services.

This information is collected through analytics tools, and similar technologies to operate, secure, analyze, and improve the Services.

e) User Content (as defined in the Terms of Service) may be processed when you use certain features of the Services, such as scanning QR codes or barcodes, or generating codes within the App. All User Data is stored locally on your device and is not transmitted to, processed by, or hosted on our servers, except where explicitly stated otherwise in the Privacy Policy. Scan results, including decoded QR code or barcode information, may remain accessible within the App for as long as you maintain an active subscription to the Services. If your subscription is canceled or expires, certain features, including access to stored scan results, may become unavailable within the App. We do not retain copies of your User Data on our servers. Accordingly, deletion of the App or loss of access to your device may result in permanent loss of such data. To the extent any User Data is processed by us (if applicable), you may request deletion of such data at any time by contacting us at support@qr-barcode-scanner.com. We may retain limited information where necessary to comply with legal obligations, enforce our agreements, resolve disputes, or meet technical and contractual requirements of third-party service providers.

1.2. Personal information we receive from third parties. From time to time, we may receive personal data about you from third-party sources, including:

Apple Inc. in case of Apple Sign-In or your use of our Services via AppStore: when you use the Sign in with Apple feature to download our mobile application and start using our Services, we receive personal data from your Apple ID account, which may include your name and email address. You have the option to share your actual email address or an anonymous email address that utilizes Apple’s private email relay service. Apple will provide detailed privacy information during the Sign in with Apple process.
Advertising, Analytics, and Strategic Partners: we may receive data from advertising networks, analytics providers, and other business partners. This data may include mobile advertising identifiers, hashed email addresses, phone numbers, cookie identifiers, and insights regarding your activity on external websites or mobile apps. We use this data to better understand your interests and tailor the Service accordingly.
Payment Processors: when you make a payment through the Services, you provide your financial details (e.g., credit card number) directly to licensed payment processors (such as Apple Inc.). While we do not collect or store full credit card numbers, we may receive limited payment-related information such as the transaction date, time, amount, and payment method type.

1.3. No Special Categories of Personal Data: we do not knowingly request, collect, or process special categories of personal data within the meaning of Article 9 GDPR. This includes, without limitation, data revealing racial or ethnic origin, religious or philosophical beliefs, genetic or biometric data, health-related data, or data concerning a natural person’s sex life or sexual orientation. You are explicitly instructed not to include any such sensitive or special category data when submitting Inputs or otherwise interacting with our AI-powered Services. However, if you voluntarily and intentionally include such information in your Inputs, that information will be processed solely at your request and only for the purpose of generating the requested Output. In such cases, the information may be transmitted to and processed by third-party AI model providers strictly for this purpose. We do not access, use, store, analyze, or retain such sensitive or special category data for any secondary purposes, including profiling, analytics, or model training, unless required by applicable law.

1.4. No Personal Data of Minors: our Services are not directed to children, and we do not knowingly collect or process personal data from individuals under the age of 16, in accordance with Article 8 GDPR. If we become aware that we have collected personal data from an individual under the age of 16 due to false, misleading, or incomplete information, we will take reasonable steps to promptly delete such personal data and suspend access to the Services while the matter is reviewed. If we confirm that an individual under the age of 16 is using the Services, we will permanently disable access in order to comply with applicable data protection laws.

Purposes and Legal Bases for Processing and Sharing of Personal Data.

We collect and process personal data for the following business and commercial purposes, in accordance with the principles of lawfulness, fairness, transparency, and data minimization.

2.1 Purposes of processing

We process personal data for the following purposes:

To provide and operate the Services, including account registration and management, user authentication, subscription administration, payment processing, billing, and customer support.
To maintain, improve, and personalize the Services, including analyzing usage patterns, troubleshooting, optimizing performance, developing new features, and personalizing content and user experience.
To promote and grow the Services, including instructing selected marketing and advertising partners (such as mobile measurement partners, social media platforms, and search engines) to create aggregated or look-alike audiences based on user characteristics, where permitted by law and subject to your consent where required.
To communicate with you, including responding to inquiries, providing service-related notices, updates, security alerts, and other administrative or transactional communications.
To comply with legal obligations, including compliance with tax, accounting, financial reporting, anti-fraud obligations, and lawful requests from courts, regulators, or public authorities.
To protect rights, safety, and security, including enforcing our Terms of Service, detecting and preventing fraud, misuse, or unlawful activity, and protecting the rights, property, and safety of our users, business partners, and ourselves.

2.2. Sharing of Personal Data.

We may share personal data with the following categories of recipients, only to the extent necessary for the purposes described above and subject to appropriate contractual and legal safeguards:

Service providers and vendors, including providers of Third Party Components integrated into our Services via API or otherwise. These providers process personal data on our behalf under contractual obligations consistent with Article 28 GDPR.
Advertising and analytics partners, including partners that help us measure performance, analyze usage, or deliver personalized advertising, subject to your consent where required under applicable law and as further described in Section 3 (“Tracking Technologies”).
Corporate transactions, in connection with a merger, acquisition, reorganization, sale of assets, or similar transaction, personal data may be disclosed or transferred as part of such transaction, subject to applicable data protection safeguards.
Legal and compliance recipients, where disclosure is required by applicable law, regulation, court order, subpoena, or governmental request, or where necessary to establish, exercise, or defend legal claims.

The table below summarizes the processing purposes, applicable legal bases, and categories of third parties involved in each processing activity.

Summary Table of Processing Purposes, Legal Bases, and Service Providers

Processing Purpose	Categories of Personal Data	Legal Basis	Service Providers / Third Parties	Retention Criteria
Account creation, Service delivery, Payment Processing and subscription management	Identifiers, Customer Records Information	Performance of a contract (Art. 6(1)(b))	• Apple Inc. – Apple Privacy Policy	Retained for the duration of the active account and thereafter as required to comply with legal obligations
Customer communication and support (including inquiries, feedback, and contact requests)	Identifiers, Customer Records Information	Legitimate interests in providing customer support and improving Services (Art. 6(1)(f))	• Google Workspace (Gmail) – Google Privacy Policy • Zendesk, Inc. – Zendesk Privacy Policy	Retained until the inquiry is resolved and thereafter for a limited audit or dispute-resolution period
Analytics, operations, debugging, and service optimization	Device and Internet Activity Information, Inferences	Legitimate interests in operating, securing, and improving the Services (Art. 6(1)(f))	• Apple App Analytics – Apple Privacy Policy Facebook (Meta Platforms, Inc.) – Meta Privacy Policy Amplitude – Amplitude Privacy Policy Google Analytics - Google Privacy Policy and Ad Settings	Retained for defined analytics cycles or until anonymized or aggregated
Provision of Service- related functionality	User Content	Performance of a contract (Art. 6(1)(b)); legitimate interests in providing AI-enabled features (Art. 6(1)(f))	Open Food Facts - Open Food Facts Privacy Policy Huge Impact, Inc – Barcode Lookup Privacy Policy	Retained for the duration of each session

3. Tracking Technologies

3.1. What are the Tracking Technologies.

When you use our App, we and our third-party partners may collect and use mobile advertising identifiers, such as Identifier for Advertisers (IDFA) on Apple devices. These identifiers are user-resettable identifiers provided by your device’s operating system and may be used for analytics, attribution, fraud prevention, and advertising purposes, subject to your consent where required by law. Although these identifiers do not directly identify you by name, they may constitute personal data under applicable privacy laws. Analytics, functionality, and advertising tracking technologies are used only where you have provided your consent, unless an exemption applies under applicable law.

3.3. Opt-out from Third-party Tracking Technologies

From time to time, we may also use third party tools such as:

Google Analytics and Google Ads – Google Privacy Policy and Ad Settings;

Facebook (Meta) Pixel and Custom Audiences – Meta Privacy Policy;

Apple App Analytics – Apple Privacy Policy;

Adjust - https://www.adjust.com/terms/privacy-policy

Adapty https://adapty.io/privacy/

These third parties may collect or receive information from your device and use it to provide analytics, measurement, attribution, or advertising services, subject to their own privacy policies and applicable legal requirements. To opt out of these tracking technologies:

(i) you can opt out of providing your mobile advertising identifiers through your device settings, including resetting the identifier or opting out of interest-based advertising (for example, by enabling “Limit Ad Personalization” on Android or disabling “Allow Apps to Request to Track” on iOS).

(ii) manage preferences for third-party cookies via the tools provided by those parties. For example, you can manage Google’s cookies by visiting Google Ad Settings or installing Google Analytics Opt-out Browser Add-on. You may also follow the instructions provided by the Network Advertising Initiative (US), the Digital Advertising Alliance (US) or other similar services. Such initiatives allow you to select tracking preferences for most of the advertising tools.

4. Where we process and transfer your information

We host and process personal data primarily in Europe. Due to the global nature of our operations and our use of service providers and AI model providers, personal data may be transferred to and processed in countries outside your country of residence, including outside the European Economic Area (EEA), where data protection laws may differ from those in your jurisdiction. Where personal data is transferred outside the EEA to a country that has not been recognized by the European Commission as providing an adequate level of data protection, we rely on appropriate safeguards in accordance with Chapter V GDPR, including the E.U. Standard Contractual Clauses, where applicable, the UK SCCs, supplementary technical and organizational measures, such as encryption, access controls, and data minimization. These safeguards are designed to ensure that your personal data remains protected in accordance with GDPR requirements, regardless of where it is processed. You may request additional information about international data transfers and applicable safeguards by contacting us using the details provided in this Privacy Policy.

5. How we protect your information

We are committed to protecting your information through robust technical and organizational measures. Our security framework is designed to protect your personal information from unauthorized access, use, disclosure, copying, modification, destruction, and accidental loss or misuse. We implemented industry-standard security controls, including but not limited to:

Access Controls: we enforce role-based access controls and apply the principle of least privilege, ensuring that access to personal data is limited to authorized personnel and contractors who require such access for legitimate business purposes.
Data Encryption: to prevent unauthorized access, tampering, or interception of your personal information, we employ strong encryption mechanisms: (i) in transit: we utilize TLS encryption (e.g., TLS 1.2 or higher) to secure data while it is transmitted from us to you; (ii) at rest: all data stored within our infrastructure is encrypted using AES-256 industry standards, ensuring an additional layer of protection; (ii) backups: regular encrypted backups are maintained to ensure data availability and integrity in the event of an incident.
Regular Security Audits: we conduct regular penetration testing, vulnerability assessments, and security audits to proactively identify and mitigate potential risks.
Antivirus and Intrusion Prevention Systems (IPS): deployed to monitor and prevent unauthorized access and potential threats in real-time.
Incident Response and Breach Notification: we maintain documented incident response procedures to address suspected or confirmed security incidents. In the event of a personal data breach, we will assess the risk and, where required by law, notify the relevant supervisory authority and affected individuals within the timeframes prescribed by applicable data protection laws.

6. What are your rights and choices?

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights in relation to your personal data, subject to the conditions and limitations set out in the GDPR.

Right to request access. You may obtain confirmation as to whether or not we process your information, learn about the details of such processing and obtain a copy of the information that we process.
Right to request correction. You may request that inaccurate or incomplete personal data be corrected or updated. We may take reasonable steps to verify the accuracy of the information you provide.
Right to request erasure. You may request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you have withdrawn consent and no other legal basis applies, where the data has been unlawfully processed, or where erasure is required by law.
Please note that we may not be able to comply with your request where retention is necessary for legal obligations or for the establishment, exercise, or defense of legal claims. Where applicable, we will inform you of such reasons.

Right to object to processing. You have the right to object, on grounds relating to your particular situation, to the processing of your personal data where we rely on legitimate interests (or those of a third party).
You also have the right to object at any time to the processing of your personal data for direct marketing purposes. You may unsubscribe from marketing communications by using the unsubscribe link in such emails or by contacting us at the email address below.
Right to request restriction of processing. You may request the restriction of processing of your personal data where: (a) you contest the accuracy of the data; (b) the processing is unlawful and you oppose erasure; (c) we no longer require the data, but you need it for the establishment, exercise, or defense of legal claims; or (d) you have objected to processing and verification of overriding legitimate grounds is pending.
Right to data portability. You may request to receive personal data you have provided to us in a structured, commonly used, and machine-readable format, and to have that data transmitted to a third party, where the processing is based on consent or contract and carried out by automated means.
Right to withdraw consent. Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal. If you withdraw consent, we may no longer be able to provide certain products or services, and we will inform you where this is the case.
Right to lodge a complaint with a supervisory authority. If you are dissatisfied with how we process your personal data, you have the right to lodge a complaint with a competent data protection supervisory authority, in particular in the country of your habitual residence, place of work, or place of the alleged infringement.

To exercise any of your rights, please contact us at support@qr-barcode-scanner.com. We will confirm receipt of your request and respond without undue delay and in any event within one (1) month, which may be extended by up to two additional months, where permitted by law.

Before fulfilling your request, we may need to verify your identity using information you provide and data already associated with your account. If we cannot verify your identity, we may be unable to process your request for security and fraud-prevention reasons. All verified requests are processed free of charge, unless they are manifestly unfounded or excessive.

7. Additional Privacy Rights for U.S. Residents

This section applies to residents of certain U.S. states, including but not limited to California, Colorado, Connecticut, Utah, and Virginia, where applicable privacy laws grant additional rights. Depending on your state of residence, you may have the right to:

request access to the personal data we process about you;
request deletion of your personal data;
request correction of inaccurate personal data;
opt out of the processing of personal data for:

targeted advertising;
the “sale” or “sharing” of personal data (as defined under applicable law).

We do not sell personal data for monetary consideration. However, certain data sharing with advertising and analytics partners may be considered “sale” or “sharing” under applicable U.S. privacy laws. You may exercise your rights by:

contacting us at support@qr-barcode-scanner.com; or
using any available “Your Privacy Choices” or similar settings within the Services (where available).

We will respond to verified requests in accordance with applicable law.

8. Notice of Sale or Sharing of Personal Data (California Residents)

Under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), certain disclosures of personal data may be considered a “sale” or “sharing.” We may disclose the following categories of personal data to advertising and analytics partners:

identifiers (such as device identifiers);
device activity information;
inferences drawn from such data.

These disclosures are made for purposes of:

targeted advertising;
analytics and performance measurement.

You have the right to opt out of such sale or sharing of your personal data.

You may exercise this right by:

enabling privacy settings in the Services (where available); or
contacting us at support@qr-barcode-scanner.com.

We will process your request in accordance with applicable law.

9. Sensitive Personal Data (U.S. Disclosure)

We do not use or disclose sensitive personal data for purposes other than those permitted under applicable law, including to provide the Services requested by you.

10. How long do we keep your information

We keep your information for as long as it is necessary for the purposes outlined in section 2 above, based on the nature of the data, the purpose of processing, and applicable legal requirements. We may retain your information if required to do so by law or upon an order of a state authority.

11. Links to third-party resources

Our Services may contain links (including those embedded into the ads distributed via our Services) to third-party resources that are not administered by us and are not governed by this Privacy Policy. We encourage you to familiarize yourself with the privacy policies and security practices of the linked third-party websites before providing them with any personal information.

12. Changes to the Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data processing practices, regulatory requirements, or to address feedback received from our customers. Any changes will be published on this page, and we encourage you to review it regularly to stay informed about how we protect your information. When we post changes, we revise the "Last Updated" date at the top of this policy. If we make any material changes in the way we collect, use, or share your information, we will notify you by prominently emailing you, and if required by applicable law, we will request your consent for such changes.

13. Language

Any translation of the English version of this Privacy Policy is provided solely for your convenience. In case of any differences between the English version and any other translation, the English version shall prevail and shall be the only legally binding version.

14. Contact Information

If you have questions or comments regarding this Privacy Policy and our privacy practices, or you have any requests to exercise your legal rights, please contact us a) by email support@qr-barcode-scanner.com or b) by post at 13 Imathias, Limassol, 3117, Cyprus.