Privacy Policy

Last updated: March 5, 2026

1. Data Controller

BarMake ("we", "us", "our") is the data controller for personal data processed through barmake.io and api.barmake.io. For inquiries, contact us at support@barmake.app.

2. Data We Collect

Account Data

When you create an account: email address, display name, profile photo (optional), authentication provider.

Usage Data

QR code content and configurations, scan analytics (device, browser, country, city — IP addresses are hashed with HMAC-SHA256 and never stored in plain text), form submissions, business card data, review feedback.

Technical Data

Browser type and version, operating system, timezone, cookies and local storage preferences.

3. Legal Basis for Processing

  • Contract performance: Processing necessary to provide BarMake services (Article 6(1)(b) GDPR).
  • Legitimate interest: Analytics to improve our service, fraud prevention (Article 6(1)(f) GDPR).
  • Consent: Marketing cookies and optional analytics (Article 6(1)(a) GDPR).

4. Data Retention

Account data is retained for the lifetime of your account. Upon account deletion, all personal data is permanently removed within 30 days. Scan analytics are retained for 2 years, then automatically purged. Data exports are available for download for 7 days before being deleted from storage.

5. Third-Party Services

  • Firebase (Google): Authentication and file storage. Data processed in the EU/US under Google's Data Processing Terms.
  • Stripe: Payment processing for subscriptions. We do not store credit card numbers.
  • OVH: Server hosting (France). Database and application data.

6. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

  • Access: Request a copy of all your personal data (Settings → Export My Data).
  • Rectification: Update your personal information in Settings.
  • Erasure: Delete your account and all associated data (Settings → Delete Account).
  • Data portability: Export your data in machine-readable JSON format.
  • Withdraw consent: Manage cookie preferences at any time via the cookie banner.
  • Lodge a complaint: Contact your local data protection authority.

7. Security

We implement industry-standard security measures including HTTPS/TLS encryption, HMAC-SHA256 IP hashing, AES-256-GCM encryption for sensitive data at rest, bcrypt password hashing, rate limiting, and security headers (HSTS, CSP, X-Frame-Options).

8. Contact

For privacy-related inquiries: support@barmake.app