Privacy Policy
Effective date: May 5, 2026
This Privacy Policy explains how QR Controller handles information when you use the QR Controller mobile apps, web app, download page, and related signaling service (together, the "Service").
No analytics or advertising tracking. QR Controller does not currently use analytics SDKs, advertising SDKs, or cross-app tracking.
No account required. You do not need to create an account, provide your name, or provide your email address to use the app.
Connection data is temporary. Room codes, socket IDs, approval codes, WebRTC signaling messages, and relay credentials are used to connect players and are not used to identify you.
Information We Collect
QR Controller is designed to avoid collecting personal information. The Service may process the following limited information to make the app work:
- Connection and room information: temporary room codes, socket connection IDs, join status, approval codes, rejoin tokens, timestamps, and related connection state.
- WebRTC signaling information: offer, answer, and ICE candidate messages used to establish a direct or relayed controller connection between devices.
- Device permission data: camera access for QR scanning and motion sensor readings when motion controls are enabled.
- Local app data: cached web app files and temporary session storage, such as an approved rejoin token for the current browser session.
- Technical server data: standard hosting and network logs may include IP address, user agent, request time, requested URL, and error information.
Camera, QR Codes, and Motion Controls
The camera is used to scan QR codes. Camera frames are processed on your device for QR detection and are not intentionally uploaded to QR Controller servers.
If you enable motion controls, the app reads accelerometer and gyroscope data from your device. Those readings are used to generate controller input and may be sent through the active controller connection to the host device you joined. QR Controller does not use motion data for analytics or advertising.
How We Use Information
We use the information above only to provide and maintain the Service, including to:
- Create and join temporary controller rooms.
- Approve players in secure lobbies and allow reconnecting during the same session.
- Establish WebRTC controller connections.
- Cache the start screen locally so the app can open more reliably.
- Diagnose service problems, abuse, outages, and security issues.
What We Do Not Do
- We do not sell personal information.
- We do not use third-party advertising SDKs.
- We do not use analytics SDKs at this time.
- We do not create user profiles for marketing.
- We do not require an account to use QR Controller.
Sharing and Third Parties
QR Controller relies on service providers to operate the app. These providers may process technical information as needed to provide their services:
- Hosting and infrastructure providers may process network requests and standard server logs.
- Cloudflare TURN services may be used to help relay WebRTC traffic when devices cannot connect directly.
- Google ML Kit Barcode Scanning is used by the Android app to scan QR codes on the device.
- Google Play and Apple App Store process downloads, purchases if applicable, crash reporting, and store account information under their own privacy policies.
The public website may also link to or embed third-party content, such as app stores, Steam, Discord, YouTube, or QR code tools. Your use of those third-party services is governed by their own privacy policies.
Retention
Temporary room and signaling data is intended to exist only while needed to operate active rooms and connections. Local cached files and session storage remain on your device until the app, browser, or operating system removes them, or until you clear app/browser data.
Standard server logs, if generated by hosting infrastructure, are retained only as long as needed for operations, security, debugging, and legal compliance.
Children's Privacy
QR Controller is intended for a general audience and does not knowingly collect personal information from children. If you believe a child has provided personal information to us, contact us and we will take appropriate steps to delete it.
Your Choices
- You can deny camera permission, but QR scanning will not work until permission is granted.
- You can avoid motion controls if you do not want motion sensor readings used as controller input.
- You can clear local app or browser data to remove cached files and session storage.
- You can contact us to ask privacy questions or request deletion of information we may hold.
International Use
The Service may be operated from and process technical information in countries other than your own. Where applicable, we rely on service providers and operational safeguards to protect information during this processing.
Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the effective date on this page. Continued use of the Service after an update means the revised policy applies.
Contact Us
If you have questions about this Privacy Policy or QR Controller privacy practices, contact us at bash@bashdev.com.