Cookie Disclosure
Last updated: 2026-04-21
1. Summary
QRDrobe uses a small number of strictly necessary first-party cookies required to keep you signed in and to protect requests. We do notuse advertising, marketing, or third-party analytics cookies, and we do not need a consent banner because no non-essential cookies are set.
2. Cookies we set
| Name | Purpose | Lifetime | Category |
|---|---|---|---|
| qdSession | Keeps you signed in. HttpOnly, Secure, SameSite=Lax. | Up to 30 days or until sign-out | Strictly necessary |
| qdRefresh | Refreshes the session without re-logging in. HttpOnly, Secure, SameSite=Lax. | Up to 30 days | Strictly necessary |
| qdCsrf | Anti-CSRF token paired with the session. Readable by our frontend only. | Session | Strictly necessary |
3. Analytics without cookies
We measure scan activity for your QR cards using Cloudflare Analytics Engine, a privacy-preserving service. It records anonymous scan events (timestamp, approximate country/region/city, device type) without setting cookies or browser identifiers on scanner devices, and without building cross-site profiles.
We do not use Google Analytics, Meta Pixel, or any advertising SDKs.
4. Third-party cookies
QRDrobe does not set third-party cookies. If a QR card you publish links to an external destination (for example, a social network), that destination may set its own cookies when the visitor follows the link — we have no control over those.
5. Managing cookies
Because our cookies are strictly necessary, disabling them will stop the Service from working. You can clear or block cookies in your browser settings at any time. Signing out of your account removes the session cookies on the next request.
6. Changes
If we ever introduce non-essential cookies (for example, optional product analytics or marketing), we will update this disclosure and add an explicit consent mechanism before those cookies are set.
7. Contact
Questions about cookies or tracking: legal@qrdrobe.com.