Security & Privacy
We treat your data — and your scanners' data — with the same care we'd want for our own. Here's exactly how.
Argon2id password hashing
OWASP-recommended parameters (m=19456, t=2, p=1). No password is ever stored in plaintext or recoverable form.
Scanner privacy
We never store personally identifiable scanner data. IP addresses are hashed with rotating per-day salt. Only counts and aggregates persist.
Trust Engine
Every destination URL is scored before publish. Phishing keywords blocked, risky TLDs flagged, private IPs and localhost refused.
Infrastructure
PostgreSQL 16 with daily encrypted backups. Hourly volume snapshots. Application processes supervised by PM2 with automatic restart.
Compliance posture
DPDP-ready (India), GDPR-aligned consent capture on every form. Soft-delete + audit log on every workspace. Data-export request handled in-app.
Token & API security
Short-lived JWT access tokens + opaque rotating refresh tokens with reuse detection. Scoped API keys per workspace. Signed webhooks (HMAC-SHA256).
Report a vulnerability
Found a security issue? Email us at security@qrquick.in — we aim to respond within 24 hours.