Evidence Center

Every claim we make, linked to the artifact that backs it up. Verify what you want before you trust anything.

This page is not marketing. It's the single hub for every verifiable claim we make about Abundera QR, so you can check the evidence yourself instead of taking our word for it. If a claim isn't linked here, treat it as unverified.

Privacy

We say generation happens entirely in your browser, with no uploads and no server-side encoder. Here's how to check.

• Privacy Manifesto — the full architectural claim, with a DevTools verification walk-through.
• Homepage live-proof strip — browser-computed counts: outbound requests since page load, third-party domains, cookies, localStorage keys, service worker status, offline status.
• Self-test: open DevTools Network tab, generate any code, confirm zero outbound requests.

Scannability

We say a code will scan. Here's the tooling that backs it up.

• QR Lab — drop any QR or barcode image, get a scannability grade, decoded payload, quiet-zone check, and per-scanner verdicts. Runs in your browser.
• Scanner Compatibility Matrix — named-device test results: iPhone Camera (iOS 18.4), Pixel 9 Google Lens, Honeywell Xenon Ultra, Zebra DS9908, country-specific banking apps. Includes where each format fails.
• Scanner Test Corpus — downloadable reference images + reproducibility instructions. You can re-run our tests.

Print readiness

We say a code will work at print size. Here's the math.

• Print Size Calculator — enter scan distance, print substrate, light condition, module count; get minimum size, module pitch, DPI, quiet-zone requirement. Encodes the 1:10 scan-distance rule and ISO/IEC 18004 § 5.3.5.

No lock-in

We say your codes can't be taken hostage. Here are the promises, in writing.

• No Lock-In Promise — five concrete commitments: 90-day grace after cancellation, downloadable static backup per dynamic code, one-click data export, 30-day GDPR delete, privacy-safe aggregate analytics only.
• Static vs Dynamic — the architectural difference between a code that points at your destination directly and one that routes through a vendor.

API + developer trust

We say the Pro API is well-documented and honest. Here's what we publish.

• API docs — bearer-token auth, rate-limit headers, Retry-After semantics, 36 customer-facing endpoints across Codes, Analytics, Groups, Teams, Webhooks, and User.
• OpenAPI 3.1 spec (JSON) — machine-readable source of truth.
• Postman collection (v2.1) — one-click import.
• Official SDKs — TypeScript, Python, Go. MIT-licensed. Source on GitHub. Each ships webhook signature verification out of the box.
• API changelog — versioned, dated record of every change.

Security posture

• Pro security page — threat model, data handling, access controls.
• Status page — uptime history, ongoing incidents.
• Subprocessors — full list of every third party that touches Pro infrastructure.

Build integrity

• Changelog — every shipped change, dated.
• security.txt — how to report vulnerabilities.
• Reproducible builds: everything in this site is static HTML + JS. SDK repos are public; you can diff any release.

What's still in flight

We don't want to claim evidence we haven't produced yet. The following are queued, with target dates:

• Independent accessibility audit — Q3 2026.
• Independent privacy / network audit — post-Pro-launch.
• Third-party scanner validation report — post-accessibility.
• Third-party print validation — lowest priority; the current calculator encodes the methodology.

When each one is done, it'll appear on this page with the report and the issuing body.

Something missing?

If you're evaluating us and want evidence for a specific claim we make that isn't linked here, email hello@abundera.ai. We'll either link the existing artifact or admit we don't have one yet.

Last reviewed: 2026-04-24.