Privacy Manifesto

Six guarantees we won't break — verifiable in your DevTools right now.

This page is intentionally short and hard-edged. Every claim is testable: open Chrome DevTools → Network tab, generate a QR, and watch the request count stay at 0.

1. We never see your data

Every QR code, vCard, WiFi password, batch CSV, scanned image, business card, and AAMVA driver-license payload is processed entirely in your browser. Nothing is uploaded. Nothing is logged. There is no server-side encoder for us to accidentally log against. The architecture makes the leak physically impossible.

2. There is no signup. There will never be a signup.

No accounts, no email gates, no "verify your address," no "save to your library." If a future feature needs accounts to work, that feature lives on a separate paid product (qrpro.abundera.ai, when it exists) — never as a downgrade of this site.

3. There is no tracking. No cookies. No analytics. No fingerprinting.

Zero first-party analytics. Zero third-party scripts. No Google Analytics, no Plausible, no Fathom, no Meta Pixel, no Hotjar, no Sentry, no anything. Open Application → Cookies in DevTools — empty.

4. There is no paywall, ever.

Every type, every export format, every batch size, every template, every icon. Forever. If you ever see a "Pro" badge on this site, assume the site has been hijacked and email hello@abundera.ai.

5. We don't load third-party assets.

Single origin: qr.abundera.ai. No CDN fonts, no analytics endpoints, no avatar services. The optional photo-URL field for vCards fetches that one image directly from the host you typed — that request never passes through us. Verify in DevTools Network.

6. Your QR code is yours.

Whatever you generate — including business-card designs, batch CSV outputs, and scanner history — belongs entirely to you. No watermarks. No tracking pixels in the QR. No "scan to verify" backchannel. The QR you download is the QR you made; nothing more is encoded in it.

How to verify these claims yourself

The 30-second test: turn off your internet

The simplest proof. Load the site once, then disable your Wi-Fi and mobile data (or pull the Ethernet cable). Generate QR codes, scan QR codes, design business cards, export PNGs — everything keeps working offline. If the site were secretly calling an API, it would fail the moment the connection drops. It doesn't, because there is no API.

The forensic version: DevTools Network tab

• Open Chrome DevTools (F12) → Network tab.
• Reload qr.abundera.ai.
• Generate any QR code — fill in fields, click Generate.
• Watch the request count: should stay at the initial page-load count. Zero new requests.
• Try the scanner: zero new requests when scanning.
• Check Application → Cookies: empty.
• Check Application → Local Storage: only your saved templates and preferences. No tracking IDs.

The paranoid version: inspect outbound packets

If you want receipts at the OS level: run Little Snitch (macOS), OpenSnitch (Linux), or a Wireshark capture on your LAN. Load the site, then use every feature you can find. The only traffic you'll see is the initial asset load from qr.abundera.ai — no background beacons, no analytics pings, no telemetry. After the initial load, a properly configured firewall can block qr.abundera.ai entirely and the app still works.

Why we wrote this

Most "privacy-first" QR generators upload your data to a server, log the request, set tracking cookies, then claim "we don't sell your data." We don't claim anything. We made it impossible. Read the source — it's all client-side JavaScript you can audit.

7. When you need dynamic QR

We've been honest in this manifesto about what this site won't do. We should be equally honest about what it can't do: if you genuinely need post-print editable destinations and scan analytics, static generation isn't the right tool. Dynamic QR codes — where every scan routes through a redirect server — make both of those things possible.

The tradeoffs are real: vendor dependency, subscription cost, privacy implications for scanners, and the risk that your printed codes stop working if the vendor disappears or changes pricing. We think those tradeoffs are worth understanding clearly. Read the full comparison at static vs dynamic QR codes →

For users who need dynamic redirects and privacy-first scan analytics, we're building Abundera QR Pro: privacy-safe analytics (country + device type, no IP, no raw UA), 90-day grace period after cancellation so codes don't die overnight, one-click export, and a static fallback QR for every dynamic code.

If any of these guarantees ever stop being true, this page will be updated and the change will be commit-logged in our public repo. Last updated: 2026-04-14.