Privacy Manifesto
This generator runs entirely in your browser. These six guarantees follow from that architecture, and you can verify them yourself in DevTools.
1. We never see your data
Every QR code, vCard, WiFi password, batch CSV, scanned image, business card, and AAMVA driver-license payload is processed entirely in your browser. Nothing is uploaded. Nothing is logged. There is no server-side encoder for us to accidentally log against. The architecture makes the leak physically impossible.
2. There is no signup. There will never be a signup.
No accounts, no email gates, no "verify your address," no "save to your library." If a future feature needs accounts to work, that feature lives on a separate paid product (qrpro.abundera.ai, when it exists), never as a downgrade of this site.
3. There is no tracking. No cookies. No analytics. No fingerprinting.
Zero first-party analytics. Zero third-party scripts. No Google Analytics, no Plausible, no Fathom, no Meta Pixel, no Hotjar, no Sentry, no anything. Open Application → Cookies in DevTools, empty.
4. There is no paywall, ever.
Every type, every export format, every batch size, every template, every icon. Forever. If you ever see a "Pro" badge on this site, assume the site has been hijacked and email hello@abundera.ai.
5. We don't load third-party assets.
Single origin: qr.abundera.ai. No CDN fonts, no analytics endpoints, no avatar services. The optional photo-URL field for vCards fetches that one image directly from the host you typed, that request never passes through us. Verify in DevTools Network.
6. Your QR code is yours.
Whatever you generate (including business-card designs, batch CSV outputs, and scanner history) belongs entirely to you. No watermarks. No tracking pixels in the QR. No "scan to verify" backchannel. The QR you download is the QR you made; nothing more is encoded in it.
How to verify these claims yourself
Three tiers of verification, easiest to most thorough. The first takes 20 seconds.
Tier 1: the 20-second DevTools walkthrough
Reviewers sometimes say "trust is only as good as independent audits." Our counter: any visitor can audit this right now. Follow these five steps in order. Each step takes a few seconds and has an expected result you can confirm yourself, no trust required.
| Step | What to do | Expected result |
|---|---|---|
| 1 | Open DevTools: F12 (Windows/Linux) or ⌥⌘I (macOS). Go to the Network tab. Click Fetch/XHR. | Empty list after initial page load. |
| 2 | Go back to the generator. Paste any URL into the input. Click Generate. | A QR code appears in the preview. Still zero new entries in the Network tab. All computation happened in your browser. |
| 3 | Switch to the Application tab (Chrome) or Storage tab (Firefox). Click Cookies → https://qr.abundera.ai. | Empty, no cookies at all. |
| 4 | Still in Application → click Local Storage → https://qr.abundera.ai. | Only UX preference keys: abundera_lang, qr_mode, optionally your saved templates. No tracking IDs, no session tokens, no analytics keys. |
| 5 | Kill your network: turn off Wi-Fi, or in DevTools set Network throttling to Offline. Generate another QR. | It still works. No server call to lose. The service worker keeps the app fully functional offline. |
If any expected result differs from what you observe, email us, that's a breach of the manifesto and we want to fix it fast.
Tier 2: the airplane-mode test
The simplest proof. Load the site once, then disable your Wi-Fi and mobile data (or pull the Ethernet cable). Generate QR codes, scan QR codes, design business cards, export PNGs, everything keeps working offline. If the site were secretly calling an API, it would fail the moment the connection drops. It doesn't, because there is no API.
Tier 3: OS-level packet inspection
If you want receipts at the OS level: run Little Snitch (macOS), OpenSnitch (Linux), or a Wireshark capture on your LAN. Load the site, then use every feature you can find. The only traffic you'll see is the initial asset load from qr.abundera.ai, no background beacons, no analytics pings, no telemetry. After the initial load, a properly configured firewall can block qr.abundera.ai entirely and the app still works.
Why we wrote this
Most "privacy-first" QR generators upload your data to a server, log the request, set tracking cookies, then claim "we don't sell your data." We don't claim anything. We made it impossible. Open DevTools on the live site, the client-side JavaScript is right there for you to audit while it runs.
7. When you need dynamic QR
We've been honest in this manifesto about what this site won't do. We should be equally honest about what it can't do: if you genuinely need post-print editable destinations and scan analytics, static generation isn't the right tool. Dynamic QR codes (where every scan routes through a redirect server) make both of those things possible.
The tradeoffs are real: vendor dependency, subscription cost, privacy implications for scanners, and the risk that your printed codes stop working if the vendor disappears or changes pricing. We think those tradeoffs are worth understanding clearly. Read the full comparison at static vs dynamic QR codes →
For users who need dynamic redirects and privacy-first scan analytics, we're building Abundera QR Pro: privacy-safe analytics (country + device type, no IP, no raw UA), 90-day grace period after cancellation so codes don't die overnight, one-click export, and a static fallback QR for every dynamic code. If you stop needing full Pro but your printed codes still need to resolve, drop down to Keep-Alive (from $2/month effective) instead of cancelling. Nobody else ships a tier like that.