What does QRDefender do?

QRDefender is a secure QR scanner that helps detect phishing, fake payments, and malicious links. It lets you inspect QR code content before opening, giving you time to decide whether a destination is safe.

QRDefender is free to download on both the App Store (iPhone) and Google Play (Android).

Does QRDefender collect my data?

QRDefender is built with a privacy-first approach. All QR code scanning and analysis happens on your device. Analytics and crash reporting are disabled by default — you choose to enable them. Your scan history is encrypted and stored only on your device.

Is QRDefender available for iPhone and Android?

Yes, QRDefender is available for both iOS (iPhone) on the App Store and Android on Google Play.

QRDefender Privacy Policy

Last updated: March 20, 2026

QRDefender (“the App”) is a security-focused QR code scanner designed to protect you from QRishing attacks. Your privacy is fundamental to our mission. This policy explains what data the App collects, how it is used, and your rights.

Summary

All QR code scanning and analysis happens on your device
Analytics and crash reporting are disabled by default — you choose to enable them
No personal data, scanned URLs, or QR code content is ever shared with third parties
Your scan history is encrypted and stored only on your device
You can delete all your data at any time

Data That Stays on Your Device

QR Code Scan History

Your scanned QR codes are stored locally on your device using encrypted storage (iOS Keychain / Android EncryptedSharedPreferences). This data includes the QR code content, type, scan date, and analysis results.

Scan history is never uploaded to any server
Scan history is not synced to iCloud or any cloud service
You can delete individual scans or your entire history from the History screen at any time

App Preferences

Your settings (language, theme, biometrics preference, analytics/crash reporting choices) are stored locally in encrypted storage. These are never transmitted.

Phishing Database

The App includes a bundled phishing URL database for offline detection. URL lookups are performed entirely on your device — no scanned URL is ever sent to external phishing services.

Data Shared With Third Parties (Only With Your Consent)

Firebase Analytics (Google)

Disabled by default. If you choose to enable “Contribute to app improvement” in Settings, anonymous usage data is sent to Firebase Analytics (Google). This includes:

Which screens you visit (e.g., “scanner”, “settings”)
Actions you take (e.g., “scanned a QR code”, “toggled a filter”)
QR code types scanned (e.g., “URL”, “WiFi” — not the content)
Device information (model, OS version)

What is NOT sent: URLs you scan or visit (only the domain name is logged, never the full URL), QR code content (passwords, contacts, payment details, etc.), personal information (name, email, phone, location), or your scan history.

You can disable analytics at any time in Settings → Privacy.

Firebase Crashlytics (Google)

Disabled by default. If you choose to enable “Send crash reports” in Settings, crash reports are sent to Firebase Crashlytics (Google) when the App encounters an error. These reports contain crash stack traces (technical error information) and device information (model, OS version, app version).

What is NOT sent: No personal data or user identifiers, no QR code content or scan history, no custom keys or user preferences.

You can disable crash reporting at any time in Settings → Privacy.

Network Connections

The App makes the following network connections:

Connection	Purpose	Data Sent
Scanned URLs	Security analysis (HTTP HEAD requests to check redirects, SSL, and safety)	HEAD request only — no user data is sent to the scanned URL
Firebase servers	Analytics and crash reports (only if you enable them)	See sections above

The App does NOT connect to:

Any server to download or update the phishing database (it is fully bundled offline)
Google Fonts servers (fonts are bundled locally)
Google DNS (8.8.8.8) or google.com for connectivity checks
Any advertising networks
Any data brokers or analytics services other than Firebase

Permissions

Permission	Why We Need It	When It’s Used
Camera	To scan QR codes	Only while the scanner is active
Photo Library	To scan QR codes from saved images	Only when you choose “Scan from Image”
Calendar	To save events from calendar QR codes	Only when you tap “Add to Calendar”
Contacts	To save contacts from vCard QR codes	Only when you tap “Save Contact”
Biometrics / Face ID	To lock the App (optional)	Only if you enable it in Settings

No permission is required to use the App. Camera access is requested when you first attempt to scan. All other permissions are requested only when you use the specific feature.

Data Retention and Deletion

Scan history: Stored until you delete it. You can remove individual scans or all history from the History screen.
Preferences: Stored until you uninstall the App.
Analytics data:If you enabled analytics, data is retained by Google according to their retention policies. You can reset analytics data by disabling the toggle in Settings, which calls Firebase’s resetAnalyticsData().
Crash reports: If you enabled crash reporting, reports are retained by Google according to Firebase Crashlytics retention policies.

To delete all local data, uninstall the App. All encrypted local storage is removed with the App.

Children’s Privacy

QRDefender does not knowingly collect data from children under 13. The App does not require account creation and does not collect personal information.

Third-Party Services

Service	Provider	Purpose	Privacy Policy
Firebase Analytics	Google LLC	Anonymous usage statistics (opt-in)	Google Privacy Policy
Firebase Crashlytics	Google LLC	Crash reporting (opt-in)	Firebase Privacy

Your Rights

Under GDPR, CCPA, and similar regulations, you have the right to:

Access: View all data stored by the App (your scan history is visible in the History screen)
Deletion: Delete your scan history at any time; uninstall the App to remove all local data
Opt-out:Disable analytics and crash reporting at any time in Settings → Privacy
Portability: Your data is stored locally on your device and accessible through the App

iOS Privacy Details (App Store)

As declared in our Apple Privacy Manifest:

Tracking: The App does not track you across other apps or websites
Data linked to you: None
Data used to track you: None
Data collected: Crash data and performance data (only if you opt in)

Changes to This Policy

We may update this privacy policy from time to time. Changes will be reflected in the “Last updated” date above. Continued use of the App after changes constitutes acceptance of the updated policy.

Contact

If you have questions about this privacy policy or your data, please contact us at qrdefender@proton.me