Security and privacy

Use this page with your legal and security teams to understand what the product processes, where it is stored, and which operational controls you control via configuration.

Quick review summary: role-based access, audit logging, configurable retention, and Stripe-isolated payment handling are available today for production workflows.

What data is collected per scan?

When a scan is recorded, the ingestion pipeline typically stores: client IP, user agent, referrer, parsed device and browser, and coarse geographic fields derived from IP when the location provider returns a result. UTM and campaign fields are stored when present.

IP-derived location is approximate. Treat analytics as operational metrics, not precise identity verification. Your privacy notice should describe this processing to end users where required.

Retention and deletion

Scan retention is configured in the application privacy configuration. A scheduled purge command removes scan rows older than the configured window unless retention is disabled. Align PRIVACY_SCAN_RETENTION_DAYS with your policy and jurisdiction. Hosted defaults should be reviewed with your implementation owner during onboarding.

Payments and billing data

Workspace billing uses Stripe via Laravel Cashier. Card data and Stripe customer objects live in Stripe; your application stores Stripe customer identifiers and subscription state needed to enforce plan limits. Map your Data Processing Addendum to Stripe’s terms and subprocessors.

API authentication

Automation uses Laravel Sanctum personal access tokens. Tokens are scoped with an ability such as workspace:{slug}. Treat tokens like secrets; rotate them when staff change roles or leave. API token creation is logged for accountability when audit logging is enabled.

Public endpoints and abuse controls

Tracking redirects and conversion pixels are unauthenticated by design. They are rate limited per IP using configurable per-minute limits. Tune QR_TRACKING_REDIRECTS_PER_MINUTE and QR_TRACKING_PIXEL_PER_MINUTE for your environment.

Application security headers

The web stack applies baseline headers such as X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy. In production, a Content-Security-Policy is also set; adjust if you embed third-party scripts.

Subprocessors (documentation)

The privacy configuration includes a subprocessors list intended for documentation and vendor review. Keep it aligned with your contracts and in-app privacy copy. If your procurement process requires artifact sharing, use the trust center contact path.

Get started free