peekode

Privacy Policy

Last updated: July 5, 2026 — DRAFT for attorney review. Not yet published.

The short version (plain words): We built Peekode so it doesn't need your data. No account. No ads. No history of your scans kept anywhere but on your phone. The QR codes you scan are analyzed on your device. Only when a link needs a deeper check does the link itself go to our server — and we don't store it beyond a short, anonymous safety cache. We never sell anything about you, because we barely know anything about you.

1. Who we are

Peekode ("we") is operated by [LEGAL ENTITY / Furkan]. Contact: [[email protected]]. For EU/UK users, we act as data controller for the limited processing below. Turkish users: this policy also serves as our KVKK (Law No. 6698) disclosure text.

2. What we process, and why

Scan content (QR payloads). Analyzed entirely on your device. Not transmitted, except: when a scanned link is a short link or needs a reputation check, the URL only is sent to our server (api at peekode.com) to follow redirects and/or query threat databases. Legal basis: legitimate interest (protecting you from the very link being checked). We do not log these URLs; results are cached briefly (up to 24h) keyed by a one-way hash, so the cache cannot be read back into a list of links.

Reputation lookups. When a URL is checked against Google Safe Browsing (and, in future, similar services), that URL is shared with the provider under their terms. We send nothing else about you.

Technical data. Our hosting provider (Vercel) processes IP addresses transiently to deliver the service, as every website does, including standard short-term server logs we do not use for profiling. The app itself contains no analytics SDK, no advertising SDK, and no trackers.

Scan history. Stored only in the app's memory on your device (last few scans) and cleared when the app closes. We cannot see it.

3. What we do NOT do

No accounts. No ads. No sale or sharing of personal data for marketing. No cross-app tracking. No persistent server-side record of what you scanned. No profiling. If we ever add an optional feature that shares data (e.g., "report this dangerous code"), it will be opt-in and explained at the point of use.

4. Retention

URL check cache: up to 24 hours, hashed. Host logs (Vercel): per their standard rotation. Everything else: never left your device.

5. Your rights

EU/UK (GDPR) and Turkey (KVKK): you have rights of access, correction, deletion, restriction, portability, and objection. Honestly, we hold almost nothing to access or delete — but write to [[email protected]] and we'll respond within 30 days. You may complain to your local data-protection authority (Turkey: KVKK Kurumu).

6. Children

Peekode is safe for families to use, but we don't knowingly collect any personal data from anyone, children included — the design makes it structurally impossible to build a profile of any user.

7. International transfers

Our servers (Vercel) and reputation providers (Google) may process the checked URLs in the US or other countries, under their standard contractual protections.

8. Changes

Updates appear at peekode.com/privacy with the date above; material changes will be flagged in the app. See also our Terms of Service.