dottymap
Start Free

Privacy Policy

Last updated: April 6, 2026

Dottymap (“we”, “us”, “our”) operates the dottymap.com website and service. This policy explains what data we collect, how we use it, and your rights.

1. Data We Collect

Account information

When you sign up we collect your email address and name through our authentication provider, Clerk. We do not store passwords — authentication is handled entirely by Clerk.

Scan events

When someone scans a QR code we record the timestamp, a one-way hash of their IP address (we do not store raw IPs), approximate location derived from the IP, device type, browser, operating system, and referrer. If the scan URL contains UTM campaign parameters (source, medium, campaign, term, content), we capture those as well. For QR codes with A/B testing enabled, we also record which destination URL was served. This data is used to provide scan analytics to the QR code owner.

Poster placements

When you place a poster you may optionally provide GPS coordinates and a location name. This data is used to display placements on the map and is visible only to you.

Payment information

Payment processing is handled by Stripe. We do not store credit card numbers or bank account details. Stripe may collect additional information as described in their privacy policy.

2. How We Use Your Data

  • To operate and improve the service
  • To provide scan analytics and placement mapping
  • To process payments and manage subscriptions
  • To send transactional emails (e.g., billing receipts)
  • To detect and prevent abuse

We do not sell your data to third parties.

3. Public & Shared Analytics

Demo QR codes

Scan analytics for demo QR codes — including aggregate counts, device, browser, and OS breakdowns, and time-based patterns — are displayed publicly on our demo page. No personal data such as IP hashes or individual scan records is included.

Shareable analytics links

Account holders can generate shareable links that let anyone with the link view campaign-level analytics. These links expose only aggregate statistics (scan counts, breakdowns, trends) — never individual scan records or personal data.

4. Third-Party Services

We use the following third-party services to operate Dottymap:

  • Clerk — authentication and user management
  • Stripe — payment processing and subscription billing
  • Neon — database hosting (PostgreSQL)
  • Vercel — application hosting and edge network
  • Nominatim (OpenStreetMap) — reverse geocoding for scan locations (no personal data is sent, only coordinates)

5. Cookies

We use a minimal number of cookies:

  • Session cookies — set by Clerk to maintain your login session
  • Sidebar state — a preference cookie to remember your dashboard sidebar state
  • Cookie consent — set by CookieYes to remember your cookie preferences

We do not use tracking or advertising cookies.

6. Data Retention

We retain your account data and scan analytics for as long as your account is active. If you delete your account, we remove your personal data within 30 days. Anonymized, aggregated analytics may be retained indefinitely.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Export your data
  • Withdraw consent for optional data processing

To exercise any of these rights, contact us at privacy@dottymap.com.

8. Security

We use industry-standard security measures including encrypted connections (TLS), hashed IP addresses, and secure infrastructure providers. However, no method of transmission over the internet is 100% secure.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by posting a notice on our website or emailing you.

10. Contact

If you have questions about this privacy policy, contact us at privacy@dottymap.com.