Security & Compliance

We understand that when you choose us as your QR code and short link provider, you are trusting us with your customer touch points and their data privacy. We don't take that responsibility lightly.

That is why we take security seriously and why we have compiled this page so you understand what security measures and procedures we have in place.

Technical security

Encryption

All data transmitted to and from our service is secured using TLS/SSL 1.2 or higher. Our main application and redirect links enforce strict transport security (HSTS) to ensure secure connections.

Password security

All passwords are securely stored using strong one-way hashing algorithms. This means that even if our database was compromised, your original password cannot be recovered.

Multi-factor authentication

Users can enable two-factor authentication on their accounts for added security, requiring both a password and an email verification code to log in.

Built with battle-tested frameworks

We build our service using battle-tested frameworks (Django and Gin) that are trusted by millions of websites and known for their security-first approach.

Hosted on a trusted platform

We host our service in Germany using Digital Ocean's secure infrastructure. This means your data is protected by enterprise-grade data centers that maintain strict security certifications including SOC 2 and ISO 27001, while also ensuring GDPR compliance through EU data residency.

Secured by Cloudflare

We use Cloudflare's global security network to protect our service, ensuring fast and secure access while defending against cyber threats like DDoS attacks and malicious traffic.

Security policies

Strictly limited team access

Access to customer data is strictly limited - our team only accesses information when necessary for technical support, and customer data is only available to the account members it's intended for.

Backups and data retention

We run point-in-time style backups, allowing us to rollback data to any point over the past few days.

Privacy compliance

We only collect minimal data from end users

By default, when people scan a Hovercode dynamic QR code or click on a Hovercode short link, we store minimal data and no personally identifiable data (e.g. device type, truncated IP, the time of the scan/click).

Clear opt-in for any personally identifiable data

Following GDPR requirements, we ensure there is a clear opt-in before collecting any personally identifiable information. For example, if GPS location tracking is enabled on a QR code, the scanner must explicitly consent to sharing their location (more details here).

DPA

We offer a Data Processing Agreement (DPA) to ensure GDPR compliance - contact us at [email protected] to request a copy.