Privacy, security, and transparency by design.

Delivr enforces privacy-first principles to ensure GDPR and CCPA compliance while maintaining complete user anonymity.

Privacy Protection

• Cookie-Free. Delivr does not use cookies or persistent identifiers, ensuring each interaction remains independent with no cross-session tracking or profiling.
• No Personal Data. Delivr does not store any sensitive, personal, or personally identifiable information (PII).
• No User Tracking. Delivr does not collect user IDs, pseudonymous identifiers, or device fingerprints, nor does it track behavior across platforms.
• Anonymized IP Logging. IP addresses are anonymized before storage, protecting user privacy.
• No Profiling. Delivr does not build visitor profiles or analyze individual activity or geospatial patterns.

Security & Data Minimization

• Encryption at Rest and in Transit. All sensitive data is encrypted using industry-standard algorithms (AES-256 for storage, TLS 1.2/1.3 for transmission).
• Data Minimization. Delivr only collects the essential data required to provide our core services, ensuring full legal compliance and limiting exposure.
• Self-Destructing Analytics. Collected data is deleted after a strict retention period, ensuring no long-term storage.
• No AI Training, Machine Learning, or Automated Decision-Making. Delivr does not use your data for AI training, automated decision-making, or machine learning. We do not employ generative artificial intelligence (GenAI), Large Language Models (LLMs), or algorithms that learn from or train on your data.

Transparency, Compliance, and Data Use

• Open-Source Transparency. Delivr is fully transparent about our tracking methods and privacy measures, enabling third-party audits and verifications.
• No Third-Party Tracking. Delivr does not run third-party tracking services or cross-domain tracking or facilitate re-targeting through supercookies or third-party advertising cookies.
• No Advertising or Marketing Use. Your data is never used in Delivr ads, social media, or press releases.
• No Selling of Data. Delivr does not sell your data, ensuring your audience’s information remains secure and private.
• Limited & Transparent Data Usage. Delivr only shares your data in two specific cases: 1. Aggregated, anonymized insights — For example, “52.7% of QR scans originate from iOS devices. 2. Anonymized location data for reports — Securely sent to Google APIs to generate maps and charts in reports.

Data collection is minimal & anonymous.

• Timestamp to analyze when engagements occur. Each engagement (e.g., scan, click) is logged independently without linking it to an individual.
• Campaign ID tracks which managed Short URL was clicked, or QR code was scanned.
• Approximate Location to track where the QR code was scanned. The default method of determining Location uses an IP Address, which is anonymized before storage or reporting. An optional GPS-based method for determining location can be enabled at the discretion of the account owner or organization. This method requires the individuals’s explicit opt-in. If granted, the device’s GPS (if activated) provides latitude and longitude with meter-level accuracy. If permission is not granted, the default IP-based method is used to determine location.
• Device Type & Browser for technical insights. The device’s User Agent String determines the device type, operating system (e.g., Apple/Android), and browser type.
• Language that the device is set to.

Note. Once an individual engages (e.g., scan, click, tap) with a Delivr-managed QR code or short URL, they are redirected to the destination URL, and Delivr’s tracking system no longer tracks them. How is this data used?

The data we collect allows Delivr to provide the following core services:

1. Provide intelligent link routing, e.g., redirect by device OS, country, and language.
2. Generate reports with date & time stamp, geolocation, device OS, and language.
3. Identify and remove non-human, bot, and spam traffic from reports.

Reports are private by default and accessible only to the organization running the campaign and Delivr under strict access controls. However,

1. Organizations can share their anonymized reports with others, ensuring that the data is shared securely and under their control.
2. Organizations can send select data to a third-party analytics platform using URL-based campaign parameters, such as Google Analytics UTM Parameters.
3. Organizations have complete control over the lifespan of their data within the Delivr system. They can have their reports and underlying data deleted at anytime, giving them full autonomy over their data management.

At Delivr, privacy isn’t just a policy — it’s our promise to safeguard what matters.

We believe privacy should be transparent, straightforward, and effortless. Provide your audience with the security they deserve — no unnecessary data collection, no legal complications, no compromises, just trusted privacy throughout the experience. Don’t settle for standard or outdated data practices — Delivr is shaping the future of responsible technology by fostering trust, creating deeper emotional connections, and setting a new standard for data privacy.