QR tracking risks: what to watch for

Not every QR code works the same way. A static code holds the real destination inside the image (URL, WiFi string, or vCard). A dynamic code sends people through a vendor redirect that can log each scan, collect device details, and change where users land without reprinting.

When dynamic codes help, and when they hurt

Marketing teams often want scan counts and the freedom to swap campaign URLs. That can work well when people know what they are signing up for. For guest WiFi, invoices, safety signs, or fixed contract links, an extra redirect adds downtime risk, privacy questions, and trust you may not need.

Questions to ask any QR host

• Do you log IP address, user agent, time, and approximate location per scan?
• Can the destination change after print without my knowledge?
• What happens if your service is down? Do all my printed codes stop working?
• Where is data stored, and who is the controller under GDPR?
• Can I export or delete scan history?

A privacy-first alternative

qresta.site builds static codes locally in your browser. Optional Google tags on this site load only after cookie consent, and they are separate from the QR payload. For WiFi, text, and contact modes see WiFi, text, and contact.

← Create a QR code