Skip to main content
Legal

Privacy Policy

How browser-based barcode processing, analytics, cookies, contact data, Cloudflare hosting, GDPR rights and CCPA rights are handled at ReadBarcode.com.

Effective date: 25 May 2026 · Last updated: 25 May 2026

ReadBarcode.com is an independent browser-based barcode toolkit. This Privacy Policy explains what information is and is not processed when you use the site, how that information is handled, and the rights you have over it. We do not sell your personal information, and we do not share it for cross-context behavioral advertising. The full CCPA / CPRA disclosure is in the section We do not sell your personal information below.

Who we are

The data controller for ReadBarcode.com is the independent operator of ReadBarcode.com. For privacy-related inquiries, please use the contact methods provided on the Contact page.

What this policy covers

This policy applies to your use of the website at https://readbarcode.com, all tools, generators, validators, guides and the installable Progressive Web App offered there. References to “personal information” in this policy mean information that identifies, relates to, or can reasonably be linked to a specific individual.

Browser-based barcode processing

Most barcode reading, image decoding, barcode generation, and export actions happen directly in your browser. Camera scans, uploaded images, generated barcodes, and entered barcode values are not uploaded to our servers for normal tool use.

Information we do not collect during normal tool use

ReadBarcode.com does not track, store, sell, or analyze scanned barcode values, uploaded barcode images, generated barcode content, inventory lists, or user-entered barcode values for normal tool usage. In particular, the following stay on your device and are never transmitted to us:

  • Camera frames captured by the readers
  • Images you upload for decoding
  • Decoded barcode values
  • GTINs, UPCs, EANs and ISBNs you paste into validators
  • Generated barcode, QR and Data Matrix payloads
  • Wi-Fi credentials, vCard contact details and other generator inputs
  • Inventory and batch lists held in browser storage

Information you may choose to send us

If you contact us by email or through the contact form on the Contact page, we receive the information you choose to send, such as your name, email address, the category you selected, and the body of your message. We use that information solely to respond to your enquiry and to keep a record of the correspondence for the retention period set out below.

Legal basis for processing (GDPR)

We process limited information under the following legal bases:

  • Legitimate interest (Article 6(1)(f) GDPR): aggregate analytics, security logs, performance monitoring, and abuse prevention. Our interest is keeping the platform safe, reliable, and continuously improved. This processing does not include barcode payloads, uploaded images, or other tool input data.
  • Performance of a request (Article 6(1)(b) GDPR): when you contact us, we process your message, email address, and any details you choose to send in order to respond.
  • Consent (Article 6(1)(a) GDPR): if optional features are introduced in the future that require consent (such as marketing communications or non-essential cookies), processing will only occur after you give explicit consent.

Analytics and technical logs

We may use aggregate analytics and technical logs to understand site performance, security, and general usage patterns. These analytics do not include the barcode values, uploaded images, generated codes, inventory lists, or other tool inputs you process in the browser. In particular, analytics never include:

  • Scanned barcode values
  • Uploaded barcode images
  • Generated barcode content
  • Inventory lists
  • Wi-Fi passwords
  • vCard contact data
  • Barcode and QR payloads
  • User-entered barcode values

Cookies and browser storage

ReadBarcode.com does not use advertising or third-party tracking cookies. We use only strictly necessary cookies and browser storage for site operation, tool preferences, and security.

Cloudflare, our hosting and security provider, may set strictly necessary cookies (such as __cf_bm for bot management) that are exempt from consent requirements under the ePrivacy Directive because they are essential to the security and operation of the service.

If we introduce non-essential cookies in the future (for example, analytics that require consent or advertising cookies), we will display a clear consent banner before any such cookies are set, and you will be able to refuse them without losing access to core tools.

Some tools may use local browser storage (localStorage or sessionStorage) to remember preferences, temporary lists, or local settings such as your most recent generator configuration. This data remains on your device, is not transmitted to us, and can be cleared at any time through your browser's settings.

Cloudflare and infrastructure providers

ReadBarcode.com is hosted and delivered through Cloudflare. Cloudflare may process technical data such as IP address, request headers, security events, and performance logs as part of hosting, caching, security, and content delivery. Cloudflare's data processing is governed by Cloudflare's own privacy policy and data processing agreements.

Third-party services

The core barcode tools are designed to avoid third-party processing of barcode input data. The only third-party processor involved in normal operation is Cloudflare, which provides hosting, content delivery, and security services. If future features connect to external lookup APIs, third-party analytics, or other processors, those services will be disclosed in this policy before they are activated.

Form submissions through the contact page are processed by Resend, a transactional email service used to deliver contact messages to the operator. Resend processes only the contact form fields you submit (name, email, subject category, message, and optional URL) for the purpose of email delivery. Resend's privacy policy is available at resend.com/legal/privacy-policy.

Data retention periods

We retain different categories of data for different periods:

  • Contact messages: retained for up to 24 months from the date of last correspondence, then deleted or anonymized. This allows us to provide continued support and reference for unresolved inquiries.
  • Security and abuse logs (IP addresses, request patterns associated with security events): retained for up to 12 months for security investigation and abuse prevention.
  • Aggregate analytics: retained indefinitely in anonymized, aggregated form that cannot identify individual users.
  • Cloudflare-side technical logs: retention is governed by Cloudflare's own policies and may include limited request metadata for up to 30 days.

Browser storage data on your device is retained until you clear it through your browser.

International data transfers

ReadBarcode.com uses Cloudflare for hosting and content delivery. Cloudflare operates a global network of data centers, which means technical data such as IP addresses and request metadata may be processed in multiple countries, including outside the EEA. Cloudflare relies on appropriate safeguards for international data transfers, including Standard Contractual Clauses approved by the European Commission, as described in Cloudflare's own privacy documentation.

Your privacy rights (EEA / UK / Switzerland)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights under applicable data protection laws regarding personal data we hold about you:

  • Right of access: request a copy of the personal information we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete information.
  • Right to erasure (“right to be forgotten”): request deletion of your personal information, subject to legal retention obligations.
  • Right to restriction: request that we limit how we process your information.
  • Right to data portability: receive your information in a structured, commonly used format.
  • Right to object: object to processing based on legitimate interest.
  • Right to withdraw consent: withdraw consent at any time where processing is based on consent (without affecting the lawfulness of prior processing).

To exercise any of these rights, please contact us through the Contact page. We will respond within 30 days as required by GDPR.

You also have the right to lodge a complaint with your local data protection supervisory authority if you believe our processing of your personal information violates applicable law. You can find your national authority via the European Data Protection Board.

Your rights as a California resident (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information:

  • Right to know what personal information we collect, use, and disclose.
  • Right to delete personal information we have collected from you (subject to exceptions).
  • Right to correct inaccurate personal information.
  • Right to opt out of sale or sharing — although we do not sell or share personal information for cross-context behavioral advertising, you have the right to confirm this.
  • Right to limit use of sensitive personal information — we do not use sensitive personal information beyond what is necessary to provide the service.
  • Right to non-discrimination for exercising any of these rights.

To exercise these rights, please contact us through the Contact page.

We do not sell your personal information

We do not sell your personal information. We do not sell barcode values, uploaded images, generated barcodes, contact details, or user-submitted information to any third party. We do not share personal information for cross-context behavioral advertising. This statement applies to all users, including California residents under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

Children's privacy

ReadBarcode.com is not directed to children under 13 in the United States or under the applicable age of digital consent in your country (which may be 13, 14, 15, or 16 depending on the EU member state). We do not knowingly collect personal information from children. If you believe a child has provided personal information through the contact page, please contact us and we will delete the information promptly.

Security and security incident notification

We take reasonable technical and organizational measures to protect information transmitted to or processed by ReadBarcode.com, including HTTPS encryption for all traffic, security protections provided by Cloudflare, and limited access to any submitted contact data.

However, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, and you transmit information at your own risk.

Users should avoid entering sensitive personal, medical, legal, confidential, or regulated information into any online tool unless they fully understand how the tool works. Although core tools process data in your browser, you remain responsible for the information you choose to enter or upload.

If we become aware of a security incident affecting personal information you have submitted to us, we will notify affected users without undue delay where required by applicable law, and we will report the incident to relevant supervisory authorities as required under GDPR Article 33 and other applicable regulations.

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. When we make material changes, we will update the “Last updated” date at the top of this policy and, where appropriate, provide additional notice. We encourage you to review this policy periodically.

Contact

For privacy questions, data subject requests, or notices about this policy, please use the Contact page with the subject line “Privacy request”. We aim to respond within 30 days as required by GDPR.