Overview
Security is a core part of how QR Dex is built and operated. Whether you are creating a single QR code for a business card or managing thousands of codes across a global organization, QR Dex applies the same rigorous protections to every account. This article explains the security measures in place across the platform.
HTTPS Everywhere
Every QR code redirect handled by QR Dex uses HTTPS. When someone scans one of your dynamic QR codes, the request travels through our redirect servers over an encrypted connection before reaching the destination URL. This ensures that the redirect cannot be intercepted or tampered with in transit. All QR Dex web pages, APIs, and dashboard interfaces are also served exclusively over HTTPS.
Data Encryption
QR Dex encrypts your data both at rest and in transit. Data stored in our databases -- including QR code configurations, scan records, and account information -- is encrypted using industry-standard AES-256 encryption. All communication between your browser and QR Dex servers is protected by TLS 1.2 or higher. Internal service-to-service communication within our infrastructure is also encrypted.
Privacy and GDPR Compliance
Scan tracking in QR Dex is designed to respect user privacy and comply with data protection regulations including GDPR. When someone scans a QR code, we record anonymized metadata such as approximate location, device type, and browser -- but we do not store personally identifiable information (PII) from the scanner. IP addresses are processed only to determine approximate geographic location and are not retained in raw form. This privacy-first approach means your scan analytics remain useful without compromising the privacy of the people who interact with your codes.
Secure Infrastructure
QR Dex is hosted on secure, SOC 2-compliant cloud infrastructure with the following protections in place:
- Regular security audits -- Our infrastructure and application code undergo periodic security reviews and penetration testing.
- Automated monitoring -- We use continuous monitoring to detect and respond to threats in real time.
- Redundant backups -- All data is backed up regularly with encrypted, geographically distributed copies to ensure durability and rapid recovery.
- Access controls -- Internal access to production systems is restricted to authorized personnel and protected by multi-factor authentication.
Safe Scanning and URL Monitoring
QR Dex actively monitors destination URLs linked to dynamic QR codes for signs of malware, phishing, and other malicious content. If a destination URL is flagged as unsafe, QR Dex can warn scanners before redirecting them or block the redirect entirely. This protects both the people scanning your codes and the reputation of your brand. If you believe a destination has been incorrectly flagged, contact our support team for a manual review.
Enterprise Security Features
Organizations on the Enterprise plan have access to additional security capabilities:
- Single sign-on (SSO) -- Integrate QR Dex with your identity provider using SAML. Supported providers include Okta, Microsoft Entra ID, and other SAML 2.0-compatible services.
- Team permissions -- Control what each team member can do with granular role-based access. Assign owner or member roles to enforce the principle of least privilege.
- API key management -- Generate, rotate, and revoke API keys from a centralized dashboard. Each key can be scoped to specific operations for tighter control.
Learn More
For a comprehensive overview of our security practices, certifications, and compliance documentation, visit the QR Dex Trust Center. If you have specific security questions or need to complete a vendor security assessment, reach out to our team at security@qrdex.io.