Privacy Policy

LowKeyCodes is operated by TRIGUB TECHNOLOGIES OÜ, Harju maakond, Tallinn, Kesklinna linnaosa, Narva mnt 5, 10117 Estonia. For privacy questions, you can contact us at filipp@trigub.tech.

The public site can send pageview data and product usage events to PostHog. We use this analytics data to understand how the product is used, improve public and admin flows, and identify friction points.

When someone opens a scan page, the app can also record analytics events about page load, GPS permission prompts, network errors, successful scans, and collection progress.

When someone scans a QR code, the browser may request access to their location. GPS coordinates, reported accuracy, and the scanned code identifier are sent to the LowKeyCodes evaluation API so the service can check whether the user is at the right place and within the right time window to unlock content.

If the check fails, LowKeyCodes may return a wrong-location or wrong-time result. If the check succeeds, the matching content and collection state needed by the page are returned to the browser.

After a scan, LowKeyCodes can send a technical event record to Supabase to help the campaign organizer understand QR activity. Those records can include the code ID, coordinates, accuracy, timestamp, user agent, whether the location matched, and the content variant returned by the scan flow.

This logging is designed as a non-blocking request so the public scan result does not wait for the database write to finish.

To remember which stops have already been collected, LowKeyCodes stores collection progress in the browser's localStorage. That state contains collected code IDs for a campaign and a last-updated timestamp.

This state is kept client-side and is used to show local collection progress. If local storage is unavailable, LowKeyCodes attempts to degrade gracefully.

The LowKeyCodes admin area uses Supabase Authentication with OAuth sign-in to let administrators access their campaigns. Session-related admin access data is handled by Supabase and the app's authentication callback routes.

For paid admin subscriptions, LowKeyCodes uses Stripe Checkout, the Stripe Billing Portal, and Stripe webhooks to create subscriptions, manage trials, sync billing state, and show selected billing details inside the admin interface.

We process data to operate LowKeyCodes, validate location-aware scans, provide the public and admin interfaces, measure product usage, secure admin access, and manage subscriptions. Depending on context, that processing may be necessary to provide the service, perform a contract with a customer, or pursue our legitimate interests in operating and improving the product.

Depending on the feature involved, data may be processed through services used by LowKeyCodes, including PostHog for product analytics, Supabase for authentication, database storage, and scan logging, and Stripe for admin billing.

We keep data for as long as needed to operate the service, investigate incidents, comply with legal or accounting obligations, or defend our rights. Exact retention periods vary by data type and usage context.

Depending on applicable law, you may have rights to request access, correction, deletion, restriction, or objection to certain processing, and to contact a relevant supervisory authority.

For requests, contact filipp@trigub.tech. You can also review our Terms of Service and Impressum.