Frequently Asked Questions

Your QR codes stay active and scannable. You won't be able to create new codes once you're at the Free plan's 5-code limit — delete some codes to make room, or upgrade to create more. Nothing is automatically deleted.

Yes — upgrade, downgrade, or cancel at any moment. If you cancel a paid plan, your access continues until the end of the billing period. There are no cancellation fees.

Yes. If you're not satisfied within 30 days of your first payment, email support@qr-manager.ai and we'll refund your full payment — no questions asked.

Yes — we offer 50% off Starter and Pro for registered nonprofits and educational institutions. Email sales@qr-manager.ai with proof of status and we'll apply the discount to your account.

Enterprise plans are billed annually. Pricing is based on seat count and feature requirements. Contact enterprise@qr-manager.ai for a custom quote.

No. Static QR codes (vCard, WiFi, SMS, etc.) never expire. Dynamic URL QR codes remain scannable — they just won't let you update the destination URL until you re-upgrade. We will never silently break your print campaigns.

Dynamic QR codes store a short redirect URL — you can update the destination any time without reprinting. Static QR codes bake the data (vCard contact, WiFi password, phone number) directly into the code and can't be changed.

Upload a CSV with a 'url' column (and optional 'title' column). We'll create all QR codes in one shot — up to 20 on Starter or 50 on Pro. Each code gets its own slug and scan tracking dashboard.

You can download QR codes as PNG, SVG, WebP, or JPG. SVG is recommended for print use — it scales to any size without losing quality. PNG and WebP work well for digital use.

Yes, on Starter and above. You can choose foreground and background colors and upload a logo to embed in the center of the code. The customization panel is available when creating or editing a QR code.

Absolutely. All plans — including Free — allow commercial use. The Pro plan includes the REST API and batch generation tools agencies need, and Enterprise adds a custom subdomain for white-label client deployments.

We record the timestamp, country, device type (mobile/desktop), browser, and referring URL for each scan. We do not store the scanner's IP address or any personally identifiable information.

Analytics data is retained for as long as your account is active. If you delete a QR code, its associated scan data is also deleted after 30 days.

Yes. Enable them in Settings → Email Notifications. We'll notify you when a QR code hits 100, 1,000, 10,000 scans (and each subsequent power of 10). You can also set custom per-code alerts — such as every N scans or N days before expiry — from the individual QR code's detail page.

The Model Context Protocol (MCP) is an open standard that lets AI assistants like Claude connect to external data and tools. Once you add qr-manager.ai as an MCP server, you can create and query your QR codes using natural language inside the AI tool.

Claude (claude.ai), Cursor IDE, Glean, Windsurf, and any other MCP 2024-11-05+ compatible client. The list is growing — check your AI tool's docs for MCP server support.

With OAuth (recommended), no. The AI tool uses the OAuth flow to authenticate and receives a short-lived token — your API key stays on qr-manager.ai. If OAuth isn't supported, you can configure a static API key in the MCP config file and keep it local.

Yes — MCP and OAuth are available on all plans, including Free. Free accounts can manage up to 5 QR codes via AI tools, subject to the same limits as the rest of the Free plan.

We support any SAML 2.0 compliant IdP. Specifically tested: Okta, Microsoft Azure AD / Entra ID, and Google Workspace.

Existing users who sign in with email/password can continue to do so unless you explicitly disable email auth in your org settings. JIT provisioning creates new accounts automatically when someone signs in via SSO for the first time.

Yes. In Settings → Authentication Policy, you can disable email/password and Google OAuth login for org members, forcing everyone to use SSO. The org owner account is always exempt to prevent lockout.

When an IdP deactivates a user via SCIM, their qr-manager.ai session is immediately revoked and they can no longer log in. Their QR codes remain active and scannable. You can re-enable the account by reprovisioning through the IdP.

Yes. Scan analytics are collected without storing PII. We offer data export and deletion on request. See our Privacy Policy for details.

All data in transit is encrypted using TLS. Data at rest is encrypted using AES-256 — this includes our database volumes and sensitive fields such as MFA secrets, which are encrypted at the application level using AES-256-GCM. We never store plaintext passwords or API keys.

Yes — TOTP-based two-factor authentication is fully supported. Go to Settings → Profile → Two-factor authentication to enable it with any authenticator app (Google Authenticator, Authy, 1Password, etc.). You'll also receive one-time backup codes to store safely. Trusted devices can skip the 2FA challenge for up to 30 days, and you can revoke individual devices at any time. Google OAuth accounts additionally benefit from Google's own MFA.

API keys are hashed before storage — we never store the plaintext key. If you lose a key, you must generate a new one. Keys can be revoked individually from Settings → API Keys.