This privacy policy applies to the EuroQR Pay app and the boehmelabs.com/euroqrpay/ website, both operated by Boehme Labs (owner: Richard Böhme).
In short: The app stores your data exclusively on your own device. There is no server, no cloud, no tracking. We do not see how many accounts you set up or how many QR codes you create.
The data controller for the purposes of the General Data Protection Regulation (GDPR) and other national data protection laws is:
Boehme LabsPersonal data means any information relating to an identified or identifiable natural person (Art. 4 (1) GDPR).
Processing means any operation performed on personal data – such as collection, recording, storage, modification, retrieval, transmission or erasure (Art. 4 (2) GDPR).
The "EuroQR Pay" app processes the following data, all of which you actively enter:
All of the above data is stored exclusively on your end device (in the so-called localStorage of the app's WebView and temporarily in the app cache when you share a QR code). Transmission to servers operated by Boehme Labs or third parties does not occur.
The app can read QR codes from image files or PDF documents. This processing happens entirely on your device – the file is never transmitted to any server. Only locally bundled libraries are used: Google ML Kit (on-device model), ZXing, jsQR and Mozilla PDF.js. There is no cloud processing and no telemetry.
When you "Copy" a generated QR code to the clipboard, the operation happens entirely within your device. In the decoder, you can paste an image from the clipboard – this also never leaves the device.
When you save a QR code, a PNG file is written to the public Documents folder of your device. The "Open" button shown afterwards lets you open the file in an app of your choice (e.g. gallery, file manager) – the respective app is independently responsible.
If you "share" an image or PDF from another app to EuroQR Pay (Android Share Intent), the content is loaded only locally into the decoder. It is not stored beyond the session and not forwarded.
The purpose of processing is the creation of SEPA QR codes (EPC-002 standard) to simplify bank transfers. Legal basis is Art. 6 (1) (b) GDPR (performance of contract – the app fulfils its requested function) or Art. 6 (1) (f) GDPR (legitimate interest in providing a functional app).
Data remains on your device until you delete it in the app's settings, uninstall the app or clear the app cache. There is no automatic deletion by us.
When you share a generated QR code via the "Share" button, the QR code is temporarily saved as a PNG file in the app cache and handed over to the destination application of your choice (e.g. WhatsApp, e-mail, messenger). The respective provider of the chosen application is responsible for further processing.
On Android, the app only declares the standard INTERNET permission, which is technically required for any WebView-based app. However, no active network connections are made: all required libraries (Capacitor, qr-code-styling, jsQR, ZXing, PDF.js, Google ML Kit, Tailwind CSS) are bundled locally within the APK.
Selection of a logo, image or PDF is handled via the system file picker (Storage Access Framework) and does not require a separate storage permission. The app does not request access to location, contacts, microphone, camera or address book.
The app is distributed via the Google Play Store, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Purchasing, installation and use of the app result in data processing by Google over which we have no influence.
This includes, among other things, device ID, IP address, Google account information and purchase data. For details please consult Google's privacy policy: https://policies.google.com/privacy.
When the website is accessed, our hosting provider automatically collects technical data transmitted by your browser (so-called "server log files"). These are:
This data is not merged with other data sources. It is processed for the technical provision of the website and to defend against attacks (Art. 6 (1) (f) GDPR – legitimate interest) and is deleted after a short period.
If you contact us by e-mail, your details (name, e-mail address, content of the message) will be processed for the purpose of handling your enquiry (Art. 6 (1) (b) or (f) GDPR). We will delete your data once your enquiry has been completely processed and there are no statutory retention obligations to the contrary.
Neither the website nor the app loads any scripts, styles or fonts from external CDNs or other third-party servers. All CSS, JavaScript and image resources are served locally from the app installation or from our hosting server. No data is transmitted to third parties when the app starts – with the exception of the Google Play Store processes described in section 5.
The website boehmelabs.com/euroqrpay/ does not set any cookies. The app stores technically necessary settings (language, theme, accounts) in the so-called localStorage of the app's WebView; these are not cookies in the legal sense and are not transmitted to third parties.
Where your personal data is processed, you have the following rights. You can exercise these rights at any time by contacting us using the contact details given in the imprint:
Since the app stores all data exclusively on your device, you can exercise these rights in practical terms by deleting the relevant entries in the app, uninstalling the app or clearing the app cache.
You have the right to lodge a complaint with a data protection supervisory authority about our processing of personal data (Art. 77 GDPR). The competent authority for our company is:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-PfalzWe reserve the right to amend this privacy policy in order to keep it in line with current legal requirements or to reflect changes in our services, e.g. when introducing new features. The new privacy policy will then apply on your next visit.
Last updated: May 2026 · EuroQR Pay 1.0