Security at Qrisen
You put our codes on printed books that outlive software trends. That's a responsibility we build for — here is how.
Your account
Passwords are stored only as strong one-way hashes and are checked against known data-breach lists at signup, with a 12-character minimum. Sessions are database-backed: you can see every signed-in device in Settings → Security and revoke any of them instantly. Password reset and email verification flows are built in, and sign-in with Google or Microsoft is supported.
Your data
Everything runs on Microsoft Azure in the UK South region — database, file storage and hosting. Data in transit is encrypted with TLS; secrets live in Azure Key Vault, never in code. Payments are handled entirely by Stripe: card details never touch our servers.
People who scan your codes
QR abuse is real, so protecting scanners is non-negotiable. Codes that point at malicious or deceptive destinations are removed under our acceptable-use policy, and destination monitoring is being expanded continuously. Report a suspicious Qrisen code to abuse@ingeniant.com and a human will act on it.
Privacy by default
We run no advertising or cross-site tracking cookies — only the strictly necessary sign-in session, which is why there is no cookie banner to click. Scan analytics record approximate location and device family, never precise identity. See the Privacy Policy for the full picture.
Permanence, responsibly
Printed codes never die: your hosted pages and redirects stay live even if your subscription lapses. The only exception is abuse — a code that endangers scanners will be disabled, because permanence must never protect a phishing page.
Responsible disclosure
Found a vulnerability? We want to hear about it. Email security@ingeniant.com (also published at /.well-known/security.txt). We respond quickly, we appreciate coordinated disclosure, and we credit researchers who want it.