Legal
Effective date: June 14, 2025 · Last updated: June 14, 2025
This Privacy Policy explains how BarcodeLab ("we", "us", or "our") collects, uses, and protects information when you use the BarcodeLab API and website at barcodelab.dev.
| Data | Why we collect it | Retention |
|---|---|---|
| Email address | Account creation, transactional emails | Until account deleted |
| Hashed password | Authentication (bcrypt, never stored in plain text) | Until account deleted |
| API usage metadata | Quota enforcement, billing, analytics (operation count, symbology type, timestamp) | 13 months |
| IP address | Rate limiting, abuse prevention (hashed after 30 days) | 30 days raw, 12 months hashed |
| Payment information | Processed entirely by Paddle — we never see card data | Paddle's retention policy |
| Website analytics | Page views, referrer, device type (no cookies, IP hashed) | 13 months |
We do not store the content of barcodes you encode or decode. The text you submit to the API is processed in memory and discarded immediately after the response is sent.
We do not sell, rent, or share your personal data with third parties for marketing purposes.
| Service | Purpose | Privacy Policy |
|---|---|---|
| Paddle | Payment processing and Merchant of Record | paddle.com/legal/privacy |
| Resend | Transactional email delivery | resend.com/privacy |
| Amazon Web Services | Server hosting (EC2) | aws.amazon.com/privacy |
We use only essential cookies required for authentication (session token stored in an HttpOnly cookie). We do not use advertising cookies or third-party tracking cookies. Our website analytics are self-hosted and cookie-free.
We implement industry-standard security measures including TLS encryption in transit, bcrypt password hashing, API key hashing (SHA-256), and regular security updates. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.
If you are located in the European Economic Area, you have the following rights regarding your personal data:
To exercise any of these rights, email support@barcodelab.dev. We will respond within 30 days.
Your data is stored on servers in the United States (AWS us-east-1). If you are located in the EU or UK, this constitutes a transfer of personal data outside your region. We rely on Standard Contractual Clauses where applicable.
The Service is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.
We may update this Privacy Policy from time to time. We will notify registered users by email before material changes take effect. The effective date at the top of this page indicates when the policy was last revised.
For privacy questions or to exercise your rights, contact us at support@barcodelab.dev.