Every operation in QRDoc โ URL parsing, validation, direct-link conversion, and QR code rendering โ runs entirely within your browser using the JavaScript engine on your device.
connect-src 'self', which technically prevents the page from making network requests to any external server โ even if the code tried to.
The table below summarises every type of data touched by QRDoc and how it is handled:
| Data Type | How It's Used | Sent to Server? |
|---|---|---|
| Document share URL | Parsed and validated in-browser; used to generate the QR code | Never |
| Selected cloud platform | Used locally to choose the correct URL conversion logic | Never |
| Generated QR image | Rendered to an HTML canvas element; downloaded directly to your device | Never |
| Rate-limit counters | Stored in browser memory (JavaScript Map) only for the current session | Never |
| Security event logs | Written to browser console only (DevTools); not transmitted anywhere | Never |
QRDoc sets no cookies of any kind โ neither first-party nor third-party.
QRDoc loads one third-party JavaScript library: QRCode.js, served from the Cloudflare CDN (cdnjs.cloudflare.com). This library runs locally in your browser and does not send data to any Cloudflare or third-party server.
The library is loaded with a Subresource Integrity (SRI) hash, which means your browser verifies the file has not been tampered with before executing it. If the hash does not match, the library will not load.
connect-src 'self' directive enforces this technically.
Because QRDoc stores no data on any server, there is nothing to retain or delete on our end. All state โ including the URL you pasted and the QR code generated โ exists only in your browser's memory for the duration of your session.
beforeunload event.If you have questions about how QRDoc handles data, or if you believe you have identified a privacy concern, you can reach the developer at:
Ashwinkumar D Basari ยท via LinkedIn or the contact details on the About page.