Last updated: May 14, 2026

Privacy Policy

This policy explains what data UPCGen collects, why, and how it is handled.

Information we collect

• Account data: email, password hash, optional name — collected when you register.
• Generated barcodes: the format and code value of each barcode you generate, plus a timestamp. Used to enforce quotas and show your history on the account page.
• IP addresses: recorded for anonymous quota enforcement only. We read the cf-connecting-ip header set by Cloudflare.
• Payment data: processed by Stripe. We never see your full card number. Stripe returns us a customer ID and subscription status, which we store.
• Cookies: a session cookie (set by Better Auth), a locale preference cookie (NEXT_LOCALE), a consent cookie (upcgen-consent), and Google Analytics cookies (_ga, _ga_*) when analytics consent is granted.

Analytics & consent

We use Google Analytics 4 to measure aggregate site usage (pageviews, traffic sources, device categories). This helps us prioritize features and fix UX issues.

By using UPCgen.com, you consent to the placement of analytics cookies on your device, except where applicable law requires explicit consent. For visitors located in the European Union, European Economic Area, United Kingdom, or other regions with similar consent requirements, we display a consent banner on your first visit, and we will not place analytics cookies on your device unless you click "Accept." If you click "Reject," Google Analytics operates in "cookieless ping" mode and only counts aggregate visits without identifying you.

You can withdraw consent at any time by deleting the upcgen-consent cookie from your browser. The banner will reappear on your next visit.

How we use it

• To operate the Service: render barcodes, enforce quotas, gate Pro/Business features.
• To process payments and manage subscriptions via Stripe.
• To respond to support requests when you email us.
• To detect abuse and prevent fraud.

Third parties

• Stripe — payment processing. Stripe Privacy Policy.
• Cloudflare — DNS and edge proxy. Cloudflare Privacy Policy.
• Google Analytics 4 — aggregate site analytics (subject to consent, see "Analytics & consent" below). Google Privacy Policy.
• Google Fonts — Poppins font, self-hosted via next/font/google, so no requests leave to Google at runtime.

Data retention

We retain account and barcode history for as long as your account is active. You can request deletion at any time by emailing [email protected]. Stripe retains payment records per its own retention policy and applicable financial regulations.

Your rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or export your personal data. To exercise these rights, email [email protected]. We will respond within 30 days.

Security

Passwords are hashed (not stored in plaintext). API keys are hashed before storage. The application runs on a self-managed VPS behind Cloudflare with TLS in transit. No system is perfectly secure; we monitor and patch promptly.

Children

UPCGen is not directed at children under 13 and we do not knowingly collect personal data from them. If you believe a child has provided us data, email [email protected] and we will delete it.

Changes

Material changes to this policy will be announced via email or in-app notice at least 7 days before they take effect.

Contact

Privacy questions or data requests: [email protected]