Your files stay on your device
The foundation of QRix privacy is architectural, not a promise: the browser tools have no upload step. Your file is read into the browser tab, processed there with web technologies, and saved back locally, as described in How it works.
This means there is no server-side copy of your document, photo, or video to be stored, leaked, subpoenaed, or breached. The safest data is data that was never collected, and for on-device tools QRix never collects the file at all.
You do not have to take this on faith. Open your browser's developer tools, watch the Network tab, and run any browser tool — you will see the tool's code load, but not your file being transmitted. Many tools even keep working after you go offline.
What we store
QRix stores as little as possible. If you choose to create an account for the optional cloud features, that involves your email and the settings tied to your account. Browsing the site and using the browser tools does not require an account at all.
Convenience features like favorites, recent tools, and history are kept in your browser's local storage by default, on your own device, not on a central server. You can clear them at any time through your browser, and they do not follow you to another machine unless you deliberately sync them.
For product analytics, QRix records coarse, non-identifying signals — such as country, device category, browser, and referrer — to understand usage. Sensitive or personal data is never placed in URLs or query strings, so it does not end up in logs or referrer headers.
Security headers
QRix sets a strong set of HTTP security headers on its pages. Strict-Transport-Security (HSTS) with a two-year max-age, includeSubDomains, and preload forces browsers to always connect over encrypted HTTPS, protecting against downgrade and interception.
X-Frame-Options set to SAMEORIGIN and a Content-Security-Policy of frame-ancestors 'self' prevent other sites from embedding QRix in a hidden frame, which defeats clickjacking. X-Content-Type-Options set to nosniff stops browsers from misinterpreting file types.
Referrer-Policy is set to strict-origin-when-cross-origin so full page addresses are not leaked to other sites, and a Permissions-Policy restricts powerful features — camera is allowed only for QRix's own scanner, while microphone, geolocation, and browsing-topics are switched off. QRix also omits the X-Powered-By header so it does not advertise its stack.
The cloud AI exception
The one place data intentionally leaves your device is the cloud AI features, and only when you run one. In that case the specific input you submit — a prompt or an image — is sent to an AI provider to generate the result, then returned to you.
This is the deliberate exception described in AI and video tools, made necessary because generative models cannot run in a browser. QRix labels these tools clearly so you always know when a task uses the cloud rather than staying local.
QRix does not repurpose these inputs, does not upload your files in the background, and does not send anything to a cloud provider for the on-device tools. If a file must never leave your machine, use an on-device tool for that job — one exists for nearly every non-generative task.
Your controls
Because most of QRix runs locally and requires no account, you are in control by default. There is no signup wall to use the browser tools, no watermark on your output, and no export limit pushing you toward a paid plan.
Local data — favorites, history, and preferences — lives in your browser and can be cleared whenever you like. Account data, if you create an account, is limited to what the optional features need to function.
In short, QRix is built so that the private path is also the default path. For everyday QR, PDF, image, and video work, your data simply never leaves your device, and the few cloud features that do are clearly marked and entirely opt-in.