Privacy Policy
Who We Are
BarcodeGen.org operates the free web barcode generator at barcodegen.org and the Barcodegen Android app available on Google Play (package ID: org.barcodegen.app). For privacy questions, contact us at hello@barcodegen.org.
Web BarcodeGen.org Website
Barcode generation
All barcode generation on barcodegen.org happens entirely in your browser using client-side JavaScript (bwip-js library). The barcode value you type is never sent to our servers or any third party. No barcode data is stored, logged, or transmitted.
Analytics (Umami)
We use Umami, a privacy-respecting open-source analytics platform, to understand aggregate site usage. Umami collects page views, referrer, browser type, and device type. It sets no cookies and collects no personally identifiable information. Data is stored on our own server (142.91.103.77). We do not use Google Analytics.
Advertising (Google AdSense)
We display advertisements through Google AdSense (publisher ID ca-pub-2713479537602361). Google may use cookies and device identifiers to serve ads based on your prior visits to this and other websites. You can review your ad preferences or opt out of personalized advertising at Google's ad settings page (g.co/adsettings). We do not control the cookies set by Google for advertising purposes.
Cookies
BarcodeGen.org does not set any first-party cookies. Third-party services displayed on the site (Google AdSense) may set their own cookies. Umami analytics does not use cookies.
Third parties (web)
The web site loads no external fonts, CDN resources, or tracking pixels beyond the Umami analytics script hosted on our own server and Google AdSense. We previously referenced Google Fonts in an earlier version of this policy; that reference no longer applies as all fonts are now served inline or via system-font fallbacks.
App Barcodegen Android App (org.barcodegen.app)
Permissions used
- Camera — Required to scan barcodes. Camera frames are processed on-device by Google MLKit and immediately discarded. No camera images are stored, uploaded, or transmitted.
- Storage / Files — Used only when you explicitly export your scan history to CSV or JSON. The exported file is written to your device's local storage and opened in your chosen app via the system share sheet. No file content is sent to our servers.
- Internet — Required for crash reporting (Sentry) and in-app purchase verification (RevenueCat / Google Play Billing). Not used for barcode scanning or generation, which are fully offline.
Data collected by the app
| Data type | Collected | Leaves device | Purpose |
|---|---|---|---|
| Camera frames | Processed on-device | No | Barcode decoding via MLKit |
| Scanned barcode values | Stored locally (SQLite) | No | Local scan history, search, and starred collections |
| Generated barcode input | Stored locally (SQLite) | No | Generated items history and collections |
| App settings / preferences | Stored locally (MMKV) | No | User preferences |
| Crash reports | Yes — via Sentry | Yes (Sentry servers) | Bug detection and stability |
| Purchase state | Yes — via RevenueCat | Yes (RevenueCat + Google Play) | Pro entitlement verification |
| Anonymous analytics events | Event names only (no PII) | Planned (PostHog) — not yet active in v1 | Product improvement |
Crash reporting (Sentry)
We use Sentry for crash and error reporting. Before any crash data is sent, our app applies a PII scrub filter that strips barcode values, URLs, Wi-Fi credentials, email addresses, vCard data, and phone numbers from all Sentry payloads. What Sentry receives is: anonymized stack traces, device model, OS version, and app version. No barcode content ever leaves the device in a crash report. Sentry operates under its own privacy policy. Crash log retention is governed by Sentry's default retention period (90 days on the free plan).
In-app purchases (RevenueCat + Google Play Billing)
Pro upgrades are processed by Google Play Billing. We use RevenueCat to verify purchase entitlements. Neither we nor RevenueCat ever receive your payment card information — all payment processing is handled by Google. RevenueCat receives a non-PII purchase token from Google Play to confirm entitlement status. RevenueCat operates under its own privacy policy.
Advertising (Google AdMob)
The free tier of the app displays banner ads served by Google AdMob. AdMob may use a device advertising identifier (Android Advertising ID) to serve relevant ads. Pro users do not see ads and AdMob is not initialized for Pro accounts. AdMob operates under Google's privacy policy. You can reset or opt out of the advertising identifier in your Android device settings under Google > Ads.
Analytics (PostHog)
The app is architected to support PostHog analytics for anonymous product-usage events (e.g. "scan completed", "paywall viewed"). In v1, the PostHog SDK is a non-transmitting stub — no data leaves the device. When PostHog is activated in a future update, this policy will be updated to reflect what anonymous event data is sent. PostHog operates under its own privacy policy.
What we do not collect
- No account is required and none is created by default — we have no user accounts to associate data with.
- We do not collect your name, email address, phone number, or location.
- We do not read, store, or transmit the content of any barcode you scan.
- We do not share or sell any data to third-party data brokers or advertisers.
Data Retention
Web site: Umami analytics data is stored on our server with no fixed expiry (aggregate data only, no PII). Google AdSense cookies are managed by Google per their retention policy.
App — local data: Your scan history, generated items, collections, and settings are stored on your device only. You can delete individual entries, clear all history, or uninstall the app to remove all local data. There is no cloud backup in v1; uninstall removes everything.
App — Sentry: Crash reports are retained by Sentry for approximately 90 days on our plan before automatic deletion.
App — RevenueCat: Purchase records are retained by RevenueCat as needed for receipt validation and restore-purchase functionality, per their data retention policy.
Children's Privacy
Our services are not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has submitted information through our services, contact us at hello@barcodegen.org and we will address it promptly.
Your Rights
You may request access to, correction of, or deletion of any personal data we hold about you by emailing hello@barcodegen.org. For app users: all locally stored scan data can be deleted directly from within the app (Settings → Privacy & Data → Delete All History). Uninstalling the app removes all local data from your device.
For crash data held by Sentry: contact us at the email above and we will submit a deletion request to Sentry on your behalf, referencing the device ID if available.
Changes to This Policy
We may update this privacy policy from time to time. When we do, we will update the effective date at the top of this page. Continued use of BarcodeGen.org or the Barcodegen app after changes constitutes acceptance of the updated policy. For significant changes, we will provide an in-app notice in the next app update.
Contact
Privacy-related questions: hello@barcodegen.org
Third parties named in this policy (Google, Sentry, RevenueCat, Google AdMob, PostHog) each operate under their own separate privacy policies. Our reference to them here is for disclosure only; we do not speak for their data practices.