QRCodeKey is a real-time GPS tracking platform that uses QR codes. You generate a QR code, attach it to anything (person, pet, vehicle, asset), and when someone scans it, you get the exact GPS location instantly. Operated by JAL Technology LLC, based in Springfield, Illinois.

How does QR code GPS tracking work?

Generate a QR code on QRCodeKey, print and attach it to your item. When anyone scans the QR code with their phone camera, their GPS location is captured and sent to your dashboard in real-time with coordinates, city, address, and timestamp. You receive instant SMS and push notification with a map link.

Is QRCodeKey free to use?

Yes, QRCodeKey offers a permanent free plan with 2 QR codes and basic GPS tracking — no credit card required. Paid plans start at $1.99/month for SMS notifications and more features.

How is QRCodeKey different from Apple AirTag or Tile?

QRCodeKey uses paper QR stickers ($0.10-1 each) instead of $25-29 Bluetooth hardware. No batteries to replace, no Bluetooth tracking that could be misused for stalking. Privacy-first: GPS is captured only at the moment of scan, not continuously. Plus, no subscription required for basic tracking.

Can I use QRCodeKey for employee attendance tracking?

Yes. QRCodeKey has built-in GPS-verified attendance management. Create an organization, set up groups with fixed location/geofence, members scan a QR to clock in/out. Attendance is saved only if the member is at the assigned location — anti-proxy protection without biometric data collection.

How much does QRCodeKey cost?

Free plan: $0/month (2 QR codes). Starter: $1.99/month (75 SMS). Pro: $9.99/month (500 SMS, most popular). Business: $14.99/month (1000 SMS, dedicated support). Extra QR codes on any plan: $1 each one-time. All plans support 105+ languages.

Does QRCodeKey collect biometric data or use face recognition?

No. QRCodeKey does NOT collect, store, or process any biometric data — no face recognition, no fingerprints, no voiceprints. The previous face-verification feature was retired for BIPA, GDPR Article 9, and India DPDP compliance. Anti-proxy attendance is verified via GPS geofence only.

Is QRCodeKey GDPR compliant?

Yes. QRCodeKey is fully GDPR-compliant for EU/UK users. We publish a sub-processors list, support data subject access requests (DSAR), provide a Privacy Request portal, and have Data Processing Agreements (DPAs) with all third-party providers including Stripe, MongoDB Atlas, and Vercel.

Can schools use QRCodeKey for student attendance?

Yes. QRCodeKey is FERPA and COPPA-aligned. We provide a School Data Addendum for K-12 districts, support guardian consent flows for minors under 18, and do not collect biometric data on students. Contact info@qrcodekey.com for the school addendum template.

What languages does QRCodeKey support?

QRCodeKey supports 105+ languages including English, Hindi, Gujarati, Spanish, Arabic, Tamil, Telugu, Bengali, Marathi, Punjabi, Mandarin, Japanese, Korean, French, German, Portuguese, and many more. The AI voice support agent operates 24/7 in multiple languages.

QRCodeKey is owned and operated by JAL Technology LLC, registered in Illinois, USA. Headquartered at 2501 Chatham Rd Suite N, Springfield, IL 62704. USPTO trademark filed (Class 9 + Class 42, Serial #99794932).

Can I get a refund if I'm not satisfied?

Yes. QRCodeKey offers a 7-day money-back guarantee on paid subscriptions. EU customers have a 14-day right of withdrawal per EU Consumer Rights Directive. Refund requests can be submitted via info@qrcodekey.com or the Refund Policy page.

← Home Terms of Service

Customer agreement templates

Download the agreement that fits your use case, fill in your organisation's details, sign electronically, and email the executed copy back to info@qrcodekey.com. We will counter-sign within five business days, subject to review, and you can begin processing the relevant data after counter-signature.

⚠️ Important Legal Notice — Read Before Downloading

These templates are professional starting drafts intended as a baseline for negotiation. They have not been reviewed by attorneys licensed in your jurisdiction. By downloading or using these templates, you acknowledge that:

QRCodeKey / JAL Technology LLC provides these templates "AS IS" without any warranty of legal sufficiency, completeness, or fitness for a particular purpose.
These templates are NOT legal advice and do not create an attorney-client relationship.
You are solely responsible for having qualified counsel review and adapt these templates to your specific circumstances, jurisdiction, and applicable laws.
QRCodeKey is not liable for any loss, damage, regulatory penalty, or claim arising from your use of these templates.
Execution of any agreement based on these templates is at your own risk and discretion.

For substantive negotiation or execution, we strongly recommend each party engage independent legal counsel licensed in the relevant jurisdiction(s) (US state law, EU Member State, UK, India, etc.).

Standard Protective Terms (apply to all templates above)

Unless expressly negotiated otherwise in a signed amendment, the following standard provisions apply to all three template agreements:

Limitation of Liability: Each party's aggregate liability under the agreement is capped at the total fees paid by Customer to QRCodeKey in the twelve (12) months immediately preceding the event giving rise to the claim. Neither party is liable for indirect, incidental, consequential, special, punitive, or exemplary damages.
Mutual Indemnification: Each party will indemnify the other for third-party claims arising from its own breach, gross negligence, or wilful misconduct.
Governing Law: Illinois, USA (without regard to its conflict-of-laws principles). For EU/UK customers, GDPR Standard Contractual Clauses and local data-protection law also apply where required.
Dispute Resolution: Good-faith negotiation first; then binding arbitration under AAA Commercial Rules in Cook County, Illinois. Each party may seek injunctive relief in any court of competent jurisdiction.
Insurance: Coverage requirements (if any) will be specified during onboarding; not a condition of executing the template.
Force Majeure: Neither party is liable for delay or failure caused by events beyond reasonable control (natural disasters, war, government action, internet outage, etc.).
Severability: If any provision is held unenforceable, the remainder remains in effect.
Counterparts & Electronic Signatures: The agreement may be executed in counterparts and electronically (e.g., DocuSign, Adobe Sign) — each constitutes a binding original.

These protective terms exist for the benefit of both parties and are deemed incorporated into the template by reference, unless the executed agreement expressly states otherwise.

📋 Eligibility & minimum commitment

Execution of a HIPAA BAA, FERPA School Data Addendum, or GDPR Article 28 DPA is reserved for Customers on an annual paid plan with a minimum annual commitment of USD $1,200 (equivalent to Business plan annual). For lower-volume Customers, processing of regulated data (PHI, education records, EU personal data) is not supported on our platform. This eligibility threshold helps both parties manage compliance and liability risk responsibly.

HIPAA Business Associate Agreement (BAA)

Healthcare

Terms Section 9D · 10 pages · PDF

When you need it: You are a Covered Entity or Business Associate under HIPAA (clinic, hospital, doctor, dentist, pharmacy, mental-health practice, lab, urgent-care) and want to process Protected Health Information (PHI) through QRCodeKey.

⬇ Download PDF Preview in browser Send signed copy

FERPA School Data Addendum

Education

Terms Section 9E · 11 pages · PDF

When you need it: You are a U.S. K-12 school, school district, college, or university handling student "education records" under FERPA, or processing student data under state student-privacy laws (CA SOPIPA, NY Ed Law § 2-d, IL SOPPA, CT, CO, MD, TX).

⬇ Download PDF Preview in browser Send signed copy

GDPR Article 28 Data Processing Agreement

Enterprise / EU

Terms Section 9G + GDPR Article 28 · 16 pages · PDF

When you need it: You are an EU / UK / EEA / Swiss customer, or a global enterprise that wants a standalone Article 28 (or equivalent) processor agreement covering GDPR, UK GDPR, India DPDP, Brazil LGPD, CCPA / CPRA service-provider terms, PIPEDA, Australia APP, and other regimes.

⬇ Download PDF Preview in browser Send signed copy

After you sign and send

We acknowledge receipt within 2 business days.
QRCodeKey will review the executed copy and, if acceptable, counter-sign within 5 business days. QRCodeKey reserves the right to decline execution or propose redlines at its sole discretion.
If we propose redlines we will mark them up in tracked changes and explain. No agreement is effective until QRCodeKey has counter-signed.
Once fully executed by both parties, both keep a copy. Customer may begin processing the relevant data through QRCodeKey only after counter-signature.
Renewal is automatic and tracks the underlying QRCodeKey Terms of Service. Either party may terminate per the executed agreement.

Need the editable Word (.docx) version?

Email info@qrcodekey.com with subject "Word version of customer agreement" and tell us which template you need (BAA, School Addendum, or DPA). We will send the .docx so you can fill in your fields, redline if needed, and return tracked changes.

Customer agreement templates

HIPAA Business Associate Agreement (BAA)

FERPA School Data Addendum

GDPR Article 28 Data Processing Agreement

After you sign and send

Need the editable Word (.docx) version?

Other agreement questions