Last updated: February 25, 2026
QR by Dyst is provided by Dyst AS. Dyst AS is the data controller for this service.
We process only what is needed to run and secure the service, including your email address, authentication/session metadata, and the links/settings you create (such as short codes, destination URLs, fallback URLs, style settings, and uploaded logo images).
Legal basis: performance of a contract (providing the service) and legitimate interests (security, abuse prevention, and service reliability).
We do not sell personal data. We may use service providers to deliver sign-in emails and host the service infrastructure.
Deleted links are removed from normal use and later permanently removed from primary systems. Data may still remain in logs and backups for limited periods. Permanent deletion requests require account deletion requests.
We may process technical metadata such as IP address, user agent, request timing, and route access in operational logs for security and reliability.
Under GDPR, you may request access, correction, deletion, and export of your data where applicable. You may also lodge a complaint with Datatilsynet.
To exercise your rights, contact Dyst AS at dyst.no/contact.
By using this service, you acknowledge that no internet system is perfectly secure and that security incidents may still occur despite reasonable safeguards.