qrius.io
Sign inStart Free
๐Ÿ›๏ธ

GDPR-Compliant QR Codes for Government and Public Sector

Public information, service access, and citizen engagement โ€” with full Swedish/EU data sovereignty.

Start free โ€” no credit cardTry the generator โ†’

How government & public sector use Qrius

โœ“Public information leaflets and notice boards
โœ“Municipal service access via QR
โœ“Tourist information and cultural heritage signage
โœ“Internal staff contact directories

Government & Public Sector and GDPR โ€” what you need to know

Public sector organisations are directly subject to GDPR as data controllers. Citizens have enhanced rights and expectations. Qrius eliminates IP address processing entirely โ€” audit-ready, no supervisory authority risk.

Qrius never stores raw IP addresses, sets no cookies on scan, and keeps all data on EU servers in Stockholm, Sweden. Full GDPR Article 28 DPA available on paid plans.

Full GDPR technical overview โ†’

Recommended QR code types

URL / Dynamic linkvCardEvent QR

All types available in the free generator and QR explorer.

Frequently asked questions

Can municipalities use Qrius without a procurement tender?

Our free plan covers basic use cases with no contract required. For formal procurement, we can provide technical documentation, DPA, and security questionnaire responses. Contact us at [email protected].

Is Qrius suitable for GDPR-audited public sector environments?

Yes. We provide: full DPA (GDPR Article 28), technical and organisational measures documentation, EU data residency confirmation (Stockholm, Sweden), zero raw IP address processing, and no US sub-processors for core services.

What happens to citizen scan data under Swedish law?

Qrius is operated under Swedish law, supervised by Integritetsskyddsmyndigheten (IMY). Because we store no raw IP addresses, there is no personal data from QR scans that IMY could request or that would be subject to subject access requests.

Can QR codes on public signage be updated without replacing physical signs?

Yes. Dynamic QR codes let you update the destination URL without touching the physical sign. Critical for public notices, emergency information updates, or seasonal service changes.

๐Ÿ‡ช๐Ÿ‡บ

GDPR-compliant by design โ€” not by policy

Your visitors' IP addresses are never stored. On each scan we run a geo-lookup, then immediately hash the IP with HMAC-SHA256 and a daily rotating salt. The original address is discarded. No cookies. No fingerprinting. All data stays on EU servers in Stockholm, Sweden.

โœ“ No raw IP addressesโœ“ No cookiesโœ“ EU hostingโœ“ DPA availableโœ“ Schrems II safe

Need documentation for your DPO? Full GDPR overview โ†’ ยท Download DPA โ†’

Ready to get started?

Free plan available. GDPR-compliant from day one. No credit card required.

Create free account โ†’