qrius.io
Sign inStart Free
๐Ÿฅ

GDPR-Compliant QR Codes for Healthcare Providers

Patient information, appointment booking, and clinic WiFi โ€” with the strictest possible data protection.

Start free โ€” no credit cardTry the generator โ†’

How healthcare use Qrius

โœ“Appointment booking links on clinic materials
โœ“Patient information sheets accessible via QR
โœ“Medication instructions or discharge summaries
โœ“Staff contact vCards for internal directories

Healthcare and GDPR โ€” what you need to know

Healthcare data is Article 9 special category data under GDPR. Even scan metadata touching patient interactions requires maximum data minimisation. Qrius stores zero raw IPs and hosts all data in Sweden under strict EU data protection law.

Qrius never stores raw IP addresses, sets no cookies on scan, and keeps all data on EU servers in Stockholm, Sweden. Full GDPR Article 28 DPA available on paid plans.

Full GDPR technical overview โ†’

Recommended QR code types

URL / Dynamic linkvCardEvent QR

All types available in the free generator and QR explorer.

Frequently asked questions

Can hospitals use QR codes without violating patient privacy?

Yes, with the right platform. The key is data minimisation (GDPR Article 5(1)(c)). Qrius never stores raw IP addresses, uses no cookies on scan, and all data stays in the EU. A QR code linking to a booking page does not constitute processing of health data if the scan itself creates no personal data record.

Do you offer a DPA for healthcare organisations?

Yes. A full GDPR Article 28 Data Processing Agreement is available on paid plans. It covers processing purposes, technical and organisational measures (TOMs), sub-processor disclosure, and Swedish governing law. Download it at qrius.io/dpa.

Where is healthcare-related QR scan data stored?

All data is stored on servers in Stockholm, Sweden โ€” within the EU. No data is transferred to the US or any third country outside the EEA. This eliminates Schrems II considerations for your information governance team.

Is Qrius suitable for NHS, NHI, or Scandinavian healthcare systems?

Yes. EU/EEA-hosted, DPA available, no US transfers, no raw IP storage. The data protection architecture satisfies the requirements of national health information governance frameworks across Scandinavia and the EU.

๐Ÿ‡ช๐Ÿ‡บ

GDPR-compliant by design โ€” not by policy

Your visitors' IP addresses are never stored. On each scan we run a geo-lookup, then immediately hash the IP with HMAC-SHA256 and a daily rotating salt. The original address is discarded. No cookies. No fingerprinting. All data stays on EU servers in Stockholm, Sweden.

โœ“ No raw IP addressesโœ“ No cookiesโœ“ EU hostingโœ“ DPA availableโœ“ Schrems II safe

Need documentation for your DPO? Full GDPR overview โ†’ ยท Download DPA โ†’

Ready to get started?

Free plan available. GDPR-compliant from day one. No credit card required.

Create free account โ†’