Looking for a Beaconstac alternative
that passes GDPR review?
Beaconstac: Enterprise QR platform — powerful but US-hosted and expensive.
Qrius stores everything in Stockholm, Sweden. We never log raw IP addresses. DPA included. Switch in 5 minutes.
Beaconstac transfers QR scan data to the United States
Beaconstac is headquartered in New York, USA and processes data on United States (AWS us-east-1) infrastructure. Under the Schrems II ruling (CJEU C-311/18), transferring personal data from the EU to the US requires valid transfer mechanisms. Because IP addresses are personal data under GDPR Art. 4(1), every QR scan creates a cross-border transfer event. Many EU DPOs flag this as a residual compliance risk, particularly for B2C applications.
Side-by-side comparison
| Feature | Qrius.io | Beaconstac |
|---|---|---|
| Data hosting | ✓Stockholm, Sweden (EU) | ✗United States (AWS us-east-1) |
| IP address storage | ✓Never stored (HMAC-SHA256 hashed) | ✗Raw IP addresses logged |
| Cookies on scan | ✓No cookies, no consent banner | ✗Yes — tracking cookies set |
| GDPR Article 28 DPA | Yes — available on all paid plans | Yes (may require sales contact) |
| Schrems II risk | ✓None — all data in EU | ✗Yes — data transferred to US |
| Free plan | ✓Yes — unlimited static + analytics trial | ✗No free plan |
| Paid plan starting price | ✓€9/month (Pro) | ✗€15/month |
| Dynamic QR codes | Yes — update destination anytime | Yes |
| Scan analytics | Yes — country, device, browser, real-time | Yes |
| REST API | Yes — OpenAPI spec, all plans | Yes (may require paid plan) |
Why compliance teams choose Qrius over Beaconstac
Privacy by architecture
IP addresses are hashed with HMAC-SHA256 and a daily rotating salt immediately on scan. The original IP is discarded — it is physically impossible to reconstruct it. This is not a policy promise. It is a mathematical guarantee.
EU data sovereignty
All data is stored in Stockholm, Sweden. No US sub-processors for core data processing. No Standard Contractual Clauses required. No Schrems II supplementary measures needed. Clean.
DPA in 2 clicks
Download a full GDPR Article 28 DPA from qrius.io/dpa. No sales call, no enterprise procurement dance. Share it with your DPO today.
Beaconstac vs Qrius — frequently asked questions
Does Beaconstac store IP addresses?
Yes. Beaconstac logs raw IP addresses and full user agent strings for scan analytics. Their infrastructure runs on AWS us-east-1 (Virginia, USA), meaning all scan data — including IP addresses — is processed and stored in the United States.
Is Beaconstac compliant with GDPR and Schrems II?
Beaconstac has a DPA based on SCCs for EU–US transfers. However, because scan data (including IP addresses) is processed on AWS us-east-1 (US soil), European DPOs must assess whether SCCs provide sufficient protection against US surveillance laws. Many don't accept this risk for B2C applications.
Does Beaconstac have a free plan?
No. Beaconstac has no free tier. Plans start at $15/month for only 5 QR codes. Qrius offers a permanent free plan with no QR code limit for static codes, plus analytics on paid plans starting at €9/month.
What features does Qrius have that Beaconstac lacks?
The main difference is data sovereignty. Qrius stores zero raw IP addresses (HMAC-SHA256 hashing with daily rotating salt) and hosts everything in Stockholm, Sweden — no US exposure. For European enterprises, this eliminates Schrems II risk entirely.
Switch from Beaconstac to Qrius today
Free plan. No credit card. GDPR-compliant from day one. DPA available on Pro and Business.
Questions? [email protected]