9 MIN READ · TRACKING GEOLOCATION PRIVACY ANALYTICS FREE

Free Trackable QR Code With City And Country Location Data

Honest answer first. This isn't GPS. It's IP geolocation, which gives you approximate city and country for every scan. Here's how it works, what it can and can't do, and what you actually get.

QUICK ANSWER

A trackable QR code redirects through a server that records the visitor's IP address. The IP is matched against a geolocation database to estimate city and country. It's not GPS, it's not exact, but it's accurate enough to tell which city your campaign reached.

TABLE OF CONTENTS

01How IP geolocation actually works
02What the platform records on each scan
03Accuracy: what to expect
04Privacy and what we don't collect
05Putting the data to work

01 / MECHANISM

How IP geolocation actually works

When a phone scans a dynamic QR code, it opens a short URL like app.qrcodefordonation.com/q/spring. That URL hits our server before redirecting to the real destination. In that brief moment, the server reads the request headers, including the visitor's IP address.

An IP address is the network number assigned to the device's internet connection. Every internet request carries one. The server then looks up that IP in a geolocation database. The database is built from public registry data, ISP filings, and other sources that map IP ranges to physical regions. A lookup returns approximate city, region, country, and sometimes postal code.

None of this involves GPS. The phone never asks for location permission. The browser never prompts. The user just gets redirected to the destination URL after a few milliseconds. The whole lookup happens server-side and the user sees nothing different from a normal redirect. IP geolocation on Wikipedia covers the technique in depth.

The geolocation databases are maintained by commercial providers and updated frequently. New IP allocations and reassignments happen all the time, so the same IP can resolve to different cities a year apart. For real-time campaign tracking, this freshness is fine. For historical analysis, dates matter.

02 / DATA

What the platform records on each scan

Each scan creates one row in a scan log. Here's exactly what gets stored:

Timestamp - server time of the scan, accurate to the second.
IP address - the visitor's public IP at the moment of the request.
City - resolved from the IP via geolocation lookup.
Country - resolved from the IP, very high accuracy.
User agent - the device and browser string sent by the phone (used to derive device type like iPhone or Android).
Referer - the previous URL if any, usually empty for direct camera scans.

That's the complete list. Six fields. No cookies. No fingerprints. No cross-site trackers. The dashboard then aggregates these rows so you can see scans by day, by city, by country, and by device type. See location tracking for the full feature breakdown.

The data is yours. You can export the full log as a spreadsheet at any time on the paid plan, or browse it in the dashboard. The free tier includes static QR codes; tracking requires a dynamic QR which is part of the paid plan. See pricing for the breakdown.

03 / ACCURACY

Accuracy: what to expect

Be realistic. Country accuracy from IP geolocation is very high. If the scan log says United States, it's almost certainly the United States. City accuracy is the messy part.

For broadband connections (home wifi, office wifi), the city is usually accurate to within the correct metro area. Someone in Brooklyn might show up as Manhattan, and that's normal. The IP belongs to a Verizon hub in the borough next door.

For mobile networks, accuracy drops. A phone on cellular data carries an IP from the carrier's regional gateway, which might be hundreds of miles from the actual user. Someone scanning your QR in Sacramento on T-Mobile cellular might log as Los Angeles. This is a limitation of how mobile networks route traffic, not a bug in any specific lookup tool.

For VPN users, the city reflects the VPN exit node, which is usually a different country entirely. Treat any unusual long-distance scans with skepticism.

The bottom line: IP geolocation is great for "which campaign in which region" questions and bad for "exactly where was this person standing" questions. Use it the right way and it's a powerful, free tool. Geolocation covers the broader context.

04 / PRIVACY

Privacy and what we don't collect

Here's what's NOT in the scan log: names, email addresses, phone numbers, exact street addresses, postal codes (unless the IP database happens to return one), social media handles, device IDs, advertising IDs, browser fingerprints, or any cross-site cookies. The platform doesn't ask the user to install anything, doesn't drop a tracker on their phone, and doesn't share scan data with third parties.

The IP itself is the closest thing to personal data in the log. In the EU, IP addresses can be considered personal data under GDPR depending on context. If you're operating in a jurisdiction with strict privacy laws, treat the scan log as you would any other user data. Don't combine it with other identifiers without a lawful basis, and don't keep it longer than you need.

What the user sees on their end: nothing. They scan a QR, they land on your destination URL, that's it. No location prompt. No cookie banner from us. No "this site wants to know your location" dialog. From the visitor's perspective the QR just works. The tracking is server-side and invisible.

If transparency matters for your audience, say so on the destination page. A line like "We use anonymous QR analytics to count scans by region" is enough for most contexts and builds trust with skeptical donors and customers.

05 / USE

Putting the data to work

City and country data answers questions you couldn't answer before. Which conference drove the most leads? Where are your donors actually clustered? Did the radio ad in Phoenix produce any traffic? Which mailing list city tier should get the next print run?

A few practical patterns:

One QR per location. Print a different dynamic QR for each event, store, or mailing region. Compare scan counts in the dashboard.
Same destination, different slugs. Use custom short URLs like /q/austin and /q/dallas pointing to the same donation page. Now you know which city worked.
Country filter for international campaigns. Spot fraud, bot scans, and geographic trends without paying for full analytics.
Time-of-day patterns. Combine timestamp with city to see when people in different time zones engage.

None of this requires you to be technical. The dashboard does the grouping for you. You just look at the columns and read the numbers. For a deeper look at the dynamic QR setup, see dynamic QR with tracking.

FAQ

Frequently Asked Questions

Q.01 How does the QR code know the scanner's city?

It doesn't use GPS. When the scan hits the redirect URL, the server reads the IP address and looks it up in an IP geolocation database. The database returns an approximate city and country.

Q.02 How accurate is IP-based city tracking?

Country accuracy is around 99 percent. City accuracy is usually within the correct metro area but can be off by tens of miles, especially on mobile networks where the IP belongs to a regional carrier hub.

Q.03 Does the platform collect names or emails of scanners?

No. The scan log captures only IP, user agent, derived city and country, referer, and timestamp. There is no name, no email, no phone number, and no exact street address.

Q.04 Is this kind of tracking legal?

In most jurisdictions yes, because IP geolocation produces aggregate location data, not personal identifiers. Privacy laws like GDPR may still apply if you combine the data with other identifiers, so check local rules.

Q.05 Can I see scans on a map?

The dashboard shows scans grouped by city and country with counts. You get a sortable list, not a real-time pin map. Each entry includes approximate location, device type, and time.

START

Track scans by city and country

Honest analytics. No tracking pixels. No personal data. Just where scans came from.

Generate QR Code Free