Privacy Policy

This Privacy Policy describes how Play Nice Together, Inc. ("we," "us," or "our") collects, uses, and shares information when you visit barcodegenerator.fyi (the "Site"). By using the Site, you agree to the collection and use of information as described below.

1. Who we are

The Site is operated by Play Nice Together, Inc., a business registered in New York, United States.

2. What the tool does with your input

The bar code generator on this Site runs entirely in your browser. The data you enter into the generator (such as URLs, text, contact information, network credentials, or images you upload) is processed locally on your device and is not transmitted to our servers. We do not have access to, store, or retain the inputs you provide to the generator.

This means we cannot retrieve, recover, or share inputs you have entered. It also means generator inputs are not subject to the data collection described elsewhere in this policy.

3. Information we collect

While we do not collect generator inputs, we do collect certain information when you visit the Site through the analytics and advertising services described below.

3.1 Information collected automatically

When you visit the Site, the following information is collected automatically by us and our third-party service providers:

• Your IP address (logged in full by our web server, load balancer, and security infrastructure for operational and security purposes; anonymized to the first two octets in our self-hosted Matomo; collected in full by Google Analytics only if you consent to it)
• Browser type, version, language, and user agent string
• Operating system and device type
• Referring URL (the page you came from)
• Pages visited on the Site, time spent, and clicks
• Approximate geographic location (typically country and region) derived from IP address
• Date and time of your visit
• Cookies and similar tracking technologies (see Section 5; advertising and Google Analytics cookies are only set if you consent)

3.2 Information you provide directly

If you contact us by email, we collect your email address and the contents of your message. We retain this correspondence as long as needed to respond and for our records.

4. Third-party services

We use the following third-party services on this Site. Each has its own privacy practices, which we encourage you to review.

4.1 Google Analytics (consent required)

If you consent through our cookie banner, we use Google Analytics, a web analytics service provided by Google LLC, to collect aggregate data about how visitors use the Site. Google Analytics uses cookies to track visitor interactions and may transfer this information to servers in the United States. The information collected includes pages viewed, time spent on the Site, and approximate location.

Google Analytics does not load until you accept it. If you decline or do not respond to the cookie banner, Google Analytics will not run on your visit.

You can learn more about Google's privacy practices at policies.google.com/privacy. You can withdraw consent at any time using the "Cookie Preferences" link in our footer, install the Google Analytics Opt-out Browser Add-on, or use your browser's tracking-protection settings.

4.2 Matomo Analytics (runs by default)

We also use Matomo Analytics, a web analytics platform that we self-host on infrastructure under our control. Matomo runs for all visitors and does not require consent. We rely on this configuration on the legitimate interest in understanding how the Site is used, balanced against minimal privacy impact:

• IP anonymization is enabled. The last two octets of every visitor IP address are masked before logging, so we do not retain full IP addresses through Matomo and cannot uniquely identify individual visitors.
• Cookies are disabled. Matomo runs in cookieless mode on this Site; no Matomo identifiers are stored on your device.
• Self-hosted. Matomo data is stored on infrastructure we operate; it is not shared with any third party.
• No cross-site tracking. Matomo data is scoped to this Site only and is never combined with data from other websites.
• Do Not Track honored. If your browser sends the Do Not Track signal, Matomo will not collect data about your visit.

Under the European Union's General Data Protection Regulation, this configuration falls under the legitimate interest legal basis (Article 6(1)(f)) and does not require consent. The French data protection authority (CNIL) has specifically identified Matomo with the above safeguards as exempt from consent requirements.

You can opt out of Matomo at any time by enabling Do Not Track in your browser, or by contacting us to request that we exclude your visits.

4.3 Google AdSense (consent required)

If you consent through our cookie banner, we use Google AdSense, an advertising service provided by Google LLC, to display advertisements on this Site. Google AdSense uses cookies (including DoubleClick DART cookies) and similar technologies to serve ads based on your prior visits to this Site and other sites on the internet.

Google AdSense does not load until you accept it. If you decline or do not respond to the cookie banner, Google AdSense and its associated tracking will not run on your visit; you will see no ads on the Site.

Google's use of advertising cookies enables Google and its partners to serve ads to users based on their visit to this Site and/or other sites on the internet. You may opt out of personalized advertising by visiting Google's Ads Settings. Additionally, you can opt out of third-party vendor use of cookies for personalized advertising by visiting aboutads.info or youronlinechoices.com (for users in the EU/EEA/UK).

For more information about how Google uses data when you use partners' sites or apps, see policies.google.com/technologies/partner-sites.

4.4 Server logs and security infrastructure (runs by default)

Our web server (Nginx), load balancer (Amazon Web Services Application Load Balancer), web application firewall (AWS WAF), and self-hosted log aggregation platform (Grafana Loki) automatically log information about every request to the Site as part of their normal operation. This logging is not optional; it is necessary to operate the Site, route traffic correctly, and protect against abuse and attack. Cookie consent does not affect this logging because no cookies are involved.

The logged information includes:

• Your IP address (full, not anonymized at the log layer)
• Date and time of the request
• The URL requested and the HTTP method
• The HTTP status code returned
• The size of the response
• The referring URL, if any
• Your user agent string
• TLS connection details (load balancer only)
• WAF rule evaluation results (security firewall only)

We use these logs solely for:

• Operating, debugging, and maintaining the Site
• Detecting and mitigating attacks, abuse, and excessive traffic
• Investigating security incidents
• Complying with legal obligations

We do not use these logs for analytics, profiling, marketing, or any purpose unrelated to operations and security. They are not shared with advertising or analytics partners.

Our access logs from AWS Application Load Balancer and AWS WAF are stored in Amazon S3 and automatically deleted after 90 days through an S3 lifecycle policy. Amazon Web Services, our infrastructure provider, processes log data on our behalf under their data processing agreement and stores it in the United States. Nginx access logs from our application servers are forwarded to our self-hosted Grafana Loki log aggregation platform and automatically deleted after 90 days through Loki's retention policy.

The legal basis for this processing is our legitimate interest under Article 6(1)(f) of the GDPR in operating, securing, and maintaining the Site. The privacy impact is balanced against the operational and security necessity, and we have determined the processing is proportionate. Under California law, this processing falls within the security and integrity of services exception and is not a "sale" or "share" of personal information.

5. Cookies and tracking technologies

Cookies are small text files stored on your device by your browser. The cookies and similar technologies used on this Site fall into the following categories:

• Strictly necessary: Required for the Site to function. Do not collect personal information and cannot be disabled.
• Anonymous analytics (Matomo): Our self-hosted Matomo runs in cookieless mode and does not store identifiers on your device. It runs by default on the legitimate-interest basis described in Section 4.2; no consent is required because no cookies are set and no identifiable data is collected.
• Google Analytics cookies: Set by Google Analytics to measure how the Site is used. Loaded only after you provide consent through our cookie banner.
• Advertising cookies: Set by Google AdSense and its advertising partners to deliver and measure relevant advertisements. Loaded only after you provide consent through our cookie banner.

You can change your cookie preferences at any time by clicking the "Cookie Preferences" link in the Site footer. You can also manage cookies through your browser settings, though some features of the Site may not work correctly without certain cookies.

6. How information is used

We use the information we collect to:

• Operate, maintain, and improve the Site
• Understand how visitors use the Site
• Detect and prevent fraud, abuse, and security incidents
• Display advertising that may be relevant to you
• Comply with legal obligations

7. Information sharing

We do not sell your personal information. We share information only as follows:

• With service providers who help us operate the Site (such as Amazon Web Services for hosting and infrastructure, Google Analytics, and Google AdSense as described in Section 4), under the terms of their respective agreements with us
• For legal compliance when required by law, court order, or government request
• To protect rights and safety of Play Nice Together, Inc., our users, or the public
• In connection with a business transaction such as a merger, acquisition, or sale of assets, in which case the acquiring entity will be bound by this Privacy Policy

8. Your rights and choices

Depending on your location, you may have certain rights regarding your personal information.

8.1 California residents (CCPA / CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and share
• Request deletion of your personal information
• Correct inaccurate personal information
• Opt out of the "sale" or "sharing" of personal information for cross-context behavioral advertising. We treat the use of advertising cookies as "sharing" under the CPRA, and you may opt out through the cookie banner or by emailing us.
• Limit the use of sensitive personal information (we do not collect sensitive personal information as defined by the CPRA)
• Be free from retaliation for exercising these rights

To exercise these rights, contact us. We will respond within 45 days.

8.2 Other US states

Residents of Virginia, Colorado, Connecticut, Utah, and other US states with comprehensive privacy laws may have similar rights. We honor these rights to the extent required by applicable law. Contact us to make a request.

8.3 Visitors from outside the United States

The Site is operated from the United States. If you visit from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your country. By using the Site, you consent to this transfer. If you are in the European Economic Area, the United Kingdom, Switzerland, or another jurisdiction with data protection laws, please contact us for information about exercising your rights, including access, correction, deletion, and objection.

9. Children's privacy

The Site is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it promptly.

10. Data security

We use reasonable administrative, technical, and physical safeguards to protect the information we collect. However, no method of transmission over the internet or electronic storage is fully secure, and we cannot guarantee absolute security.

11. Data retention

AWS Application Load Balancer and AWS WAF logs are stored in Amazon S3 and automatically deleted after 90 days. Nginx access logs are forwarded to our self-hosted Grafana Loki platform and automatically deleted after 90 days. We retain analytics data (Google Analytics and Matomo) for as long as needed to understand site trends, typically up to 26 months. Email correspondence is retained as long as necessary to respond to your inquiry and for our records. AdSense data retention is governed by Google's policies.

12. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent change. Material changes will be highlighted on the Site. Your continued use of the Site after changes are posted constitutes your acceptance of the updated policy.

13. Contact

For questions about this Privacy Policy or your personal information, contact us at info@barcodegenerator.fyi or write to Play Nice Together, Inc., PO Box 510, Elmsford, NY 10523.