This project is part of the XEN ecosystem — a growing suite of privacy-first, local-only web tools designed for a post-cloud internet.

No servers. No accounts. No tracking. No analytics.

Your QR codes are not redirected, logged, or monitored.
They are provable, not observable.

Why This Tool Exists

QR codes were designed for convenience — not for trust.

Today, they are everywhere: payments, menus, invoices, tickets, official documents.

And yet, anyone can copy, replace, or manipulate them.

Most "secure" QR solutions attempt to solve this by redirecting scans through servers, tracking users and locations, requiring proprietary apps, and locking verification behind subscriptions.

This creates a false sense of security — and introduces new risks.

We built this tool as a direct response.

Authenticity should not require surveillance.
Verification should not require connectivity.
Security should not require trust in a third party.

What We Believe

A QR code should be self-verifying.

If a code is authentic, this should be provable: offline, locally, instantly, without contacting a server.

If a code is manipulated, this should be detectable: without analytics, without user profiling, without data collection.

Anything else is theater.

Our Philosophy: Practice as a Protocol (PaaP)

This project follows a strict architectural principle called Practice as a Protocol (PaaP).

It means:

  • Software must work without trust
  • Security must be verifiable, not promised
  • Compliance must be a property of the system, not a legal statement
  • If verification requires a server, we don't build it

There are no exceptions.

How It Works (Technically)

All signing and verification happens 100% client-side, directly in your browser, using modern cryptographic standards.

This enables:

  • Digitally signed QR codes
  • Offline verification
  • Tamper detection
  • Zero data exposure
  • GDPR compliance by architecture

Private keys never leave your device. Verification requires no network access.

Even we cannot see what you sign — because there is no technical path for that to happen.

What This Is Built For

This tool is designed for professionals who need proof, not promises:

  • Businesses issuing invoices or payment codes
  • Organizations publishing official QR links
  • Creators protecting original sources
  • Institutions operating in high-trust environments

It is especially suited for situations where:

  • Tracking is unacceptable
  • Cloud dependency is a liability
  • Authenticity matters more than analytics

What This Tool Is Not

It is not a tracking platform, a dynamic redirect service, a marketing analytics tool, or a blockchain experiment.

It does not:

  • Collect scan data
  • Log locations
  • Build user profiles
  • Monetize behavior

If a feature requires observing users, it does not belong here.

Who Is Behind This

This project is created by Roland Kaloczi, an independent developer and system architect based in Austria.

His work focuses on:

  • Privacy-first architectures
  • Local-only cryptographic tooling
  • Post-SaaS web models
  • Systems where compliance is enforced by design

The goal is not scale at any cost. The goal is structural integrity.

Our Commitment

  • We do not collect data
  • We do not track scans
  • We do not sell analytics
  • We do not ask for trust — we remove the need for it

Every verification happens locally. Every claim is provable. Every decision is architectural.

The Bigger Picture

This is not just a QR tool.

It is part of a broader shift toward offline-verifiable digital artifacts, tamper-evident communication, user sovereignty, and a post-trust web.

The future of security is not more monitoring.
It is better systems.

Authentic QR Codes

No servers. No tracking. No compromise.
Built for the post-cloud era.