Privacy Policy
1. Data Controller
Calcorama is operated as an independent service available at calcorama.com. For any privacy-related enquiry, you may contact the data controller at: contact@calcorama.com.
2. Scope of This Policy
This Privacy Policy describes how Calcorama collects, uses, and protects information when you visit calcorama.com (the \"Site\"). It applies to all visitors, regardless of location. Where the General Data Protection Regulation (GDPR / RGPD) applies to you, this policy also serves as the required transparency notice under Article 13 GDPR.
3. Data We Collect and Why
We collect the minimum data necessary to operate the Site reliably. The table below summarises each category.
- Session cookie (Django sessionid) — A short alphanumeric identifier stored in a browser cookie that links your browser to a temporary server-side session. This is required to associate anonymous votes cast on calculators with a single visitor session, preventing duplicate votes. The cookie expires when you close your browser (session cookie). Legal basis: legitimate interest (Article 6(1)(f) GDPR) — preventing vote manipulation without requiring an account.
- CSRF token (csrftoken cookie) — A security token included in every form submission to prevent cross-site request forgery attacks. It is set as a browser cookie and is renewed per session. Legal basis: legitimate interest — mandatory web-security measure.
- Anonymous vote records — When you vote on a calculator (thumbs up/down), we record the calculator identifier and a reference to your session key. No personally identifiable information is stored. Retention: indefinitely, as anonymous aggregate counters. Legal basis: legitimate interest — improving calculator quality.
- Feedback submissions — If you submit feedback via the feedback form, we store: the text of your message, an optional e-mail address you choose to provide, and a daily-rotating SHA-256 hash of your IP address (used solely for abuse throttling — 5 feedbacks per hour per IP hash; the original IP is never stored). Retention: 24 months from submission, then permanently deleted. Legal basis: your consent at the moment of submission (Article 6(1)(a) GDPR) for the optional e-mail; legitimate interest for the hashed IP throttle.
- Preference storage (localStorage) — Theme choice, card-style, interface density, saved calculators (cc_saved_calcs), and your last five calculation inputs per calculator (cc_history) are stored exclusively in your browser's localStorage. This data never leaves your device and is not transmitted to our servers. Legal basis: functional — required to honour your preferences.
- Server logs — Our hosting infrastructure and Cloudflare CDN automatically log standard HTTP request data (IP address, URL requested, HTTP status code, browser user-agent, timestamp). These logs are used exclusively for security monitoring and are not used to profile individual visitors. They are rotated within 30 days. Legal basis: legitimate interest — site security and abuse prevention.
Calcorama uses Google Analytics 4 (property G-NKTGD6X92V) to measure aggregated audience metrics, and Google AdSense to display ads that fund the free operation of the Site. Both are operated by Google Ireland Limited. The scripts load on every page request, but what they collect is governed by Google Consent Mode v2 and your geographic location:
- If you visit from the European Economic Area, the United Kingdom, or Switzerland, you are shown a Google-certified consent banner (Funding Choices, IAB TCF v2.2) before any cookie is set. Until you choose, only cookieless anonymous pings are emitted. Legal basis: your consent (Article 6(1)(a) GDPR).
- If you visit from the United States, no banner is shown — under CCPA / CPRA, opt-out is the default. A \"Do Not Sell or Share My Personal Information\" link in the footer lets you deny ad-related data sharing at any time. Legal basis: legitimate interest (Article 6(1)(f) GDPR by analogy, applicable US state law for visitors in scope).
- In other jurisdictions, analytics and advertising load by default. You can still control cookies through your browser settings. Legal basis: legitimate interest (Article 6(1)(f) GDPR by analogy).
Geographic location is determined locally on our server using the MaxMind GeoLite2 database (a static IP-to-country mapping refreshed weekly). No third party is contacted for geolocation. Your IP address is read from the network request, used to look up the country, and is not stored. We do not use Hotjar, Meta Pixel, or advertising networks other than AdSense, and we do not build cross-site behavioural profiles.
4. Automated Decision-Making and Profiling
Calcorama does not make automated decisions that produce legal or similarly significant effects. We do not build profiles of individual visitors.
5. Data Sharing and Transfers
We do not sell, rent, or trade your personal data. We may share limited data with the following categories of service providers acting as data processors on our behalf:
- Cloudflare, Inc. — CDN and DDoS-mitigation provider. Cloudflare processes request-level data to deliver and protect the Site. Cloudflare is certified under the EU-U.S. Data Privacy Framework.
- Google Ireland Limited — Google Analytics 4 (audience measurement) and Google AdSense (advertising). Subject to your consent (EEA / UK / CH) or your CCPA opt-out (United States). Data categories transmitted: truncated IP, page URL, browser user-agent, screen size, ad-interaction events. No personally-identifying information is sent. Google is certified under the EU-U.S. Data Privacy Framework.
- MaxMind, Inc. — supplies the GeoLite2 country database used for consent-banner geo-gating. The database is downloaded weekly and queried locally on our server; MaxMind never sees your IP or any visit data.
- Hosting provider — the server infrastructure running the Django application. Data is stored within the European Union.
Personal data may be transferred outside the EEA via Cloudflare and Google, both certified under the EU-U.S. Data Privacy Framework as the transfer mechanism.
6. Your Rights Under GDPR
If you are located in the European Economic Area, you have the following rights:
- Right of access — obtain confirmation that we hold data about you and receive a copy.
- Right to rectification — request correction of inaccurate personal data.
- Right to erasure — request deletion of your personal data in certain circumstances.
- Right to data portability — receive your data in a structured, machine-readable format.
- Right to restriction — ask us to restrict processing while a dispute is resolved.
- Right to object — object to processing based on legitimate interest at any time.
- Right to withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior lawful processing.
To exercise any of these rights, e-mail us at contact@calcorama.com. We will respond within 30 days. If you believe your rights have been violated, you may lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés) at cnil.fr or with the supervisory authority in your country of residence.
7. Cookies and Local Storage
For a detailed breakdown of every cookie and localStorage item we use, and instructions on how to control or delete them, please read our Cookies Policy.
8. Security
We implement appropriate technical and organisational measures to protect your data against unauthorised access, accidental loss, or destruction. These include HTTPS encryption in transit, server-side IP hashing before storage, and rate-limiting on form endpoints. No transmission over the internet can be guaranteed 100% secure; you submit data at your own risk.
9. Children
Calcorama is a general-purpose educational tool not specifically directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently done so, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this policy from time to time. Material changes will be announced by updating the \"Last updated\" date at the top of this page. We encourage you to review this page periodically.