Privacy Policy

We collect the minimum data necessary to run calculators and improve them. Nothing more. No tracking. No cookies. No surprises.

Privacy at a Glance

Personal data

None for calculator use. Email only if you create an account.

None for tracking. One session cookie only when logged in.

Analytics

Anonymous events only. No IP logging, no fingerprinting.

Third parties

None. No Google Analytics, no Pixel, no Mixpanel.

Retention

Anonymous events: 90 days. Account data: until deletion.

GDPR/CCPA

Compliant by design — no personal data means no subject access requests for anonymous use.

Data location

EU (Frankfurt) for EU users. US (Virginia) for US users.

What We Collect & Why

Anonymous calculator events. Calculator slug, event type, input parameters (numbers, country codes — no names or emails), timestamp, country-level region. We do not log IP addresses, user agents, device fingerprints, or referrals. Retained 90 days.

Account data (optional). Email, password (bcrypt hashed), API key, and saved calculator states. Used for authentication and access control. Retained until deletion.

Contact form. Email, subject, message, timestamp. Retained 1 year then deleted.

Payment data. Handled entirely by Stripe. We never see card numbers or billing addresses — only subscription status.

What We Explicitly Do NOT Collect

No tracking cookies (no GA, Pixel, Mixpanel, Segment, Hotjar).
No IP logging — discarded after request processing.
No browser fingerprinting (canvas, WebGL, audio).
No cross-site tracking. No data-broker sharing.
No anonymous-input storage — inputs are discarded after the calc.
No selling user data. Ever.

How We Protect Data

Encryption

TLS 1.3 in transit, AES-256 at rest, mutual TLS for DB connections.

Access

Two engineers with hardware-key (YubiKey) protected DB access. All access audited quarterly.

Infrastructure

Supabase + Cloudflare, both SOC 2 Type II certified. Regional data isolation.

Backups

Encrypted, 30-day retention, monthly restoration tests.

Incident response

Affected users notified within 72 hours. Public incident report within 7 days.

Your Rights (GDPR, CCPA, LGPD)

Right	How to Exercise	Response Time
Access	Email privacy@calqly.com	30 days
Deletion	Settings or privacy@calqly.com	30 days
Portability	Email — export as JSON	30 days
Correction	Settings or email	7 days
Objection	Email or DNT: 1 header	Immediate
Restriction	Email with specifics	30 days

Cookies We Use

calqly_session

Only when logged in. 7-day, Secure, HttpOnly, SameSite=Strict.

calqly_pref

Stores UI preferences (theme, currency). 1 year. No personal data.

No analytics or ad cookies

All server-side and anonymized.

Contact Our DPO

Questions, concerns, or rights requests: privacy@calqly.com

Last updated: June 6, 2026