ShipCalculators.com

Privacy

Privacy policy

ShipCalculators.com (the "Site") is operated by ShipCalculators.com (the "Publisher", "we", "us"). This policy explains what personal data we collect, how we use it, the lawful bases on which we rely, your rights under the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018, and how to exercise those rights. The site is fully static and client-side: calculator inputs are never transmitted to our servers. Last updated 2026-05-10.

1. Data controller

      ShipCalculators.com is the data controller for personal data processed in connection with this Site. For privacy enquiries, data-subject requests, and complaints, contact us at the address listed on the [Contact page](/contact).

2. What we collect

      We collect the minimum necessary to operate the Site, measure aggregate audience, and serve advertising. Specifically:
    

    

      - **Aggregate analytics** via Google Analytics 4 (GA4), configured with IP anonymisation and Advertising Features off. We see page views, session duration, country (no precise geolocation), device class, and referrer. We do not see individual users; GA4 reports are aggregated.
      - **Advertising** via Google AdSense and its mediation partners. Where AdSense is shown, Google may set cookies (`__gads`, `__gpi`, `NID`) for frequency-capping, ad-relevance, and click-fraud detection. Personalised advertising is subject to the consent banner shown by Google's Funding Choices in jurisdictions where consent is required (EEA, UK, Switzerland).
      - **Site delivery** via Cloudflare. Cloudflare may set bot-management cookies (`__cf_bm`, `cf_clearance`) to distinguish humans from automated traffic. These are necessary for site availability.
      - **Server logs** at our origin host (Hostinger) record IP address, request URL, status code, user agent, and timestamp for at most 30 days for the purposes of security incident detection and abuse prevention.
      - **Calculator inputs**: not collected. Calculator pages run entirely in your browser. Whatever you type stays on your device.
      - **On-site search queries**: when you use the search box on any page, we log the search query, the number of results returned (so we can identify content gaps), the section of the Site searched, your country (from a Cloudflare-provided header), and a salted hash of your IP address re-salted daily (so the hash cannot be used to identify you across days, and serves only to deduplicate within a 24-hour window). We do NOT store your raw IP address, your full user agent string (only a coarse class: desktop / mobile / bot), or any other identifying data. Search queries directly inform our editorial roadmap: queries that returned no results signal articles, calculators, or formulas we should add.
      - **No account system, no email signups, no user-generated content, no comment threads, no forms that store data on our servers.** The only outbound form on the Site is the Contact page, which composes a `mailto:` link in your local mail client; we receive only the email you choose to send.

3. Lawful bases for processing

      - **Aggregate analytics**: legitimate interest in measuring audience size and content performance to operate a free reference resource (Article 6(1)(f) GDPR). IP anonymisation and the absence of cross-site tracking minimise the privacy impact.
      - **Personalised advertising**: consent in jurisdictions where required (Article 6(1)(a) GDPR), via Google's Funding Choices banner. Where consent is not granted or not required, we serve non-personalised contextual ads.
      - **Site security and abuse prevention** (Cloudflare bot management, origin server logs): legitimate interest in maintaining the security and integrity of the Site (Article 6(1)(f) GDPR).
      - **On-site search analytics** (search-query log with daily-rotating-hash dedup): legitimate interest in understanding what visitors are looking for so we can build the content they need (Article 6(1)(f) GDPR). The salted-hash daily rotation prevents persistent identification across sessions.
      - **Compliance with legal obligations** (e.g., responding to a lawful subpoena): Article 6(1)(c) GDPR.

4. International transfers

      Our processors (Google, Cloudflare, Hostinger) operate globally. Data may be transferred outside the European Economic Area or the United Kingdom. We rely on the European Commission's adequacy decisions, the EU-US Data Privacy Framework (where the receiving party is certified), and Standard Contractual Clauses (Module 4 transfers) as the relevant transfer mechanisms.

5. Your rights under GDPR / UK DPA 2018

You have the right to:

      - Access the personal data we hold about you (Article 15 GDPR).
      - Rectify inaccurate personal data (Article 16).
      - Erase personal data ("right to be forgotten", Article 17), subject to applicable retention obligations.
      - Restrict processing (Article 18).
      - Data portability (Article 20), where processing is based on consent or contract and carried out by automated means.
      - Object to processing based on legitimate interests (Article 21).
      - Withdraw consent at any time, where processing is based on consent (Article 7).
      - Lodge a complaint with your supervisory authority. EU residents: see edpb.europa.eu/about-edpb/about-edpb/members_en. UK residents: the Information Commissioner's Office (ICO), ico.org.uk/concerns.
    

    

      To exercise any of these rights, write to us via the [Contact page](/contact). We aim to respond within 30 days. If you exercise a right that requires identifying the data, we may need to verify your identity before responding.

6. Retention

      - Aggregate analytics: GA4 data retention is set to 14 months; aggregated reports are retained indefinitely.
      - Server logs: at most 30 days, then deleted.
      - On-site search query log: 90 days, then the raw rows are deleted. Aggregated counts (e.g., top zero-result queries per week) are retained indefinitely for editorial planning, but contain no per-user data.
      - Email correspondence (if you contact us): retained for as long as necessary to handle your enquiry plus three years for evidential and accountability purposes, then deleted.

7. Cookies

      A separate [Cookie policy](/cookies) lists every cookie category set on the Site, the third party that sets it, the legal basis, and the retention period. You can refuse non-essential cookies via the consent banner or your browser's controls.

8. Children’s data

      The Site is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us and we will delete it.

9. Security

      The Site is served exclusively over HTTPS with TLS 1.2 or higher. We do not store user-submitted data on our servers; calculator inputs never leave the user's browser. Cloudflare provides DDoS protection and bot management at the edge.

10. Changes to this policy

      We update this policy as our processing practices evolve. Material changes will be highlighted at the top of this page for at least 30 days. The "Last updated" date above always reflects the most recent revision.

11. Contact

      For privacy enquiries, data-subject requests, complaints, or to exercise any GDPR right, see the [Contact page](/contact). We do not currently appoint a Data Protection Officer (DPO) as we do not meet the GDPR Article 37 mandatory-DPO thresholds, but the Publisher answers all privacy correspondence directly.