Legal · Privacy

Privacy Policy

This site is a small set of concrete calculators. The privacy story is short because the data story is short — we don't ask for your name, we don't sell your information, and we don't run ads. Here's the plain English version of what actually happens when you use the site.

Effective18 May 2026
Last reviewed20 May 2026
Next reviewNovember 2026
Version1.0
— Quick version

The short version.

If you only read one section, read this one.

  • The calculators run entirely in your browser. The numbers you type don't leave your device.
  • Your country preference is remembered in your browser's localStorage so you don't have to pick the country every visit. We don't see it.
  • We use Google Analytics 4 to count visits and see which pages people open. It records anonymised data — no names, no project details, no input values.
  • Our web server keeps standard access logs (IP, timestamp, page requested) for about 30 days. This is normal hosting behaviour and helps us detect abuse.
  • We don't sell anything, we don't run ads, we don't share your data with brokers, and we don't have your email address unless you wrote to us first.
  • Depending on where you live, you have rights under GDPR, UK GDPR, CCPA / CPRA, PIPEDA, or the Australian Privacy Act. Section 15 has the details for your region.

The rest of this page is the detailed version of those six bullets, plus the formal rights and contact information regulators require. It's longer because lawyers like specifics, not because we collect more than what's listed above.

— 2 · Who we are

Who's behind this site.

This site (concretecalculatorpro.net) is operated as an independent reference resource for residential and light commercial concrete estimating. The technical content is reviewed by licensed engineers in each country we cover — credentials are listed on the relevant calculator pages.

For privacy questions and rights requests, the data controller is the site operator. You can reach us at the address in the contact section at the bottom of this page. We answer privacy requests ourselves rather than routing them through a contact form, so plain email is usually fastest.

— 3 · Data inventory

What we collect — and what we don't.

The honest answer for a calculator site is "not much." Here's the full inventory.

What we don't collect

  • Your name, email, phone number, or address — we don't ask for these and there's no form to give them to us.
  • Account credentials — there are no accounts.
  • Payment information — the site is free; we don't process payments.
  • The numbers you type into a calculator — they're computed in your browser and never sent to us.
  • Your project details, locations, photos, drawings, or any uploaded files.
  • Location beyond country-level analytics estimates derived from your IP address.

What we do collect (or what the technology touches)

Data this site touches
DataWhere fromWhat forStored where
Country preferenceYour click on the US / UK / AU / CA pillRemember it next visitYour browser only — localStorage
Page views, referrer, device typeGoogle Analytics tagAggregate site usage statsGoogle Analytics (anonymised)
IP address, timestamp, requested URLStandard HTTP request headersServer access logs · abuse detectionOur web host's log files
Browser user-agentHTTP request headersHelps us debug rendering bugsServer logs · Analytics

That's the entire list. If you find anything else stored or transmitted, it's a bug — please tell us and we'll fix it.

— 4 · Browser storage

Browser storage (localStorage).

When you select a country from the flag pills under the header, your browser saves the choice under a key called ccp-country. The value is one of four short strings: us, uk, au, or ca. That's the entire payload.

This data stays on your device. It isn't transmitted to our servers, it isn't tracked by analytics, and it isn't readable by anyone else's website (browsers prevent cross-domain access to localStorage by design). We use it purely to spare you from picking the country every time you open a calculator.

To clear it, open your browser's developer tools, find Application → Local Storage → concretecalculatorpro.net, and delete the entry — or clear site data from your browser settings. The next visit will simply default to the US setting again.

— 5 · Analytics

Analytics.

We use Google Analytics 4 to understand which pages get visited, which countries our visitors come from at a coarse level, and how long they stay. This helps us decide which calculators need improvement and which content is actually useful.

Google Analytics on this site is configured with IP anonymisation enabled (a setting Google has had on by default in GA4 since rollout) and with ad personalisation features turned off. The data we see in our dashboard is aggregated counts — page views, sessions, country breakdown, device type, referrer source. We can't drill down to individual visitors.

Google itself, as the analytics provider, may process the underlying event data in line with their own Google Privacy Policy. They are an independent data controller for that processing.

If you'd rather opt out of analytics on this site (and most others using GA), the cleanest options are:

  • Install Google's Google Analytics Opt-out Browser Add-on — works site-wide.
  • Enable "Do Not Track" or the Global Privacy Control (GPC) signal in your browser — we honour GPC by suppressing the analytics tag for sessions where it's present.
  • Use a tracking-blocker extension like uBlock Origin or Privacy Badger.
— 6 · Server logs

Server access logs.

Every web server on the internet keeps access logs by default. Ours is no exception. When your browser requests a page, the server records: your IP address, the URL you requested, the timestamp, the HTTP status code, your user-agent string (browser and OS), and sometimes the referring page.

We use these logs for three things and nothing else:

  • Operational debugging — figuring out why a page returned an error.
  • Abuse detection — identifying patterns like scraping, brute-force attempts, or denial-of-service.
  • Security forensics — investigating after the fact if something goes wrong.

Logs are kept for approximately 30 days and then automatically rotated out by our hosting provider. We don't run analytics against them, we don't enrich them with third-party data, and we don't share them unless we receive a legally binding request (a court order, valid subpoena, or law enforcement request with appropriate legal authority).

— 7 · Third parties

Third-party services we use.

We try to keep external dependencies to a minimum. The current list:

Third parties this site uses
ServiceWhat it doesWhat it sees
Google Analytics 4Aggregate usage statsPage views, country (IP-anonymised), device type, referrer
Web hosting providerServes the pages to your browserIP, requested URL, timestamp — i.e. standard access logs

Each of these has its own privacy practices, and when they're acting as data controllers (not processors on our behalf), their policies govern. Google's Privacy Policy covers Analytics.

We do not use:

  • Advertising networks or ad SDKs
  • Marketing automation (no email lists, no remarketing pixels)
  • Social-media tracking pixels (no Facebook Pixel, no LinkedIn Insight, no TikTok pixel)
  • Heat-mapping or session-recording tools (no Hotjar, no FullStory, no Microsoft Clarity)
  • Data brokers or audience enrichment services
  • Chat widgets or third-party customer-support tools
— 8 · Cookies

Cookies and similar technologies.

Cookies are small text files a website asks your browser to store. There are two reasons a site might set them: strictly necessary (the site can't function without them) and optional (analytics, advertising, personalisation).

This site does not currently set any first-party cookies of its own — country preference is stored in localStorage instead, which is technically a different mechanism. The only cookies you might see in your browser's developer tools while on this site come from Google Analytics: typically _ga and _ga_*, used to distinguish unique sessions for the aggregate statistics described above. These are set by Google's domain, not ours.

About consent banners.

You may notice this site doesn't show a cookie consent banner. That's because we currently set no first-party cookies and the third-party (Google Analytics) cookies are configured with IP anonymisation and no ad personalisation. If we add any cookie that requires explicit consent under your local law, we'll add a consent banner before doing so.

— 9 · Legal basis

Why we're allowed to process this data.

Under GDPR and UK GDPR, every act of processing personal data needs a "lawful basis." Here's what we rely on for each thing we do:

Lawful bases by processing activity (GDPR / UK GDPR)
ActivityLawful basisExplanation
Serving pages and running the calculatorsLegitimate interests · Art. 6(1)(f)Providing the service you asked for by visiting the site.
Server access logsLegitimate interests · Art. 6(1)(f)Operating, securing, and debugging the website.
Google AnalyticsConsent · Art. 6(1)(a) or legitimate interests where applicableWe suppress the analytics tag where GPC is signalled, and IP anonymisation is on by default.
Responding to your privacy rights requestsLegal obligation · Art. 6(1)(c)GDPR, UK GDPR, CCPA, PIPEDA, and Australia's Privacy Act all require we respond.

You can object to processing based on legitimate interests at any time using the contact methods below; we'll review your objection and either stop or explain why we believe the interest is justified.

— 10 · How long

How long we keep data.

  • Browser localStorage (country preference) — until you clear your browser data. We have no copy of it on our side.
  • Server access logs — approximately 30 days, then automatically deleted by our host's log-rotation process.
  • Google Analytics data — we've set the GA4 user-data retention to 14 months, after which Google deletes user-and-event-level data automatically. Aggregate reports persist longer in our dashboard.
  • Email correspondence (if you write to us) — kept for as long as needed to handle your request, then archived for up to 24 months in case of follow-up, then deleted.

We don't have customer accounts to retain, no order history, no marketing lists. The retention story is genuinely this short.

— 11 · Sharing and selling

Sharing and selling.

We don't sell personal information in any normal sense of the word. We don't share it with data brokers, marketing networks, or third-party advertisers — partly because we don't have much to share, partly because that's not the business we're in.

The only entities that touch any data described in this policy are:

  • Our web host — necessary to serve the pages (access logs as described above).
  • Google — for Analytics and Fonts, as described in section 7.
  • Law enforcement — only in response to a legally binding request, such as a court order or valid subpoena in our jurisdiction. We document any such request and challenge requests that overreach.
For US visitors: a CCPA-specific note.

Under the California Consumer Privacy Act as amended by the CPRA, the term "sale" has a broader meaning than the dictionary one — it can include sharing data for any "valuable consideration." Our use of Google Analytics could, depending on legal interpretation, be argued to fall under that definition. Out of an abundance of caution, we treat that as "sharing" under CCPA, honour Global Privacy Control signals as opt-outs, and don't engage in any other practices that look anything like sales of personal information.

— 12 · Security

Security.

We take reasonable technical and organisational measures to protect the limited data the site touches:

  • HTTPS everywhere. The entire site is served over TLS — there's no HTTP fallback.
  • No collection of sensitive data. The smallest data footprint is the safest data footprint. We don't keep what we don't need.
  • Hosting on a reputable provider with managed patching, automated backups, and isolation between tenants.
  • Minimal third-party scripts. Every external script is an attack surface, so we keep the list short.

No system is completely secure, and any claim otherwise is marketing rather than fact. If we ever become aware of a security incident affecting personal data, we'll notify any affected people without undue delay and, where required, the relevant regulator within the legal time window (72 hours under GDPR / UK GDPR).

— 13 · International transfers

International transfers.

Our hosting and analytics providers are global companies. As a result, data touched by this site (such as analytics events or server log entries) may be processed in countries other than where you're reading from — most commonly the United States, where Google's primary data centres for Analytics reside.

For visitors in the UK and the European Economic Area, transfers to the US rely on:

  • The EU–US Data Privacy Framework and the equivalent UK Extension where applicable; or
  • Standard Contractual Clauses approved by the European Commission (and the UK ICO's International Data Transfer Addendum) where the framework doesn't apply.

Both of these provide GDPR-equivalent protections for personal data transferred outside the EEA / UK. Google publishes its own documentation on how it complies with these frameworks; we rely on its representations as a data processor.

— 14 · Children

Children.

This site is built for adults specifying or estimating concrete work. It isn't directed at children, and we don't knowingly collect data from anyone under 13 (US, COPPA), 16 (EU and UK, GDPR / UK GDPR), or the relevant minor age in other jurisdictions.

If a child has accessed the site, the only data the site touches is what's listed above — a country preference in their own browser, an anonymised page view in our analytics, and a temporary IP entry in server logs. None of it is targeted at minors and none of it can be used to identify them in any practical sense.

If you're a parent or guardian and you believe a child has interacted with this site in a way that creates a privacy concern, please write to us and we'll work with you to address it — including, where applicable, requesting deletion from Google Analytics.

— 15 · Your rights

Your rights, by region.

Different countries grant their residents different privacy rights. Below is a plain-English summary of the rights that apply where you live. The next section explains how to exercise them.

EU / EEA — GDPR

If you're in the EU or EEA

  • Access — ask what data we hold on you.
  • Rectification — ask us to correct anything inaccurate.
  • Erasure — ask us to delete data ("right to be forgotten").
  • Restriction — ask us to pause processing while a dispute is resolved.
  • Portability — get a copy of your data in a portable format.
  • Object — object to processing based on legitimate interests.
  • Withdraw consent — at any time, for anything based on consent.
  • Lodge a complaint — with your national supervisory authority.
United Kingdom — UK GDPR

If you're in the UK

  • The same rights as the EU list to the left — UK GDPR mirrors EU GDPR closely.
  • Lodge a complaint — with the Information Commissioner's Office (ICO).
  • PECR cookies and electronic marketing — separate rules apply; we don't do electronic marketing and our cookie set is minimal as described in section 8.
California — CCPA / CPRA

If you're a California resident

  • Know — what categories of personal information we collect, sources, purposes, and any third parties we share with.
  • Delete — ask us to delete personal information we have on you.
  • Correct — ask us to fix inaccurate personal information.
  • Opt out of sale or sharing — even though we don't sell in the conventional sense, you can ask us to stop any sharing that could be classed as such.
  • Limit use of sensitive personal information — we don't collect sensitive personal information.
  • Non-discrimination — we won't penalise you for exercising any of these rights.
  • We honour Global Privacy Control signals as an opt-out request.
Other US states

If you're in another US state

Twelve US states had operative privacy laws by January 2026 (including Connecticut, Virginia, Colorado, Texas, Oregon, and others). The rights vary but typically include access, correction, deletion, opt-out of targeted advertising and sale, and recognition of universal opt-out signals.

We extend the California-style rights above to residents of any US state with a comparable privacy law. Same email, same process.

Australia — Privacy Act 1988

If you're in Australia

  • Access — request access to personal information we hold about you.
  • Correction — request that we correct inaccurate information.
  • Anonymity or pseudonymity — APP 2; given the site has no accounts, this is effectively the default state.
  • Complain — first to us, then to the Office of the Australian Information Commissioner (OAIC).
Canada — PIPEDA + provincial

If you're in Canada

  • Access — what personal information we hold and what it's used for.
  • Correction — request that we correct inaccurate information.
  • Withdraw consent — subject to legal and contractual restrictions.
  • Complain — to us, then the Office of the Privacy Commissioner of Canada. Quebec, BC, and Alberta have their own provincial laws and commissioners.

If your region isn't listed and your country has a privacy law that grants you rights, we'll still process a reasonable request — write to us and tell us where you're writing from and what you'd like us to do.

— 16 · How to exercise rights

How to exercise your rights.

Send an email to the address in the contact section below. Include:

  • Which right you're exercising (access, deletion, correction, opt-out, etc.).
  • The country or state you're writing from, so we know which law applies.
  • Enough information that we can identify what you're asking about — usually just your email address is enough since we don't have accounts.

We respond within 30 days for GDPR and UK GDPR requests, within 45 days for CCPA (with one possible 45-day extension if the request is complex), within 30 days for PIPEDA, and as soon as reasonably practicable for Australia. Most requests get answered within a few business days because the data inventory is so small.

There's no fee for a reasonable first request. We can charge a reasonable fee for repeated or excessive requests, but in practice this has never applied because we don't keep enough data for it to come up.

For verification, we may ask for confirmation that you're the person whose data is being requested — typically by replying to an email at the address you originally wrote from. We don't ask for ID documents for routine requests because the data we hold is not the kind that needs that level of verification.

— 17 · Changes

When this policy changes.

We review this policy once a year, and any time we change something material — adding a third-party service, changing what data we collect, expanding into a new region. The current effective date and last-reviewed date are at the top of the page.

When something material changes, we update the dates and the version number, and we keep a short changelog at the bottom of this page for anyone who wants to see what moved. Material changes that affect rights or consent will, where the law requires, be brought to your attention before they take effect — though for a site this small with this little data, most updates are housekeeping rather than substantive.

If you bookmarked this page on a particular date, the version you originally read is preserved in our internal change history; we can send you the prior version on request.

— 18 · Contact

Contact and complaints.

For all privacy questions and rights requests

Email: concretecalculatorpro.net@gmail.com

Subject line: Something like "GDPR access request" or "CCPA deletion request" helps us route it. Plain "Privacy question" is fine too.

Response time: Usually within a few business days; legally bound to 30 to 45 days depending on your region.

If you're not satisfied with our response, you have the right to complain to your local data protection authority. We listed the main ones in the rights section above — the ICO in the UK, the OAIC in Australia, the Office of the Privacy Commissioner in Canada, your state attorney general in the US, and your national supervisory authority in the EU.

We'd genuinely rather you write to us first. It's almost always faster, and we'd like the chance to fix any problem before it becomes formal — that's the whole point of having a real human read your email rather than routing it through a ticketing form.

About this page itself.

This privacy policy was written specifically for this site by the team that runs it, reviewed against current GDPR, UK GDPR, CCPA / CPRA, PIPEDA, and Australia Privacy Act requirements as of May 2026. It isn't a generic template, and it tries to describe what genuinely happens here rather than what might happen at a hypothetical site. If anything reads as unclear, contradicting reality, or otherwise wrong, we want to know.