Privacy Policy

Summary (the short version)

• We do not collect the values you type into any calculator. All calculations run in your browser. Nothing is sent to our servers.
• We do not require an account. No email, no name, no login.
• Advertising is non-personalized by default through Google AdSense. We do not sell your data because we do not have it.
• You have full GDPR and CCPA rights over any data we do collect (analytics, advertising cookies). Exercise them at [email protected].

1. Who we are

thehealthcalc.co ("we", "us", "our") is an independent health-calculator website. The data controller for any personal data processed by this site is thehealthcalc.co, reachable at [email protected].

2. Data we do not collect

This is the most important part of the policy. When you use a calculator on this site:

• Your age, sex, weight, height, waist, grip strength, heart rate, and any other measurement you enter are processed entirely in your browser.
• These values are never transmitted to our servers, never logged, never stored, and never shared with third parties.
• We do not have a database of user measurements. We cannot retrieve, delete, or sell them — because we do not have them.

3. Data we do collect

We collect a small amount of data needed to operate the site, measure aggregate traffic, and show advertising:

3.1 Server logs

When you load any page, our hosting provider's web server may record standard HTTP request data: your IP address (truncated in our logs), the page requested, the referring page, your user-agent string, and the request timestamp. We use this for security (DDoS protection, abuse investigation) and aggregate traffic measurement. Logs are retained for a maximum of 90 days, then deleted.

3.2 Analytics

We use privacy-respecting aggregate analytics to understand which pages are useful and which are not. We do not track individuals across sessions, and we do not build advertising profiles. If we use Google Analytics 4, it is configured with IP anonymization and without Advertising Features.

3.3 Cookies

We use a small number of cookies and similar technologies, all of which fall into the following categories:

• Strictly necessary — for example, to remember your unit-conversion preference. These do not require consent under GDPR or CCPA.
• Analytics — set only with your consent where consent is required. Used in aggregate, no profiling.
• Advertising — set by Google AdSense. See section 4 below.

4. Advertising (Google AdSense)

Some pages on this site show ads served by Google AdSense. AdSense uses cookies to:

• Limit how often a given ad is shown to a given user (frequency capping).
• Measure ad performance in aggregate.
• Show non-personalized ads by default. If you have personalized ads turned on in your Google account, AdSense may use that preference; you can change it at adssettings.google.com.

We have configured AdSense to use non-personalized ads wherever the relevant regulation allows. This means we do not use health, demographic, or interest-based ad targeting based on your visit to this site.

You can opt out of personalized advertising entirely by visiting www.aboutads.info or by enabling the browser-level privacy controls your browser provides.

5. Legal bases (GDPR)

Under the EU General Data Protection Regulation (GDPR), our legal bases for processing are:

• Legitimate interest (Art. 6(1)(f)) — for server logs, abuse prevention, and aggregate analytics.
• Consent (Art. 6(1)(a)) — for non-essential cookies, including analytics cookies and advertising cookies set by AdSense. You can withdraw consent at any time by clearing cookies in your browser and revisiting our cookie banner.
• Legal obligation (Art. 6(1)(c)) — for any data we are required to retain to comply with applicable law.

6. Your rights

If you are in the EEA, UK, or California, you have the following rights over any personal data we hold about you:

• Access — request a copy of any personal data we hold about you.
• Rectification — correct inaccurate data.
• Erasure ("right to be forgotten") — request that we delete your data.
• Restriction — ask us to pause processing while a dispute is resolved.
• Portability — receive your data in a machine-readable format.
• Objection — object to processing based on legitimate interest, including any profiling.
• Opt-out of sale or sharing (CCPA) — although we do not sell or share personal data for cross-context behavioral advertising, you have the right to formally opt out.
• Withdraw consent — at any time, for any processing based on consent.
• Lodge a complaint — with your local data-protection authority. In the EEA, the relevant authority is the one in your country of residence. In the UK, the Information Commissioner's Office (ICO). In California, the California Privacy Protection Agency.

To exercise any of these rights, email [email protected]. We respond within 30 days at no cost to you.

7. Children's privacy

This site is intended for adults (18 and over). The calculators are calibrated for adult populations, and the data sources (NHANES) cover adult respondents. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided personal data to us through a form or email, contact [email protected] and we will delete it.

8. International transfers

Our hosting and core infrastructure are in the United States. If you are visiting from outside the US, your data is being processed in the US. Where required, our third-party processors (e.g., Google) rely on Standard Contractual Clauses or equivalent transfer mechanisms for cross-border data transfers from the EEA, UK, or Switzerland.

9. Data retention

• Server logs: up to 90 days.
• Analytics data: aggregate-only, retained for up to 26 months, then deleted or fully anonymized.
• Advertising data (AdSense): controlled by Google's retention settings; we do not retain this data ourselves.
• Email correspondence: retained for as long as needed to handle your request, then deleted or archived in a way that removes personal identifiers.

10. Security

We use HTTPS across the entire site, modern hosting infrastructure with up-to-date TLS, and access controls on any data store that holds personal data. No system is perfectly secure, but we follow industry-standard practices for a small publishing site. If you discover a security issue, please report it to [email protected].

11. Do Not Track and Global Privacy Control

We honor browser-level "Do Not Track" (DNT) and "Global Privacy Control" (GPC) signals where technically feasible. When we detect a GPC signal, we treat it as an opt-out of sale or sharing under CCPA.

12. Changes to this policy

We may update this policy from time to time. When we do, we will change the "Effective" date at the top and, for material changes, note the change on this page. Continued use of the site after a change means you accept the updated policy.

13. Contact

For any privacy-related question, request, or complaint:

• Email: [email protected]
• General contact: see our Contact page