FlexUtil

Privacy Policy

Last updated

This Privacy Policy explains what personal data FlexUtil (flexutil.com) processes, why, and how you can control it. It covers the website as a whole — both the tool pages and the content pages. FlexUtil is an individual-operated project; the data controller for the purposes of the EU General Data Protection Regulation (GDPR) is the operator identified on the About page.

The short version

  • Calculations happen in your browser. Salaries, mortgages, JSON payloads, passwords, UUIDs, and every other sensitive input are processed client-side and never leave your device.
  • No accounts. There is no login, no profile, no saved history, no newsletter database.
  • Third parties. The site uses Google Analytics (statistics) and Google AdSense (advertising). Both respect the consent choice you make in the cookie banner and operate under Google Consent Mode v2.
  • You have full GDPR rights over any personal data these third parties hold about you, and you can exercise them via the contact page or directly with the third party.

What data is processed directly

Your inputs into the tools

The values you type into calculators (amounts, dates, passwords, JSON, strings, etc.) are processed entirely inside the JavaScript running in your browser tab. They are not uploaded, logged, or stored anywhere. When you close the tab, they are gone. A small number of tools store your preferences (unit choice, last-used settings) in localStorage on your device, which never leaves your browser.

Tools that contact external services

A handful of tools require a network request to function. Where they do, only the minimum non-sensitive data required is transmitted:

  • My IP Address — your browser contacts an IP-lookup service to display your own IP back to you. The request itself reveals your IP address to that service, but it is not logged on this side.

If a future tool needs to query an external API, this policy will be updated and the dependency disclosed on the tool's own page.

Server logs

The hosting provider (Vercel) records standard web-server access logs for every request: IP address, timestamp, user-agent, referring URL, response status, and the requested URL path. These logs are retained for a short period (typically 30 days) and are used for security, abuse prevention, and debugging. They are not combined with any identifier that could link them back to you personally.

Third-party services

When you interact with the site, the following third parties may receive some data (subject to your consent choice):

Service Purpose Data shared Policy
Vercel Hosting and CDN Standard request metadata (IP, user-agent, URL) Privacy
Google Analytics (GA4) Aggregate usage statistics, only after consent Pseudonymous event data, device and browser type, approximate geography Privacy
Google AdSense Display advertising Ad-interaction signals; personalised ads only with your consent Ads policy
Google Fonts / Fontsource Web font delivery (self-hosted where possible) None beyond standard request metadata FAQ

Cookies and local storage

Cookies fall into three categories on this site:

  • Strictly necessary — small amounts of localStorage data used to remember your theme preference (light/dark) and the cookie-consent choice you made. These are set regardless of consent because the site cannot reasonably function without them.
  • Analytics — Google Analytics sets its own cookies (_ga, _ga_*) to measure aggregate, pseudonymous traffic. Only placed after you accept in the banner.
  • Advertising — Google AdSense may set cookies (such as NID, DSID, IDE) to measure ad effectiveness and, if you consent, personalise ads. Personalised advertising is enabled only after you accept.

You can revoke your consent at any time by clearing site data in your browser (DevTools → Application → Storage → Clear site data) and reloading the page; the banner will reappear. You can also reject all non-essential cookies on first visit.

Google Consent Mode v2

The site implements Google's Consent Mode v2, which means that even before you accept, the Google tags operate in a restricted mode that does not set identifying cookies and does not send personal data. If you reject, they continue to run in this restricted mode but do not enable personalised advertising. If you accept, they upgrade to full mode. The consent state is stored locally on your device under the key flexutil_consent.

Legal basis and retention

Under GDPR, the legal bases for the limited processing performed by this site are:

  • Legitimate interest for basic server logs and security monitoring.
  • Consent for analytics cookies and personalised advertising cookies.
  • Contractual necessity for delivery of the page you requested.

Retention periods: server access logs typically 30 days; Google Analytics retention set to the minimum (14 months); email correspondence retained only as long as needed to resolve the matter and respond to follow-ups. No user profiles are built and no data is shared with third parties beyond those listed above.

Your rights under GDPR

If you are in the EEA, UK, or Switzerland (and in many other jurisdictions with similar laws) you have the right to:

  • Access — obtain a copy of the personal data processed about you.
  • Rectification — correct inaccurate data.
  • Erasure — request deletion of data held about you.
  • Restriction — limit processing while a request is resolved.
  • Portability — receive your data in a machine-readable format.
  • Objection — object to processing based on legitimate interest.
  • Withdraw consent — at any time, without affecting prior lawful processing.
  • Complain to a supervisory authority (in Estonia, the Estonian Data Protection Inspectorate).

To exercise any of these rights, email the address on the contact page with "GDPR request" in the subject line. Responses typically arrive within 30 days (usually much sooner).

Children

FlexUtil is not directed at children under 16 and does not knowingly collect personal data from children. If you believe a child has provided personal data, please get in touch and it will be deleted.

International transfers

The hosting provider and the Google services used on this site may process data outside the EEA. Transfers rely on Standard Contractual Clauses and the providers' own Transfer Impact Assessments published in their policies.

Changes to this policy

This policy is updated whenever third-party services are added or removed, data processing changes, or regulatory changes require it. The "Last updated" date at the top reflects the latest revision. Substantive changes will be highlighted in a visible banner on the site for at least 14 days after they take effect.

Back to Tools