Privacy Policy

Last updated: March 25, 2026

1. Data Controller

CalcStack is operated by CalcStack Ltd, registered in England and Wales.

• Registered address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ
• Data protection contact: contact@calcstack.net
• ICO registration: Registration in progress. Contact contact@calcstack.net for details.

2. Legal Basis for Processing

We process your personal data under the following lawful bases (UK GDPR Article 6):

• Contract performance — to provide the CalcStack service when you create an account or subscribe to a plan.
• Legitimate interests — to improve our product, prevent abuse, and provide aggregated benchmarking. We balance these interests against your rights.
• Consent — for optional communications (e.g. waitlist emails, marketing). You may withdraw consent at any time.

3. Information We Collect

When you create an account, we collect your email address and display name. When you use our calculators, we may store your calculation inputs and results if you choose to save them. Embedded calculators collect anonymous view events and, if lead capture is enabled, the information the end-user voluntarily submits (email, name, company, phone).

4. How We Use Your Information

We use your data to provide the CalcStack service, send transactional emails, and improve the product. We do not sell your personal information to third parties. Aggregated, anonymised analytics may be used for benchmarking and product insights.

5. Data Retention

• Account data — retained for the duration of your account, deleted within 30 days of account deletion.
• Saved calculation results — retained until you delete them or delete your account.
• Lead capture data — retained for 24 months from capture, then automatically purged. Embed customers may export and delete leads at any time.
• Analytics events — anonymised and retained for up to 36 months for benchmarking purposes.
• Audit logs — retained for 12 months for security purposes.

6. Data Storage & Security

Data is stored securely in our cloud infrastructure with encryption at rest (AES-256) and in transit (TLS 1.2+). We use industry-standard security practices including row-level security policies, rate-limited APIs, and regular security audits.

7. Cookies

We use two categories of cookies: Essential cookies (required for authentication and site functionality — always active) and Analytics cookies (Google Analytics for anonymous usage tracking — requires your consent). You can manage your cookie preferences at any time via the Cookie Settings link in the footer.

8. Data Processing for Embed Customers (DPA)

When you embed CalcStack calculators on your website and enable lead capture, you are the Data Controller and CalcStack acts as a Data Processor on your behalf (UK GDPR Article 28).

• We process lead data only as instructed by you (storing it, forwarding it to your configured webhook URL).
• We do not use lead data for our own marketing purposes.
• You are responsible for providing appropriate privacy disclosures to end-users of your embedded calculators, including informing them about data collection and their rights.
• You may export or delete all lead data from your dashboard at any time.
• For enterprise customers requiring a formal Data Processing Agreement, please contact contact@calcstack.net.

9. International Data Transfers

Your data is processed within the European Economic Area (EEA) and the United Kingdom. If data is transferred outside the EEA/UK, we ensure appropriate safeguards are in place (e.g. Standard Contractual Clauses).

10. Your Rights

Under UK GDPR, you have the following rights:

• Access — request a copy of your personal data. You can export your data from Account Settings.
• Rectification — correct inaccurate data via your account settings.
• Erasure — delete your account and all associated data from Account Settings.
• Restriction — request we limit processing of your data.
• Portability — receive your data in a machine-readable format (JSON export available in settings).
• Objection — object to processing based on legitimate interests.
• Withdraw consent — where processing is based on consent, withdraw it at any time.

To exercise any of these rights, use the self-service options in your Account Settings or email contact@calcstack.net. We will respond within 30 days.

11. Complaints

If you are unsatisfied with how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

• Website: ico.org.uk/make-a-complaint
• Helpline: 0303 123 1113

12. Changes

We may update this policy from time to time. We will notify you of material changes via email at least 30 days before they take effect.

13. Contact

Questions about this policy? Email us at contact@calcstack.net.