Data Use Policy
Last updated: April 6, 2026
This Data Use Policy explains in plain terms exactly what data CalorieSip collects, why, how long it is kept, and who it is shared with.
What data we collect and why
| Data | Why we collect it | Legal basis |
|---|---|---|
| IP address (anonymised) | Fraud prevention, security, approximate geographic analytics | Legitimate interest |
| Browser and device type | Ensuring the site displays correctly across devices | Legitimate interest |
| Pages visited, time on site | Understanding which content is useful, improving the site | Legitimate interest / consent (cookie) |
| Referring URL | Understanding how visitors find the site | Legitimate interest |
| Country/region (approximate) | Aggregate geographic analytics | Legitimate interest |
| Contact form submissions (name, email, message) | Responding to your enquiry | Contract / consent |
| Advertising interaction data (via Google AdSense) | Serving relevant advertisements | Consent |
What we do not collect
We want to be explicit about what we do not collect:
- We do not collect your name or email address unless you voluntarily contact us
- We do not collect or store which drinks you search for or calculate
- We do not collect payment information (the service is free)
- We do not collect passwords (there are no accounts)
- We do not collect health data, dietary history, or fitness goals
- We do not collect data from minors knowingly
- We do not build personal profiles or individual user histories
Legal basis for processing (GDPR)
For users in the European Economic Area (EEA), the United Kingdom, and other jurisdictions governed by data protection law, we process your data on the following legal bases:
- Legitimate interest — for analytics, site security, and technical operation. We have balanced our interests against your rights and concluded that our processing is necessary, proportionate, and does not override your fundamental rights.
- Consent — for advertising cookies and analytics cookies where required. You can withdraw consent at any time by adjusting your cookie preferences.
- Contract — when you contact us, processing your name and email is necessary to respond to your enquiry.
Data retention
| Data type | How long we keep it |
|---|---|
| Google Analytics data | 26 months (Google's default retention period) |
| Contact form submissions | Up to 12 months after our last correspondence, then deleted |
| Server logs (IP, request data) | 30 days, then automatically purged |
| Advertising data (Google AdSense) | Managed by Google per their data retention policies |
Data sharing
We do not sell your personal data. We do not rent, trade, or give your data to third parties for their own marketing purposes.
We share data only with the following service providers, strictly to operate the site:
- Google LLC — Analytics (GA4) and advertising (AdSense). Google may process data in the United States and other countries. See Google's Privacy Policy.
- Our hosting provider — for serving the website. Server logs may be retained for up to 30 days for security purposes.
We may also disclose data if required to do so by law, court order, or legitimate request from a government authority.
International data transfers
Some of our service providers, including Google, process data outside the United Kingdom and European Economic Area. Where data is transferred outside these regions, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions by the UK Information Commissioner's Office
By using this Site, you acknowledge that your data may be processed in countries with different data protection laws than your own.
Security
We take reasonable technical and organisational measures to protect the data we hold. These include:
- HTTPS encryption for all data in transit
- Access controls limiting who can access collected data
- Regular software updates to patch security vulnerabilities
No method of transmission over the internet is 100% secure. While we do our best to protect your data, we cannot guarantee absolute security.
Your rights
Under UK GDPR and the EU GDPR, you have the right to:
- Access the personal data we hold about you
- Correct any inaccurate data
- Delete your data (the "right to be forgotten")
- Restrict how we process your data
- Port your data to another service
- Object to processing based on legitimate interests
- Withdraw consent at any time where processing is based on consent
To exercise any of these rights, email hello@starbuckscaloriecalculator.site. We will respond within 30 calendar days. In some cases we may need to verify your identity before fulfilling a request.
California residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know — request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months
- Right to delete — request deletion of your personal information
- Right to opt out — we do not sell personal information. There is nothing to opt out of.
- Right to non-discrimination — we will not discriminate against you for exercising your CCPA rights
To submit a CCPA request, email hello@starbuckscaloriecalculator.site with the subject line "CCPA Request".
Contact and complaints
For data-related enquiries, contact our data controller:
- Name: Ali Abdullah Khan
- Email: hello@starbuckscaloriecalculator.site
If you are unsatisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority:
- UK: Information Commissioner's Office (ICO)
- Ireland: Data Protection Commission
- EU: Your local national data protection authority