Privacy Policy

1. Overview

You Are The Product (“we”, “us” or “our”) believes you should understand exactly what happens to your data. The Service is engineered to minimise collection: calculations run entirely in your browser and we avoid invasive analytics. This policy outlines the limited information we observe, the reasons we rely on it, and the safeguards we maintain.

2. Data controller

The Service is operated by an independent creator based in the United Kingdom who acts as the data controller for any personal data processed. You can reach the controller at support@urtheproduct.com.

3. Core privacy principles

• Data minimisation: Only collect what is mission-critical for performance insights.
• Client-side computation: Your calculator Inputs remain on your device and never touch our servers.
• Transparency: Every vendor, cookie or script is disclosed so you can make informed choices.
• Security by design: We harden the stack and continuously review dependencies to reduce risk.

4. Information we collect

Calculator inputs: Values you enter (time spent, region, app choices) are retained in memory within your browser. They clear automatically when you refresh, close the tab or delete local storage.

Device and usage data: Our analytics capture anonymised session events such as approximate geography (country-level), device type, referring URL, pages viewed and session duration. IP addresses are truncated or hashed before storage so we cannot single out individuals.

Support correspondence: If you contact us, we will retain your email address, the contents of your message and any attachments to respond effectively and maintain a record of our conversation.

5. Cookies and local storage

We use privacy-forward analytics that rely on first-party cookies or local storage to remember session attribution. They do not follow you across other sites or build behavioural profiles. You can block or delete these cookies via your browser settings without losing access to the Service. If we introduce additional cookies—for example, to remember accessibility preferences—we will update this policy and provide in-product notice.

6. Legal bases for processing

We rely on legitimate interests (Article 6(1)(f) UK GDPR) to monitor aggregated engagement and keep the Service secure, balanced against your rights and freedom. When you email us, processing is necessary to take steps at your request (Article 6(1)(b)). If we ever require consent for optional features, we will request it explicitly and allow you to withdraw it at any time.

7. How we use information

• Diagnose usability issues and prioritise product improvements.
• Understand which app categories or regions demand deeper research.
• Produce anonymised statistics for talks, reports or educational material.
• Respond to enquiries, bug reports or collaboration requests.

We do not sell or rent data, perform user-level profiling or use your information for targeted advertising.

8. Third-party processors

When we rely on service providers, we select vendors that align with our privacy stance and sign data protection agreements where available. Potential processors may include:

• Analytics: A privacy-centric analytics platform (such as Plausible or Fathom) storing aggregated metrics without personal identifiers.
• Email: Our email provider, used solely to receive and send support correspondence.
• Hosting: The cloud infrastructure required to serve the static site and assets.

Each provider is contractually restricted from using your data for their own marketing or resale purposes.

9. Data retention

Aggregated analytics are retained for up to 24 months so we can observe trends and seasonality. Support correspondence is stored for as long as necessary to resolve the conversation and up to 12 months thereafter, unless regulatory obligations require a longer period. We conduct biannual reviews to delete or anonymise data that is no longer needed.

10. Security

We protect the Service using HTTPS encryption, least-privilege access controls, hardware security keys, regular dependency updates and continuous integration checks that flag vulnerabilities. We also monitor for suspicious traffic patterns to help prevent abuse. No system is invulnerable; if you believe you have discovered a security issue, please report it immediately.

11. International transfers

Infrastructure may be located in the European Union, the United Kingdom or the United States. When personal data moves outside the UK or EU, we rely on adequacy decisions, Standard Contractual Clauses or other legally recognised safeguards to protect it.

12. Children’s privacy

The Service is intended for individuals aged 16 and above. We do not knowingly collect personal information from children. If you believe a minor has provided data, contact us so we can delete it promptly.

13. Your rights

Depending on where you live, you may have the right to access, rectify, erase, restrict or object to processing of personal data we hold, as well as the right to data portability. You may also lodge a complaint with your local supervisory authority. Because we hold minimal data, most requests can be fulfilled quickly.

14. Exercising your rights

Send any privacy request to privacy@urtheproduct.com. We may ask for limited additional information to verify your identity before acting on the request. We will respond within 30 days, or sooner where required by law.

15. Updates to this policy

We review this policy whenever we introduce new features, vendors or legal obligations. Changes will be posted here with an updated revision date and, when material, flagged within the interface. Continued use of the Service after an update signifies acceptance of the revised policy.

16. Contact

For privacy questions, data access requests or responsible disclosure of vulnerabilities, email support@urtheproduct.com. We aim to acknowledge enquiries within three business days.