Privacy Policy
Last updated: 2026-05-08
Draft — not yet legally reviewed. This document is a UK GDPR-aligned starting point reflecting the actual data this site collects. Before public launch, review against the latest ICO templates (https://ico.org.uk/) or have a UK solicitor sign it off.
This site (the "Calculator") is operated by @loglux as a self-hosted, open-source UK tax calculator. The source code is at https://github.com/loglux/tax_calculator.
We take privacy seriously and collect only the minimum needed to operate the service.
1. Who we are
- Service operator: Loglux Ltd (Company No. NI739810, registered in Northern Ireland).
- Contact: use the contact form. Pick the "Data / privacy request (GDPR)" subject so the request routes to the right inbox.
- Source code: https://github.com/loglux/tax_calculator
- We are not a regulated UK financial-advice provider.
2. What we collect
2.1 Calculator inputs
When you submit a tax calculation, the values you enter (gross
income, day rate, salary / dividend split, expenses, tax code,
pension scheme, student-loan plan, etc.) are processed to compute
the result. We do log these inputs into UsageEvent rows for
analytics — to see which modes are used, which optimisation
features land, and whether the calculator behaves correctly
across realistic inputs.
We are explicit about this so the policy matches the code. There is no marketing or third-party use of these values, and they age out automatically (see §4).
2.2 Usage events
Every page view, calculator submission and API call is logged as
a UsageEvent row. Default capture (with USAGE_TRACKING flags
all True — see §2.4) includes:
- Timestamp.
- Event type (
page_view,calculate_submit,api_call). - Calculator mode (
paye/limited_co/umbrella/ir35/sole_trader, derived from URL). - Request path and HTTP method.
- HTTP status code.
- A one-way SHA-256 hash of your IP address (always written).
- Your IP address in plain form (for rate-limiting / abuse detection only — see retention below).
- Client kind classifier (mobile / desktop / tablet / bot / unknown) and bot flag, both derived from User-Agent.
- Truncated User-Agent string (max 255 chars).
- Referer hostname only (just the domain, e.g.
recruit-co.uk— never the full URL or query parameters). Used to see which sites embed the widget and where organic traffic comes from. - Tax year selected.
- Region flag (Scotland yes/no).
- For PAYE submits: income amount, income type, workweek hours, blind-allowance flag, no-NI flag, MCA flag, pension scheme choice, student-loan plan choice.
- For other modes: mode-specific amounts and option flags
(revenue / expenses / day rate / salary / dividends, IR35
small-client flag, Class 2 voluntary flag, tax code, etc.)
captured into a structured
payload_summaryJSON field.
We do not collect: name, postal address, email, phone number, payment data, employer or pension-provider names, NI number, UTR, or anything outside what the calculator forms themselves ask for.
2.3 Operator-configurable capture
The capture above is the default. Each item below is
controlled by a single flag in the project's USAGE_TRACKING
settings dict, and the operator can disable any of them per
deployment without touching code:
| Flag | Controls |
|---|---|
capture_amounts |
Income / day rate / salary / dividend / revenue / expenses |
capture_tax_codes |
Tax codes (e.g. 1257L, SK, D0) |
capture_referer |
Referer hostname |
capture_user_agent |
Raw User-Agent string (derived flags always kept) |
capture_ip_plain |
Plain IP address (SHA-256 hash always kept) |
This section will be updated if the deployed default changes.
2.4 Cookies
The Calculator uses two cookies:
sessionid— Django's session cookie. Holds the last active calculator tab so a page refresh keeps you on the tab you were using. No personal data, no cross-site tracking.csrftoken— Django's CSRF protection cookie, required for form submissions to work safely.
Both are first-party, HttpOnly, and Secure (only sent over
HTTPS). We do not use third-party tracking, advertising, or
analytics cookies (no Google Analytics, no Facebook Pixel, etc.).
3. Why we collect it (lawful basis)
- Legitimate interest (UK GDPR Art. 6(1)(f)): rate-limiting prevents abuse and keeps the service available for everyone. Anonymous usage statistics let us understand which calculators are useful and prioritise improvements.
- Contractual / pre-contractual (Art. 6(1)(b)): processing your calculator inputs transiently to return a result is performance of the service you requested.
We do not rely on consent (Art. 6(1)(a)) for any of the above, because none of the processing is for marketing purposes.
4. How long we keep it
| Data | Retention |
|---|---|
UsageEvent rows (everything in §2.2 — calculator inputs, mode, payload_summary, IP, referer, etc.) |
90 days from the event. Older rows are deleted automatically by the scheduled prune_usage_events job. |
Contact form submissions (ContactRequest) |
24 months from the date of the message, or sooner if you ask us to delete it. |
| Web server logs (gunicorn) | 30 days, then rotated. |
| Django sessions | 14 days from last activity. |
We do not sell, share, or transfer your data to third parties.
5. Your rights under UK GDPR
You have the right to:
- Access — request a copy of any data we hold that relates to you. Because we use IP-hashed identifiers, you may need to share your current IP for us to look it up.
- Erasure — request that we delete data relating to you. Because rows are anonymised by design, we generally have no practical way to identify "you" without you giving us your current IP, but on request we'll delete any rows that match.
- Rectification — irrelevant in practice (we don't store modifiable personal data).
- Object to processing — you can ask us to stop logging your visits; we'll add your IP hash to a do-not-log list.
- Lodge a complaint with the UK Information Commissioner's Office (https://ico.org.uk/) if you think we've mishandled your data.
To exercise any right, email the contact address above.
6. Security
- All traffic is served over HTTPS (TLS 1.2+).
- Passwords are not collected — there is no user account system.
- The database is on a self-hosted server. Backups are encrypted at rest.
- Source code is open source and reviewable.
7. Children
The Calculator is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has submitted information, contact us and we will delete it.
8. Changes
If this policy changes, we'll update the "Last updated" date above. Material changes (e.g. new categories of data collected) will be flagged with a notice on the site for at least 30 days.
9. Disclaimer
This Calculator is not financial or tax advice. See /terms/
for the full disclaimer.