Privacy policy
Effective date: 2026-04-28. Last updated: 2026-04-28.
The short version
The values you enter into our calculators are processed entirely in your browser. We never see them, store them, or send them anywhere. We use two analytics services: Plausible (cookie-less, runs by default) and Google Analytics 4 (cookie-based, runs only if you click "Accept all" in the cookie banner). You can change your mind at any time — see the "Withdrawing consent" section below.
Who we are
HealthScorer is operated as an independent reference project. We are the data controller for any personal data covered by this policy. For data-subject requests, see contact.
What we collect
1. Calculator inputs — never collected
Calculations run entirely in your browser using vanilla JavaScript. Your weight, height, mood scores, dates of last menstruation, and every other input you type into a calculator stays on your device. Nothing is sent to our servers, ever.
2. Plausible Analytics — cookie-less, on by default
Plausible runs by default and does not require consent because it does not use cookies, does not assemble a user profile, and does not collect personally identifiable data. It records aggregate page-view events with the URL, locale, and a coarse referrer. Data is processed on EU servers (Hetzner, Germany). See Plausible's data policy for the full technical details.
3. Google Analytics 4 — cookie-based, off until you accept
GA4 is loaded via Google Tag Manager and configured with Consent Mode v2. By default, all consent categories (analytics, advertising, personalization) are set to denied, which means GA4 sends only anonymous pings without user identifiers and without setting cookies. If you click "Accept all" in the cookie banner, consent is updated to granted and GA4 begins full collection (page views, events, session aggregation).
Configured settings:
- Property ID: G-V0QLXE2PZX
- IP anonymization: enabled (
anonymize_ip: true) - Default retention: 14 months (Google's lowest non-zero setting)
- Data location: Google may transfer data to the United States; this is governed by the EU-US Data Privacy Framework and Google's Standard Contractual Clauses
4. Cookies and local storage we use
| Name | Type | Purpose | Lifetime |
|---|---|---|---|
hs-cookie-consent | localStorage | Remembers your accept/reject choice | Until cleared |
_ga | Cookie (GA4) | User identifier — only set if you accept | 2 years |
_ga_V0QLXE2PZX | Cookie (GA4) | Session identifier — only set if you accept | 2 years |
5. Standard server logs
Our hosting provider (Cyberfolks, Poland) keeps short-lived access logs (IP, user-agent, request path) for security and abuse-prevention purposes. These are rotated on a 30-day cycle and are not used for analytics.
6. Affiliate links
If you click an outbound affiliate link, the destination merchant may set its own cookies. We do not control or see those cookies. Affiliate links are disclosed inline.
What we don't collect
- We don't sell your data.
- We have no account system, no login, no profile.
- We don't run advertising trackers (Meta Pixel, X/Twitter, TikTok, etc.).
- We don't embed third-party social media buttons that track you.
- We don't perform fingerprinting or device-graph correlation.
Withdrawing consent
You can change your cookie choice at any time:
- Open your browser's developer tools (or browser settings).
- In Local Storage for
healthscorer.com, delete the keyhs-cookie-consent. - Reload the page — the cookie banner will reappear and you can re-decide.
To clear data already collected by GA4, you can also clear cookies in your browser for this domain. To request deletion of historical GA4 records associated with your visit, contact us via the channel below.
Your rights (GDPR / UK GDPR / CCPA)
Under the GDPR (EU), UK GDPR, and CCPA (California), you have the following rights:
- Access: request a copy of any personal data we hold about you.
- Rectification: ask us to correct inaccurate data.
- Erasure: ask us to delete your data ("right to be forgotten").
- Restriction: ask us to stop processing your data while a dispute is resolved.
- Portability: receive your data in a machine-readable format.
- Object: object to processing based on legitimate interests.
- Withdraw consent: at any time, with no penalty (see above).
- Lodge a complaint: with your national data protection authority. In Poland that is UODO (uodo.gov.pl).
Because we don't collect personally identifiable data outside cookies you've consented to, most "access/rectification/erasure" requests are moot — clearing your browser cookies achieves the same outcome instantly.
Children
The site is not directed at children under 16. If you believe a child has used the site and you'd like to delete any associated data, contact us.
Changes to this policy
If we make material changes (for example, adding a new analytics provider), we will update the "Last updated" date at the top and surface the change via the cookie banner so existing users can re-consent if they wish.
Contact
Questions about this policy or about exercising your rights: see contact.