Privacy Policy

This Privacy Policy applies to the UtilityApps website at https://utilityapps.siteand all subdomains we operate (collectively, the “Service”). It is written to comply with the EU General Data Protection Regulation (GDPR), the UK Data Protection Act, the California Consumer Privacy Act (CCPA / CPRA), and equivalent regulations in other jurisdictions. Where local law grants you greater protections, those apply.

Summary

• We do not require an account to use any tool on the Service.
• Most tools run entirely in your browser; your inputs and files never leave your device.
• We collect a minimal set of anonymous analytics to know which tools to build next.
• We never sell your personal data.
• You can delete your data at any time — see Your rights.

1. Data we collect

Anonymous tool analytics

When you use a tool, we record an anonymous event that includes the tool ID, an approximate device class (mobile / desktop / tablet), country derived from IP at request time (then discarded), and a random session identifier stored in your browser's local storage. This identifier is generated locally and is not linked to your name, email, or IP address. We use these events to rank trending tools and decide which ones to improve.

We rely on Supabase (a Postgres database hosted in the EU/US) for storage. The Supabase tables backing analytics are tool_usage, search_queries,tool_ratings, and blog_views. Aggregate counts older than 13 months are deleted automatically.

Bookmarks and recently used tools

When you bookmark a tool or use one, we store the tool ID and a timestamp on your device via localStorage, plus optionally in Supabase keyed to the random session ID described above. Clearing your browser data removes everything stored locally.

Newsletter subscribers

If you subscribe to our newsletter, we store the email address you provide, the page or context you subscribed from (e.g. “footer”, “blog-sidebar”), and a timestamp. We use this to send the weekly newsletter and a one-time welcome email. We send through Resend (a transactional email provider). You can unsubscribe with one click from any email; doing so removes you from the list.

Contact form

If you write to us through the contact form, we receive your name, email, subject, and message. We use this only to reply. Messages are retained for up to 24 months, then deleted, unless they document a security or compliance matter we're required to keep.

Server logs

Our hosting provider (Vercel) automatically logs technical request data — IP address, User-Agent, response status, and response time — for up to 24 hours for abuse detection, then aggregates and discards them.

Advertising cookies (Google AdSense)

Some pages display ads served by Google AdSense. AdSense and its partners may use cookies to deliver relevant ads, frequency-cap ads you've already seen, and report ad performance. These cookies are set by Google, not us. You can opt out of personalized advertising at Google Ads Settings. For EU/UK users we present a consent banner that allows you to reject non-essential cookies.

Affiliate links

Some links to third-party stores (Gumroad, Etsy, Amazon, Shopify) are affiliate links. We may earn a commission if you purchase through them, at no extra cost to you. The affiliate platform sets its own cookies on its own domain to attribute the sale; those cookies are governed by the platform's privacy policy. See our affiliate disclosure for details.

2. Legal basis for processing (GDPR)

• Legitimate interests: anonymous analytics, server logs, and contact form replies.
• Consent: non-essential cookies (advertising, optional analytics) and newsletter subscriptions. You may withdraw consent at any time.
• Contractual necessity: when you purchase a digital product through one of our affiliate partners, the partner processes the transaction under its own terms.

3. Who we share data with

We share data only with the service providers necessary to operate the Service:

• Vercel — hosting and CDN. Standard server logs.
• Supabase — database for anonymous analytics, bookmarks, and newsletter list.
• Resend — transactional and newsletter email delivery.
• OpenAI — when you use the AI search, your search query is sent to OpenAI for intent classification. OpenAI does not retain queries from API usage past 30 days.
• Google AdSense — only where ads are displayed and only with your consent (EU/UK).

We do not sell or rent personal data. We do not share data with marketing or data-broker third parties.

4. International transfers

We process data primarily in the United States and the European Union. Where we transfer personal data out of the EU/UK, we use Standard Contractual Clauses approved by the European Commission and the UK Information Commissioner.

5. Retention

• Anonymous analytics events: 13 months, then deleted.
• Newsletter list: until you unsubscribe.
• Contact form messages: up to 24 months.
• Server logs: up to 24 hours.
• Bookmarks: as long as you keep them, or until you clear local storage.

6. Your rights

You have the right to:

• Access the data we hold about you.
• Correct inaccurate data.
• Delete your data (right to erasure).
• Export your data in a portable format.
• Object to processing or withdraw consent.
• Lodge a complaint with your local data protection authority. EU/UK residents may contact their national DPA; California residents may contact the California Attorney General.

California residents have additional CCPA/CPRA rights, including the right to know what personal information we have collected, to delete it, and to opt out of any sale or sharing of personal data — although as noted, we do not sell or share personal data for cross-context behavioral advertising.

To exercise any of these rights, email privacy@utilityapps.site. We respond within 30 days.

7. Children

The Service is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided personal information, contact us and we will delete it.

8. Security

We use industry-standard security measures, including encrypted transport (TLS 1.2+), encrypted at-rest storage at our infrastructure providers, and least-privilege access controls. No system is perfectly secure; if we ever experience a breach affecting your data, we will notify you within 72 hours where required by law.

9. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top reflects the most recent change. Material changes will be announced on the homepage and via the newsletter at least 30 days before they take effect.

10. Contact

For privacy questions or data requests: privacy@utilityapps.site. For all other inquiries, see our contact page.