numcal. / PRIVACY

Privacy, surveyed.

The short version: we keep nothing. The slightly longer version follows — it’s short too, because there isn’t much to explain when nothing is retained.

Files you upload

What happens to them?

Files dropped on the converters (fitness files, old documents, Outlook archives) travel over HTTPS, are converted, and the result is sent straight back. Fitness files are processed entirely in memory. Old-format and mail files are written to a private temporary folder for the seconds the conversion engine needs, then deleted — the moment your download finishes, nothing of your file exists here anymore.

Does anyone look at them?

No. No human sees them, nothing scans them, nothing indexes them, and they are never copied anywhere. There is no “files are deleted after 24 hours” fine print because there is nothing to delete. We can’t hand your files to anyone — we don’t have them.

Tools that never upload

The date & number calculators

Everything under /date and /num runs entirely in your browser — what you type is never sent to us. One exception worth naming: the world clock can remember cities you add, and it stores that list in your browser’s own localStorage. It stays on your machine; we never see it.

What the server does record

Standard access logs

Like nearly every web server, ours writes an access log: timestamp, IP address, the URL requested, browser user-agent, response size. We use it for one thing — counting page views in aggregate. File names and file contents never appear in logs. The logs are small, rotate automatically at a fixed size, and old entries are overwritten within days to weeks — nothing is archived.

Rate limiting

To keep one script from hogging the converter, the server holds recent requester IPs in memory for about a minute. That’s RAM, not a record — it’s gone on the next rotation of the sixty-second window, and entirely gone on restart.

Cookies & third parties

Cookies, analytics, ads

None. No cookies, no analytics scripts, no ad networks, no tracking pixels, no fingerprinting. View-source will confirm it — the pages are plain HTML with a little inline JavaScript.

The third-party requests, both of them

The two typefaces on this site load from Google Fonts, so your browser requests font files from Google’s servers — Google sees your IP address and the page URL in that request, as with any font CDN.

The file viewer additionally loads its map background tiles from OpenStreetMap (openstreetmap.org). Tile requests carry your IP address and the coordinates of the map area being displayed — which, when you view a recorded activity, is roughly where that activity took place. The file itself is parsed entirely in your browser and is never uploaded; if the tile requests bother you, the viewer’s stats, elevation profile and splits work without the map. No other page makes any third-party request.

Where does this all run?

On a single small rented server (Linode/Akamai) in Newark, New Jersey, USA. Your files pass through it for seconds; the access logs above live on it briefly. That’s the entire infrastructure.

The contact form

The one thing we do keep — because you asked us to

If you send a note through the contact form, we keep it: what you wrote, the name and email if you chose to leave them, the time, and the sending IP address (our only tool against spam floods). It sits in a file on the same server, is read by a human, and is deleted once handled. It is never emailed anywhere or passed to any service. An email address you leave is used to reply and for nothing else.

Your data rights

Access, correction, deletion

Because nothing identifiable is kept beyond the short-lived access logs and any contact message you chose to send, there is usually nothing to look up, hand over, correct or delete — your uploads are gone before you could ask. Want a contact message of yours deleted unread? Say so via the same form; both go together. If this page and reality ever disagree, reality wins and we fix the page.