Privacy Policy
Last updated January 1, 2025 — GDPR (EU) 2016/679 compliant
CalcolaRischio is designed with Privacy by Design (Art. 25 GDPR): data remains exclusively in your browser via localStorage. No health data, no tracking cookies, no server pings.
1 Data Controller
The data controller is CalcolaRischio, managed by Ermald Billa (ermaldbilla.com).
Privacy Email: privacy@calcolarischio.it
2 Data We Collect
Data We Do NOT Collect
- IP Address (never recorded by CalcolaRischio)
- Health parameters: blood pressure, cholesterol, blood glucose, eGFR, weight, height — never transmitted
- First name, last name, email, or any personal details
- Tracking cookies, browser fingerprinting, session identifiers
- Profiling data or ad targeting parameters
Data in Browser localStorage (Not Transmitted)
| localStorage Key | Content | Purpose | Transmitted? |
|---|---|---|---|
calcolarischio_theme | "dark" or "light" | Visual theme preference | No |
calcolarischio_cookie_ok | "1" | Privacy banner closed status | No |
calcolarischio_stats | {"bmi": 3, ...} | Local usage counter (only visible to you) | No |
calcolarischio_lang | "it", "en", "fr"... | Language preference | Used only to set the language server-side — no personal data included |
How to Delete Data: F12 -> Application -> localStorage -> domain -> delete keys. Or clear your browser cache.
3 How Calculations Work — Privacy by Design
All calculations (BMI, FINDRISC, ASCVD, SCORE2) are performed entirely via JavaScript in your browser. The server never receives health parameters, results, or any information entered into forms.
Verification: open F12 -> Network while running a calculation. You will see no HTTP requests sent to the server during the calculation process.
4 localStorage and Local Preferences
CalcolaRischio exclusively uses your browser localStorage. Unlike cookies, localStorage data is not automatically transmitted to the server with every HTTP request; it remains confined to your device and contains no unique identifiers.
Since we do not use profiling or tracking cookies, user consent is not technically required under Art. 6 GDPR (Recital 26 — genuinely anonymous and technical data). The banner is displayed purely for absolute transparency.
5 Browsing Data (Hosting Provider Logs)
The hosting provider automatically records technical HTTP access logs (IP address, date/time, requested URL, user-agent). CalcolaRischio has no control over these infrastructure logs. Retention period is typically 7 days. Legal basis: Art. 6(1)(f) GDPR — legitimate interest for server infrastructure security.
6 No Third Parties
CalcolaRischio does not use:
- Google Analytics, Plausible, Matomo, or any web analytics systems
- Google AdSense, ad networks, or behavioral targeting systems
- Facebook Pixel, LinkedIn Insight Tag, or social network SDKs
- Google Fonts or third-party CDNs for fonts or JavaScript libraries
- Tracking pixels, web beacons, or browser fingerprinting technologies
7 Legal Basis
Since CalcolaRischio does not collect personal data (Art. 4(1) GDPR), the Regulation does not directly apply. The localStorage data is purely technical and anonymous under Recital 26 GDPR.
8 Your GDPR Rights
Since we do not collect personal data, the rights under Articles 15-21 GDPR do not directly apply. You have full, autonomous control over the data stored in your browser localStorage.
For any questions: privacy@calcolarischio.it
You can file a complaint with the Data Protection Authority: garanteprivacy.it
9 Minors
CalcolaRischio is intended for an adult audience. It does not knowingly collect data from individuals under 16 years of age.
10 Contacts
| Privacy Email | privacy@calcolarischio.it |
| Developer | Ermald Billa |
| Italian DPA (Garante Privacy) | garanteprivacy.it |
Sources: GDPR Reg. EU 2016/679 · Data Protection Laws