Last updated: 21 February 2026
Spirit Level Pro (“we”, “us”, “the app”) is a browser-based progressive web app at spiritlevel.pro. We are committed to protecting your privacy. This policy explains what data we collect, why, and your rights under applicable law including the EU General Data Protection Regulation (GDPR), UK GDPR, the US California Consumer Privacy Act (CCPA/CPRA), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), the Australian Privacy Act 1988 (APPs), and New Zealand’s Privacy Act 2020.
The core function of Spirit Level Pro runs entirely on your device. The following data is stored locally in your browser (IndexedDB and localStorage) and never transmitted to any server:
We have no server-side database. We cannot access, view, or recover your measurements, photos, or location data. Clearing your browser data deletes it permanently.
If you consent, we use PostHog for anonymous product analytics to understand how the app is used and improve it. PostHog is hosted in the European Union (eu.i.posthog.com).
| What is collected | What is NOT collected |
|---|---|
| Anonymous usage events (e.g. “calibrated”, “mode toggled”), device type, browser, screen size, country (from IP, not stored) | Your name, email, IP address (anonymised by PostHog), measurements, photos, GPS coordinates, anything you type |
Legal basis (GDPR): Consent (Article 6(1)(a)). Analytics only load after you tap “OK” on the consent banner. You can withdraw consent at any time by clearing your browser’s localStorage for this site.
No cookies. PostHog uses localStorage (not cookies) with a random anonymous identifier. No third-party advertising cookies are used. No data is shared with advertisers.
If you decline analytics, no tracking code loads at all — not even the PostHog script.
Pro upgrades are processed by Stripe, Inc. When you purchase, you are redirected to Stripe’s checkout page. We do not see or store your payment card details. Stripe processes your payment data under their own privacy policy: stripe.com/privacy.
The only payment-related data we receive is a redirect parameter confirming the purchase succeeded. This sets a local flag (localStorage.pro) on your device. We have no payment database.
The app uses a service worker to cache assets for offline use. Cached files are stored in your browser’s Cache Storage and are limited to app code and icons. No personal data is cached by the service worker.
| Service | Purpose | Data shared | Location |
|---|---|---|---|
| PostHog | Analytics (with consent) | Anonymous events, device info | EU |
| Stripe | Payment processing | Payment details (on Stripe’s page) | US/EU |
| Cloudflare | Hosting & CDN | Standard HTTP logs (IP, URL, user agent) | Global |
We do not sell, rent, or share your personal information with any other third parties.
If you are in the European Economic Area or the United Kingdom, you have the right to:
Since all personal data resides on your device, you can exercise erasure and portability by clearing browser data or exporting via CSV. To withdraw analytics consent, clear localStorage or reinstall the app. You may also lodge a complaint with your local Data Protection Authority.
If you are a California resident, you have the right to:
Categories of personal information collected (with analytics consent): identifiers (anonymous device ID via PostHog), internet activity (anonymous usage events). We collect no real names, emails, phone numbers, or financial information.
We comply with Canada’s PIPEDA principles: we collect analytics data only with consent, for the identified purpose of improving the app, and retain it only as long as necessary. You may withdraw consent at any time.
We comply with the Australian Privacy Principles (APPs). We collect minimal anonymous analytics data with your consent. We do not disclose personal information overseas except as described in Section 5 (PostHog EU servers, Cloudflare global CDN). You may request access to or correction of data by contacting us.
We comply with New Zealand’s Information Privacy Principles (IPPs). Collection is minimal and consensual. You have the right to access and correct any personal information we hold.
Spirit Level Pro is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, please contact us and we will delete it.
On-device data: retained until you clear your browser data. Analytics data: retained by PostHog for up to 12 months, then automatically deleted. Payment records: retained by Stripe per their retention policy.
The app is served over HTTPS with HSTS, uses Content Security Policy headers, and stores all user data locally with no server-side database to breach. Analytics data is transmitted to PostHog over encrypted connections.
We may update this policy from time to time. The “Last updated” date at the top will change. Continued use of the app after changes constitutes acceptance of the revised policy.
For privacy questions, data requests, or to exercise your rights:
Email: [email protected]