Privacy Policy

Last updated: 17 May 2026

We keep this short and plain. Here’s what Student Finance Overseas Repayment Calculator collects, why we need it, and what you can do with it.

The short version: we collect the data needed to run the calculator and optional account features. We don’t sell your data. Third parties are limited to hosting, consent management, account email delivery through Resend, and Google AdSense if you opt in.

Controller

The controller for this service is Aedan Edward Lawrence.
Leiblachstr. 5
88138, Sigmarszell
Bayern, Deutschland
Email: [email protected].

You can also find provider details in the Impressum.

1. What we collect and why

Account data (registered users only):

Email address — identifies your account and lets you sign in.
Account email delivery — your email address is sent to Resend so we can send confirmation links, password reset links, and important account, service, or legal notices.
Graduation date (optional) — pre-fills the calculator.
Outstanding loan values (optional) — undergraduate and postgraduate loan balances you choose to save.
Calculator defaults (optional) — country, repayment plan, salary, and whether to include a Postgraduate Loan by default.
Calculation history — each time you run the calculator while signed in, we store only the country, repayment plan, tax year, whether Postgraduate Loan was selected, and the time of calculation. We do not store the salary entered, converted salary, repayment amount, threshold, or exchange rate in your account history.

Legal basis: Contract performance (Art. 6(1)(b) GDPR) — needed to provide the account you signed up for.

Anonymous calculation statistics (visitors not signed in): when you run the calculator without an account, we store only daily aggregate usage counts by country, repayment plan, tax year, and whether Postgraduate Loan was selected. We do not store your salary, repayment amount, IP address, session ID, or an individual calculation record.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) — understanding how the calculator is used helps us keep it accurate and useful.

IP address (all visitors): used only to rate-limit requests and block abuse. Never written to a persistent log.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) — rate limiting keeps the service available and secure.

Server and security metadata (all visitors): your browser necessarily sends technical request data such as IP address, URL, user agent, referrer, and time of request to the hosting infrastructure so the website can be delivered securely.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) — providing, securing, and debugging the service.

Strictly necessary cookies:

CookieConsent — to store cookie consent preferences (1 year).
connect.sid — keeps you signed in (30 days).
csrfToken — prevents cross-site request forgery (session).

Preference cookies (optional):

selectedPlan, selectedCountry, selectedYear, includePg, noUndergradLoan — remember your calculator preferences (30 days).

Preference cookies are only set after you give preference consent. These cookies do not track you across other websites.

Advertising cookies (Google AdSense): ads are served by Google AdSense. Advertising and tracking cookies are only set after you give consent via the banner on your first visit. You can change or withdraw consent at any time using Cookiebot’s floating consent control.

Legal basis: Consent (Art. 6(1)(a) GDPR) — withdrawing consent doesn’t affect anything that happened before.

Local theme preference: the light or dark theme selection is stored in your browser’s local storage. It stays on your device and is not sent to our server as an account preference.

2. Who we share data with

We share data only where needed to run the service:

Self-hosted server infrastructure and Cloudflare CDN — website hosting and delivery. Technical request data is processed so pages, static files, and security controls can work. See the host’s privacy information.
Usercentrics A/S (Cookiebot) — consent banner and consent records. Cookiebot stores your consent choices and helps block optional scripts until you give consent.
Resend — transactional account emails, such as confirmation and password reset links. Resend receives the recipient email address and email content needed to deliver those messages.
Google LLC (AdSense) — advertising cookies, consented via the banner. Google may transfer data to the US under Standard Contractual Clauses. See Google’s Privacy Policy.

We do not sell your data. Your account data is never shared with advertisers.

Where personal data is transferred outside the UK or EEA, we rely on appropriate safeguards such as Standard Contractual Clauses, adequacy decisions, or another lawful transfer mechanism provided by the relevant service provider.

3. How long we keep data

Account data — until you delete your account.
Calculation history (signed-in users) — limited to country, repayment plan, tax year, Postgraduate Loan selection, and timestamp. Kept until you delete your account, at which point all linked calculations are permanently removed.
Anonymous calculation statistics — retained indefinitely as aggregate usage counts without salaries, repayment amounts, IP addresses, session IDs, or individual calculation records.
Confirmation and password reset tokens — until used or expired, then cleaned up automatically.
Session data — 30 days from last activity.
Preference cookies — 30 days, if you give preference consent.
IP addresses — not stored (in-memory only).
Consent records — retained by Cookiebot according to its consent log settings.

4. Your rights

Access — request a copy of the data we hold about you.
Rectification — correct inaccurate data via your profile page.
Erasure — delete your account and all data via your profile page.
Portability — download your account, saved profile data, and limited calculation history as a machine-readable JSON file from your profile page.
Restriction — ask us to pause processing in certain circumstances.
Object — object to processing based on legitimate interest.

You can use the profile page for rectification, erasure, and portability. To exercise any other right, email [email protected]. We will respond within one month.

5. Is account data required?

You can use the calculator without an account. If you choose to register, an email address and password are required so we can create and secure your account. Optional profile fields can be left blank.

6. Automated decision-making

We do not use your personal data for automated decision-making with legal or similarly significant effects. Calculator results are generated from the figures you enter and public threshold data; they are not official decisions.

7. Right to complain

If you’re not happy with how we handle your data, you can contact the relevant regulator:

Germany (Bayern): Bayerisches Landesamt für Datenschutzaufsicht (BayLDA).
United Kingdom: Information Commissioner’s Office (ICO).
Other EU countries: your national data protection authority.

8. Children

This service is not directed at anyone under 18. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it promptly.

9. Changes to this policy

If we make significant changes, we’ll update the “Last updated” date at the top and email registered users to let them know.

10. Contact

Questions about this policy, or want to exercise one of your rights? Drop us an email at [email protected].