Privacy Policy

2.1 Calculator Inputs & Local Storage

When you use our calculators, you may enter information such as ZIP code, estimated household income, home square footage, monthly energy usage, and similar inputs. This data is stored exclusively in your browser's localStorage for your convenience. It is never transmitted to or stored on our servers. It is used solely to fetch location-specific utility rate and solar data from third-party APIs (NREL, EIA) and to display your results. You can clear this data at any time by clearing your browser's local storage or site data.

2.2 Cookies & Similar Technologies

We use a small number of cookies. See Section 5 (Cookie Policy) for full details.

2.3 Usage Analytics (Consent Required)

If you accept analytics cookies via the consent banner, we collect anonymized site-usage metrics through Google Analytics 4 and Microsoft Clarity. This may include page views, approximate geographic region (country/state level), browser type, device type, and session duration. IP addresses are anonymized before processing. We do not collect or store personally identifiable information through analytics.

2.4 Email Address (Opt-In Only)

If you voluntarily submit your email address via the post-result opt-in form or exit-intent prompt, we collect your email address and an optional topic tag (solar, EV, or energy efficiency). Submission is entirely optional. We use your email solely to send relevant educational newsletters via ConvertKit. Double opt-in confirmation is required. You can unsubscribe at any time via the link in any email we send.

4.1 NREL — National Renewable Energy Laboratory

Solar production estimates use the NREL PVWatts API. We send only a ZIP code to NREL; no personal data is shared. NREL is a US federal laboratory operated by Alliance for Sustainable Energy on behalf of the US Department of Energy. Solar data provided by the National Renewable Energy Laboratory (NREL) / U.S. Department of Energy.

4.2 EIA — U.S. Energy Information Administration

Electricity and natural gas rate data is sourced from the EIA open data API. We send only ZIP code or state code; no personal data is shared. Electricity and gas rate data: U.S. Energy Information Administration (EIA).

4.3 Google Analytics 4

Anonymized site usage metrics (page views, sessions, device type). IP anonymization is enabled. GA4 is disabled by default and activated only after you accept analytics cookies. Data is processed by Google LLC and retained for 14 months. Privacy policy: policies.google.com/privacy.

4.4 Microsoft Clarity

Heatmaps and session recordings (anonymized). No personally identifiable information is captured. Clarity is disabled by default and activated only after you accept analytics cookies. Privacy policy: privacy.microsoft.com.

4.5 Google AdSense

GainTally displays advertisements served by Google AdSense on calculator pages. Google AdSense is a third-party ad network that uses cookies — including DoubleClick cookies — to serve interest-based advertisements based on your prior browsing activity across the web. AdSense is disabled by default until you accept advertising cookies. When you decline ad cookies, AdSense serves non-personalized ads (NPA) or no ads.

You can opt out of personalized advertising at any time via Google Ad Settings or the Digital Advertising Alliance opt-out.

Google AdSense privacy policy: policies.google.com/privacy.

4.6 ConvertKit

Used only if you opt in to our newsletter. We transmit your email address and topic tag to ConvertKit, Inc. (US) for email delivery. Data is transferred under Standard Contractual Clauses. ConvertKit privacy policy: convertkit.com/privacy.

5.1 Functional Cookies (Always Active)

• cec_consent — Stores your cookie consent preferences (JSON). Expires in 1 year. Essential — cannot be disabled.
• theme — Remembers your dark/light mode preference. Session-based. Essential — cannot be disabled.

5.2 Analytics Cookies (Consent Required)

• Google Analytics 4 cookies (_ga, _ga_*) — Distinguish users and sessions. Retained for 2 years. Set only after consent.
• Microsoft Clarity cookies (_clsk, _clck, MUID) — Session recording and heatmap identifiers. Set only after consent.

5.3 Advertising Cookies (Consent Required)

• Google AdSense / DoubleClick cookies (IDE, DSID, NID) — Interest-based ad targeting and frequency capping. Set by Google only after consent. If you decline, AdSense serves non-personalized ads.
• ConvertKit confirmation cookie — A transient cookie set during the email double opt-in confirmation flow. Set only if you submit your email address.

5.4 Managing Cookies

You can change your cookie preferences at any time using the “Manage Cookie Preferences”link in the site footer. You can also block or delete cookies through your browser settings; however, disabling functional cookies may affect the site's appearance or behavior.

Google Consent Mode v2:Our cookie consent banner implements Google's Consent Mode v2 to set analytics and ad storage to denied-by-default until consent is granted. We currently use a custom consent implementation compatible with Consent Mode v2; full IAB TCF v2.3 CMP certification is planned for a future version.

6.1 Categories of Personal Information Collected (Last 12 Months)

• Identifiers: Email address (opt-in only); IP address (anonymized analytics, if consent granted)
• Internet / electronic activity: Page views, session data, calculator usage patterns (anonymized, if consent granted)
• Geolocation (approximate): ZIP code entered into calculators (stored in your browser only, not on our servers)
• Commercial information: Ad interaction data collected by Google AdSense (if consent granted)

We do not collect Social Security numbers, financial account information, health data, biometric data, or sensitive personal information as defined by the CCPA.

6.2 Sale or Sharing of Personal Information

We do not sell your personal information for money. However, sharing anonymized usage data with Google Analytics and sharing IP and ad-interaction data with Google AdSense (when you consent) may constitute “sharing” under the CCPA for cross-context behavioral advertising purposes.

Do Not Sell or Share My Personal Information:You can exercise this right by (1) declining ad cookies via the cookie consent banner or the “Manage Cookie Preferences” footer link, or (2) sending a request to [email protected]. We also honor the Global Privacy Control (GPC) signal; when detected, we automatically apply Restricted Data Processing mode for Google services.

6.3 Your Consumer Rights

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete: Request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Portability: Receive your personal information in a portable format.
• Right to Opt-Out: Opt out of the sale or sharing of personal information (see Section 6.2 above).
• Right to Limit Use of Sensitive PI: We do not use or disclose sensitive personal information for purposes beyond those permitted by the CCPA.

6.4 How to Submit a Request

Email [email protected] with subject “CCPA Request” and specify the right you wish to exercise. We will respond within 45 days. We will not discriminate against you for exercising any of these rights — you will not receive a different level of service or price for doing so.

7.1 Data Controller

The data controller is GainTally, reachable at [email protected].

7.2 Legal Basis for Processing

• Consent (Art. 6(1)(a)): Analytics cookies, advertising cookies, and email newsletter subscription.
• Legitimate interests (Art. 6(1)(f)): Basic site operation, security monitoring, and abuse prevention. We have determined that our legitimate interests do not override your fundamental rights.

7.3 Data Retention

• Calculator inputs:Stored only in your browser's localStorage — you control deletion by clearing browser data.
• Analytics data: GA4 data retained for 14 months (Google default). Clarity session data retained per Microsoft Clarity policy.
• Email address: Retained until you unsubscribe. A 7-day soft-delete grace period applies after unsubscribing.
• Server logs:Request logs (IP, endpoint, timestamp) retained per our hosting provider's (Hetzner) default log retention.

7.4 International Data Transfers

Our servers are hosted by Hetzner Online GmbH in Germany (European Economic Area). No transfer of your data from Europe to the US occurs on our server infrastructure; API calls to NREL and EIA are made server-side using only ZIP code or state code.

When you consent to analytics or email opt-in, limited data (anonymized IP, email address) is transferred to Google LLC and ConvertKit, Inc. (both US-based). These transfers rely on Standard Contractual Clauses (SCCs) as an appropriate safeguard under GDPR Art. 46.

7.5 Your Individual Rights

• Right of access (Art. 15): Request a copy of personal data we hold about you.
• Right to rectification (Art. 16): Request correction of inaccurate data.
• Right to erasure (Art. 17):Request deletion of your data (“right to be forgotten”).
• Right to data portability (Art. 20): Receive your data in a machine-readable format.
• Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing.
• Right to restrict processing (Art. 18): Request that we limit how we use your data in certain circumstances.
• Right to withdraw consent: You can withdraw consent for analytics and advertising at any time via the cookie preference center; for email, via the unsubscribe link.

To exercise these rights, email [email protected] with subject “GDPR Request.” We will respond within 30 days (extendable by two months for complex requests).

7.6 Right to Lodge a Complaint

If you believe we have not complied with applicable data protection law, you have the right to lodge a complaint with a supervisory authority. UK residents may contact the Information Commissioner's Office (ICO) at ico.org.uk. EEA residents may contact their national data protection authority (e.g., BfDI in Germany, CNIL in France).