Data Controller
FreightUtils (www.freightutils.com) is operated by Marius Cristoiu, a sole trader based in the United Kingdom. For privacy enquiries, contact contact@freightutils.com.
What Data We Collect
FreightUtils is designed to minimise data collection. Most of the site — calculators, lookups, reference pages, and the unauthenticated portion of the public REST API — can be used without giving us anything other than your IP address (used transiently for rate limiting).
When you choose to do more, we collect:
- Email address — if you sign up for a free API key on /pricing or /api-docs, or if you upgrade to Pro. Used to deliver the key, the magic-link sign-in email, and (for Pro) billing-related notifications.
- API key + plan tier + signup timestamp — stored against your email so you can manage your account.
- Per-key request counts (daily and monthly) — aggregated counters to enforce rate limits. We do not log the URL paths or request bodies of authenticated calls beyond what the audit privacy contract permits (no bodies, no API key values, no IPs, no emails — see our observability doc).
- Payment metadata — if you upgrade to Pro, Stripe processes your payment. We never see or store your card details. We retain only the Stripe customer ID and subscription status linked to your email.
- IP address — used transiently by our edge for abuse prevention and rate limiting on anonymous tiers. Hashed and not retained beyond the rate-limit window.
Calculator inputs (dimensions, weights, UN numbers, HS codes, etc.) are processed in your browser or on the edge and are not associated with any identifying information.
Sub-processors
We rely on the following sub-processors to operate the service. Each is a UK GDPR Article 28 processor; none of them receive data for purposes beyond delivering their function to FreightUtils.
| Processor | Purpose | Data shared |
|---|---|---|
| Vercel | Hosting, edge runtime, request logs | HTTP request metadata (IP, path, status, UA) |
| Upstash (via Vercel KV) | Key–value store for user accounts, API keys, rate-limit counters, magic-link tokens | Email, API key, plan tier, Stripe customer ID, ephemeral magic tokens |
| Cloudflare | DNS, edge CDN for static assets | HTTP request metadata only; cookieless |
| Stripe | Payment processing for Pro subscriptions | Email, billing details, card data (collected and held by Stripe directly — we never see card numbers) |
| Resend | Transactional email (API-key delivery, magic links, billing notices) | Email address, message content |
| Sentry | Error monitoring | Error stack traces, request metadata; user-supplied data is scrubbed before send |
| UptimeRobot | Uptime monitoring (probes our public endpoints) | None of your data — only synthetic probe traffic |
A more formal data-processing agreement is available at /dpa.
Retention
- User accounts and API keys: retained while your account is active. Deleted within 30 days of account closure on request.
- Daily / monthly request counters: 48 hours (daily) and end-of-month (monthly).
- Magic-link tokens: 15 minutes — one-time use.
- Sessions: 7 days from last sign-in.
- Payment records (held by Stripe): per Stripe's retention policy — typically 7 years for tax/regulatory reasons.
- Audit and error logs: 30 days.
Your Rights Under UK GDPR
You have the right to:
- Access the personal data we hold about you (Article 15)
- Request correction of inaccurate data (Article 16)
- Request erasure of your data (Article 17 — “right to be forgotten”)
- Request a portable copy of your data (Article 20)
- Object to processing or withdraw consent at any time (Article 21)
To exercise any of these rights, email contact@freightutils.com from the address linked to your account. We respond within 30 days, usually within 2 business days.
If you believe we have not handled your data correctly, you have the right to lodge a complaint with the UK's Information Commissioner's Office (ICO): https://ico.org.uk/make-a-complaint/.
Cookies
FreightUtils uses cookies sparingly and only where strictly necessary:
- Authentication session cookie — set only when you sign in to your dashboard. HttpOnly, Secure, SameSite=Lax. 7-day expiry. PECR-exempt as “strictly necessary for a service explicitly requested by the user”.
We do not use first-party analytics cookies. Vercel Web Analytics (anonymous performance metrics) and Cloudflare Web Analytics (if used at the CDN edge) are cookieless. We do not use Google Analytics, advertising pixels, or any cross-site tracking. There is no cookie consent banner because there is nothing requiring consent under PECR.
Your theme preference (light/dark mode) is stored in your browser's localStorage and never transmitted.
Children's Privacy
FreightUtils is a professional reference tool for the freight and logistics industry. We do not knowingly collect information from anyone under 16.
Changes to This Policy
We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date. Material changes affecting Pro subscribers will be notified by email at least 30 days before they take effect.
Contact
For privacy enquiries, data subject access requests, or to flag a concern: contact@freightutils.com.