Skip to content
HoldingCost

Privacy policy

Last updated:

HoldingCost is committed to protecting your privacy. This policy explains what information we collect, how we use it, how we store it, and your rights. It applies to all users of holdingcost.com regardless of location. For the cookie-and-storage inventory by item, see our cookie policy.

1. Who we are / operator information

HoldingCost operates holdingcost.com, a financial calculator platform.

  • Operator: TECH ASSURANCE PTY LTD (ACN: 661 252 320)
  • Registered jurisdiction: Australia
  • Privacy enquiries: privacy@holdingcost.com

References to "we", "us", or "our" in this policy refer to TECH ASSURANCE PTY LTD.

2. What we collect

2.1 Calculator inputs

HoldingCost does not require you to create an account. All calculator inputs are stored only in your browser's URL query parameters. They are not transmitted to or stored on our servers. We never see your individual calculator scenarios.

2.2 Online identifiers

HoldingCost does not ask you to create an account or provide directly identifying information. However, analytics, advertising, security, and hosting technologies may process online identifiers (such as cookie ids, device fingerprints, and IP addresses) under our consent and privacy controls described below.

2.3 Cookies and similar technologies

We use cookies and browser localStorage in the four categories described in §3 below. The full inventory — every cookie and storage key, by provider, purpose, and retention — is in our cookie policy.

2.4 Cloudflare server logs

Our hosting provider (Cloudflare) collects standard server logs including IP addresses, request timestamps, and browser user agents for security, abuse prevention, and bot mitigation. The legal basis is legitimate interest (GDPR Article 6(1)(f)). This data is processed by Cloudflare under their privacy policy. We do not access individual IP address logs in normal operations.

2.5 Error monitoring

We use Sentry to capture browser errors so we can fix bugs that affect our calculators and pages. Error monitoring is gated by your Analytics consent — when analytics consent is denied, error events are discarded in your browser before anything is sent. We have configured Sentry not to attach IP-address or user-agent enrichment, and session replay (which would record page contents and keystrokes) is switched off. Error monitoring is built into the site but dormant: it is not yet connected to a Sentry account and, while dormant, transmits nothing.

2.6 Aggregate page analytics

We use Cloudflare Web Analytics for privacy-first, aggregate page-view measurement. It is cookieless, sets no storage on your device, collects no personally identifiable information, and does not track you across sites — so it does not require consent. It is enabled from our Cloudflare hosting dashboard rather than from any script we ship, and reports only aggregate counts, never a per-visitor record.

3. The four consent categories and the seven Consent Mode v2 signals

HoldingCost organises consent into four user-controlled categories. Each category maps to a defined set of Google Consent Mode v2 signals — all seven signals are always set together, never partially.

Category Consent Mode v2 signals What it covers
Necessary (always on) functionality_storage, security_storage Saving your preferences and basic security
Analytics analytics_storage Google Analytics 4 anonymised usage data; Sentry error monitoring (when active)
Advertising storage ad_storage, ad_user_data Google AdSense ad measurement and frequency capping
Personalised ads (currently disabled) ad_personalization, personalization_storage Cross-site interest-based ad targeting. The toggle is currently hidden because personalised advertising is disabled site-wide; both signals are always set to denied until we enable it.

No category in this list collects personally identifiable information about you. Google Analytics and AdSense data are processed by Google LLC under their privacy policy and data processing terms.

You can change these choices at any time from the "Privacy choices" link in the site footer.

4. Consent flows by region

Today, every visitor — regardless of country — sees HoldingCost's custom four-category consent banner described above. Display advertising is still being set up, so the region-specific flow described below is not yet active. The "Privacy choices" footer link opens the same preferences modal pre-populated with your current choices, and our default Consent Mode v2 posture is denied for every signal until you decide.

Once display advertising is approved and live, visitors will see one of two consent flows depending on the country we infer from their network connection:

  • Visitors from the EEA, United Kingdom, or Switzerland will see Google's Privacy & Messaging Consumer Management Platform (CMP), which is certified to IAB Transparency & Consent Framework v2.3. Google's CMP handles the consent collection, the IAB TCF signals, and the storage. You will be able to revisit your choices any time from the "Privacy choices" link in our footer.
  • All other visitors will continue to see HoldingCost's custom four-category consent banner.
  • Visitors with an unknown country see the custom banner, so unknown geography never produces a worse experience than non-EEA geography.

When the region-specific flow is active, it is decided once per page load based on your country. We do not redirect or change which calculators are shown to you — only the consent UI differs.

5. Re-prompt protocol

Your decision is stored in your browser as a versioned record (hc_consent_v2). The banner re-shows when any of:

  • no record exists (first visit, or you cleared browser storage);
  • the version of the categories has changed because we changed what we collect (for example, if we add lead-generation cookies in future); or
  • the record is more than 12 months old (rolling re-prompt).

6. How we use your data

We use analytics data solely to understand how our calculators are used and to improve the product. We do not:

  • build advertising profiles tied to your identity;
  • sell or rent personal data to third parties;
  • make automated decisions that produce legal or similarly significant effects about you; or
  • enrich analytics events with personally identifiable information.

7. Data sharing

We share anonymised analytics data with Google LLC (Google Analytics). Where you have granted advertising consent, we also share signals with Google LLC (Google AdSense) under a data processing agreement. We share standard server-log fields (IP, user agent, request timestamp) with Cloudflare as our hosting provider, and aggregate, cookieless page-view counts with Cloudflare Web Analytics. Once error monitoring is connected and where you have granted analytics consent, browser error events are processed by Sentry under their data processing terms. We do not sell, rent, or share your personal data with any other third party, except as required by law. We do not currently maintain affiliate or lead-generation relationships; if we add them in future, this section will describe the additional data flows and we will re-prompt you for fresh consent where applicable.

8. Data retention

  • hc_consent_v2 — 12 months from the date of your decision; you'll be re-prompted thereafter.
  • Google Analytics data — subject to Google's data retention settings, which we have set to 14 months.
  • hc_analytics_consent — earlier-format consent record retained for backwards compatibility; will be retired in a future update.
  • Cloudflare server logs — per Cloudflare's retention policy.

You can clear or change your decision at any time from the "Privacy choices" link in the footer.

9. International data transfers

Analytics and advertising data processed by Google may be transferred to and stored in the United States and other countries. Google operates under Standard Contractual Clauses approved by the European Commission for such transfers.

10. Your rights

10.1 Australian users (Privacy Act 1988)

You have the right to access, correct, or request deletion of any personal information we hold about you. Because we do not collect personally identifiable information in normal operations, most requests will result in confirmation that no personal data is held.

10.2 EU/UK users (GDPR / UK GDPR)

You have the right to access, rectify, erase, restrict, or object to processing of your personal data. You have the right to data portability. Our legal basis for processing analytics and advertising data is consent (Article 6(1)(a) GDPR). Our legal basis for processing Cloudflare server logs is legitimate interest (Article 6(1)(f) GDPR — security and abuse prevention). You may withdraw consent at any time without affecting the lawfulness of prior processing. You have the right to lodge a complaint with your local supervisory authority.

10.3 California users (CCPA / CPRA)

California residents have the right to know what personal information is collected, to request deletion, and to opt out of the sale or sharing of personal information. HoldingCost does not sell personal information. The CCPA / CPRA opt-out is honoured via the Privacy choices link in our footer (turn off Advertising storage and Personalised ads in the consent preferences modal, or click "Reject non-essential" on the consent banner). If your browser sends a Global Privacy Control (GPC) signal, we honour it automatically — advertising and personalised-ads tracking are denied, while analytics remains allowed. You can also use the Privacy choices link in our footer to make a different selection at any time. To exercise your other rights, contact us at privacy@holdingcost.com.

11. Children's privacy

HoldingCost is not directed at children under 16, and we do not knowingly process personal data of children under 16. The platform requires no signup, collects no PII, and stores no calculator inputs server-side. Several calculators (including pocket-money planners and education-cost tools) may be of interest to younger users; we recommend parental supervision and reiterate that no input data leaves the user's browser.

If you believe a child under 16 has provided us with personal data, please contact us at privacy@holdingcost.com and we will investigate and delete it promptly.

12. Changes to this policy

We may update this privacy policy from time to time. The date at the top of this page reflects the most recent revision. When we materially change what we collect, we increment the version of hc_consent_v2 so existing users are re-prompted, and we post a notice on the website.

13. Contact

For privacy-related enquiries or to exercise your rights, contact us at privacy@holdingcost.com. We will respond within 30 days.