Privacy & Security Policy
For the Everyday User (The Bottom Line)
Your privacy is my top priority. When you enter your height and waist measurements into this app, all the math happens directly on your own phone or computer. I do not send your measurements to a server, I do not save them, and I do not use any cookies or hidden tracking software to monitor how you use the site. Your personal body metrics stay strictly on your device, with the only exception being if you specifically use the compliance API endpoint (which is transmitted securely and never stored).
If you decide to reach out to me using the contact form, I will only use the name and email address you provide for one simple reason: to reply to your message. I do not save your contact info to a marketing list, I do not send spam, and I absolutely never sell your information. Your message is forwarded securely to my inbox so I can help you out.
This project was built with personal equipment on personal time. No government equipment, systems, or duty time were used in its development or operation.
For the Security Nerd (Under the Hood)
Architecturally, HeightWaist operates as a localized, client-side calculator designed to keep body metric processing on-device. The main UI executes DOM-state operations locally within your browser environment. My Cloudflare Worker acts as a stateless edge runtime for app delivery and API handling, and it does not persist your height/waist inputs. The application uses zero persistence for user state, meaning no cookies, localStorage, sessionStorage, or third-party analytics scripts are deployed.
The only network exceptions are the optional /api/compliance endpoint and the contact form. If the compliance endpoint is manually invoked, payload data is transmitted via TLS/HTTPS, evaluated statelessly, and discarded. Similarly, data submitted via the contact form (name, email, and message strings) is routed via HTTPS to a serverless Cloudflare Worker, which acts solely as a relay to pass the data to a third-party transactional email API (Resend). I do not persist contact form payloads in any proprietary database and use the data exclusively for one-to-one communication.