Legal

Privacy Policy

Last updated: April 2026

Who runs this site

ShelterMetrics is operated as a solo project during its current beta phase. Contact for any data request, correction, or complaint: hello@sheltermetrics.org. A UK ICO-registered business entity will be published here before the service moves out of beta.

What we collect

• Account details — email address and password (stored hashed by our auth provider, Supabase).
• Usage metadata — number of photos analysed per month, timestamp of each batch, the numerical porosity results, and your tier.
• Photographs you upload — processed in memory to compute porosity, then discarded. We do not store your uploaded images on our servers.
• IP address of each analyse request — logged for abuse prevention, retained for 14 days, then rotated out with system logs.

What we don’t collect

• We do not use analytics cookies or third-party trackers.
• We do not sell or share your data with third parties for advertising.
• We do not run any tracking pixels.
• The only cookies set are the Supabase auth session and our anonymous-trial counter, both strictly necessary for the service to function.

Lawful basis (UK GDPR / EU GDPR)

We process your email and usage metadata under contract (providing you with the service you signed up for). We process IP addresses under legitimate interests (preventing abuse of the free tier).

Where your data is stored

Account and batch metadata are stored in Supabase Postgres (EU region). The application server runs on a Hetzner Cloud VM in Germany. We do not transfer personal data outside the EU / UK / adequate-jurisdictions.

Your rights

• Access — download all your data as JSON from the dashboard (“Export my data”).
• Erasure — delete your account and all associated data from the dashboard (“Delete account”). This cannot be undone.
• Rectification — email us to correct any stored detail.
• Complaint — you can complain to the UK Information Commissioner’s Office at ico.org.uk.

Data retention

Account + batch metadata are retained for as long as your account is active. If you delete your account, all associated records are removed within 24 hours (Supabase cascade delete). Server access logs are rotated at 500 MB or roughly fortnightly, whichever comes first.

Children

This service is not intended for users under 16.

Changes to this policy

This is a beta service and the policy may change as the product matures. Material changes will be notified by email to signed-up users.