Privacy Policy

CalcWidgets Privacy Policy

Sandlabs Pty Ltd trading as CalcWidgets · Last updated: May 2026

The 60-second summary

  • Our customers are brokers, lenders and real estate businesses who embed our calculators on their own websites. The people who use those calculators are their visitors (we call them End Users).
  • Calculations run in the End User's browser. The values they enter (loan amount, income, etc.) are not transmitted to or stored by us.
  • We record anonymous usage events — e.g. which calculator was opened, whether a call-to-action was clicked. No names, no email addresses, no IP addresses, no input values.
  • For our customers (the businesses that pay us) we collect normal account information — name, email, business details, billing data — to operate the service.
  • We comply with the Australian Privacy Principles (Privacy Act 1988) and, for our New Zealand customers and users, the Privacy Act 2020.

1. Who we are

CalcWidgets is a service operated by Sandlabs Pty Ltd (“Sandlabs”, “we”, “us”), an Australian company. We provide embeddable mortgage and finance calculator widgets to brokers, lenders and real estate businesses.

This policy explains how we handle personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) and, where applicable, the New Zealand Privacy Act 2020 and the GDPR for visitors based in the European Economic Area or United Kingdom.

If you have questions, contact us at privacy@sandlabs.com.au.

2. Definitions

Customer — a business (broker, lender, agency) that has signed up to embed our widgets on their website.

End User — a visitor to a Customer's website who interacts with an embedded CalcWidgets calculator.

Personal information — information about an identified individual, or about an individual who is reasonably identifiable, as defined under the Privacy Act 1988 (Cth).

Embedded widget — a CalcWidgets calculator delivered via iframe or script snippet on a Customer's website.

3. Our two roles

CalcWidgets handles personal information in two distinct capacities, and the way we treat data differs in each.

3a. As a controller of Customer account data

For information our Customers provide to us directly — signing up, configuring their account, paying invoices, contacting support — Sandlabs is the data controller. We decide how that information is used, in line with this policy.

3b. As a processor for End User interactions

When an End User loads a calculator on a Customer's website, Sandlabs acts on the Customer's behalf. The Customer is responsible for displaying their own privacy notice to End Users, and for any subsequent use of data the End User submits to them (for example, when an End User clicks a “Book a consultation” button that takes them to the Customer's booking system).

End User enquiries about how their personal information is used should be directed to the Customer in the first instance.

4. Information we collect

4a. Customer account information

  • Contact details (name, email, phone)
  • Business details (company name, website, region)
  • Billing and invoicing information (handled by our payment processor — we do not store full card numbers)
  • Brand configuration you upload (logos, colours, copy, CTA URLs)
  • Authentication tokens for your dashboard session
  • Support correspondence

4b. End User interactions with embedded calculators

Calculations are performed entirely in the End User's browser. The figures entered into a calculator (loan amount, income, expenses, interest rate, etc.) are not transmitted to or stored by Sandlabs.

We do record the following anonymous usage events to provide aggregated reporting to the Customer who owns the embed:

  • Which calculator was loaded
  • Whether a call-to-action button was clicked
  • Whether results were exported
  • A short-lived random session identifier (held in browser sessionStorage, not a cookie, cleared when the browser tab closes)
  • Referrer URL and browser user-agent string
  • Date of the event

We do not collect End User names, email addresses, phone numbers, IP addresses, or the values they enter into calculator fields.

If a Customer has enabled their call-to-action button, clicking it opens the Customer's own destination URL (for example, their booking page) in a new tab. The End User's calculator results may be passed as URL parameters to that destination so the Customer's next-step form can be pre-filled. That data is sent directly from the End User's browser to the Customer's system; Sandlabs does not retain it.

4c. Visitors to calcwidgets.com

On our marketing website at calcwidgets.com we collect standard web analytics via Vercel Analytics (page views, performance metrics) and any details you submit through the contact form. We do not run Google Analytics, Meta Pixel or similar third-party advertising trackers.

5. How we use information

  • To operate, maintain and improve the CalcWidgets service
  • To process payments and manage subscriptions
  • To respond to support enquiries
  • To produce aggregate usage reports for Customers (e.g. “234 visitors used your borrowing capacity calculator this month”)
  • To send service-related and, with consent, marketing emails
  • To detect and prevent abuse, fraud or misuse of the service
  • To meet legal, accounting and tax obligations

6. Sub-processors and third-party services

We use a small set of trusted vendors to deliver the service. Each is bound by their own privacy and security commitments.

VendorPurposeRegion
Vercel Inc.Application hosting and edge delivery; first-party performance analyticsUnited States & global edge
Supabase Inc.Managed database and authentication for Customer accounts and usage eventsSydney (ap-southeast-2)
Resend Inc.Transactional and account email deliveryUnited States
Stripe Inc.Payment processing and subscription billing for Customer accountsUnited States & Australia

We do not sell or rent personal information. We do not share Customer or End User data with advertisers.

7. Cookies and similar technologies

On calcwidgets.com (our marketing site and Customer dashboard):

  • Authentication cookies that keep you signed in to your dashboard
  • A region preference cookie (AU/NZ) so we can show the right calculators
  • UI preference cookies (e.g. dashboard sidebar collapsed state)

Inside embedded widgets on Customer websites:

  • No persistent cookies are set by the widget itself
  • A short-lived random session token is kept in sessionStorage to group anonymous events; it is cleared when the browser tab closes

You can disable cookies via your browser settings; some dashboard features will not work without authentication cookies.

8. Data security

  • All traffic to our services is encrypted in transit using TLS
  • Customer data is hosted on Supabase in the Sydney region with encryption at rest
  • Access to production systems is limited to authorised personnel and protected by strong authentication
  • We monitor for security issues and apply updates regularly

No system can be guaranteed completely secure. If you become aware of a security issue, please emailsecurity@sandlabs.com.au.

9. Data retention

  • Customer account data — retained for the duration of your subscription and for a reasonable period afterwards to handle disputes and meet legal obligations (typically up to 7 years for financial records).
  • Aggregate usage events — retained for up to 24 months to power Customer dashboards and trend reporting.
  • End User session identifiers — never persisted; cleared when the browser tab closes.
  • Support and email correspondence — retained for up to 7 years.

10. International transfers

Customer database records are hosted in Australia (Supabase, Sydney region). Some sub-processors listed in Section 6 store and process data in the United States. When we send personal information outside Australia, we take reasonable steps to ensure the recipient handles it consistently with the Australian Privacy Principles.

11. Your rights

Under Australian and New Zealand privacy law you have the right to:

  • Ask what personal information we hold about you
  • Request correction of information that is inaccurate or out of date
  • Request deletion, subject to legal record-keeping obligations
  • Opt out of marketing communications at any time
  • Lodge a complaint with us, or with the relevant regulator

To exercise any of these rights, email privacy@sandlabs.com.au.

End Users: if you used a CalcWidgets calculator embedded on a broker or agency website, please contact that business first — they are responsible for the data you submitted to them.

12. Children

CalcWidgets is intended for use by adults considering financial decisions. We do not knowingly collect personal information from children under 16.

13. Changes to this policy

We may update this policy from time to time. Material changes will be notified to Customers by email or through the dashboard. The “Last updated” date at the top reflects the most recent revision.

14. Contact us

Sandlabs Pty Ltd
Privacy enquiries: privacy@sandlabs.com.au
General enquiries: hello@sandlabs.com.au

Australia: if you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

New Zealand: complaints can be made to the Office of the Privacy Commissioner atprivacy.org.nz.

This Privacy Policy is effective as of May 2026.