RateOrchard
Calculators

Privacy

Privacy policy

Effective date: April 23, 2026

This policy explains what information RateOrchard ("we", "us") collects when you visit rateorchard.com (the "Site"), how we use it, who else may receive it, and the choices and rights you have. We have written it to meet US state privacy laws including the California Consumer Privacy Act as amended by the California Privacy Rights Act (together, "CCPA/CPRA"), the Colorado Privacy Act ("CPA"), the Connecticut Data Privacy Act ("CTDPA"), the Virginia Consumer Data Protection Act ("VCDPA"), the Utah Consumer Privacy Act ("UCPA"), and similar laws that come into force after this effective date.

1. Information we collect

We collect a limited set of categories:

  • Identifiers and internet activity: IP address, device and browser fingerprint-level information (user agent, language, time zone, screen size), pages viewed, referring URL, and timestamps. Collected automatically when you load a page.
  • Approximate geolocation: derived from your IP address at the state or city level only. We do not use GPS or precise geolocation.
  • Calculator inputs: any values you enter into a calculator on the Site stay in your browser. They are not transmitted to our servers.
  • Voluntary contact information: if you email us at one of our contact addresses (for example, editorial@, privacy@, legal@), we receive your email address and the content of your message.
  • Advertising and analytics data: if you consent to analytics and advertising cookies, the vendors described in section 5 may collect additional identifiers tied to your browser.

We do not operate a lead-generation form on this Site. We do not collect Social Security numbers, driver's license numbers, financial account numbers, precise geolocation, biometric information, health information, or other categories of sensitive personal information as defined by CCPA/CPRA.

Community salary submissions. If you use the anonymous salary submission form, we record the role, state, base and (if you choose) total compensation, plus the optional fields you fill in. We do not record your name, email, phone, or address; there is no account to create. We do store a salted SHA-256 hash of your IP address and user-agent string, used only for deduplication and to enforce a three-per-24-hour rate limit. The hash is not reversible to the raw values, and the salt is not exposed publicly. Individual submissions are never published; only an aggregate that requires at least five approved submissions per role × state combination. See the community data methodology page for the full pipeline.

2. How we use it

We use the information we collect to:

  • Deliver and maintain the Site (serve pages, prevent abuse, rate limit).
  • Measure aggregate usage patterns so we can prioritise content.
  • Serve display advertising if you have consented.
  • Respond to your emails and privacy rights requests.
  • Comply with legal obligations and enforce our terms.

3. Who we share it with

The categories of recipients are:

  • Hosting and infrastructure: Vercel (hosting), Cloudflare (DNS, CDN, WAF), Supabase (database), Upstash (rate limiting cache). They act as service providers and process information only under our instructions.
  • Analytics: Google Analytics 4, only if you consent to analytics cookies.
  • Advertising: Google AdSense and, if later enabled, approved ad management partners, only if you consent to advertising cookies.
  • Affiliate partners: when you click an outbound affiliate link (for example, to an online learning platform, resume builder, or career coaching service), your request is handed off to the partner site, which then collects information directly under its own privacy policy. We do not receive the data you enter on that partner site.
  • Legal and safety: courts, regulators, or counsel when required by law, to protect our rights, or to investigate fraud and abuse.

4. "Sale" and "sharing" of personal information

We do not sell personal information for money. Under CCPA/CPRA and several other state laws, the use of advertising cookies to support cross-context behavioural advertising may still be treated as "sharing" of personal information. We treat this as sharing and we offer a way to opt out at any time.

We do not knowingly sell or share personal information of consumers under 16 years of age.

To opt out of sharing: click Do Not Sell or Share My Personal Information in the footer of any page, or use the Manage cookie preferences link to turn off advertising cookies. If your browser or operating system sends a Global Privacy Control signal (see section 9), we treat that as a valid opt-out request for the current browser.

5. Cookies and similar technologies

On your first visit we show a cookie banner with three categories:

  • Essential (always on): required to render pages and to remember your own consent choice.
  • Analytics (off by default): Google Analytics 4. Google sets an anonymised identifier and records aggregate events.
  • Advertising (off by default): Google AdSense and, later, approved ad management networks. Used to support cross-context behavioural advertising. Automatically declined when a Global Privacy Control signal is present.

You can change your choice at any time by clicking Manage cookie preferences in the footer. You can also opt out of personalised Google ads at adssettings.google.com and of third-party advertising cookies at aboutads.info/choices.

6. How long we keep it

Server access logs: up to 30 days, then aggregated or deleted. Analytics data: retained by Google for up to 14 months per our property configuration. Email correspondence: retained as long as needed to respond and to keep a reasonable record, typically 24 months. Consent records (your cookie preferences): stored locally in your browser until you clear it or revoke consent.

7. California residents (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how we use it.
  • Access a copy of the personal information we hold about you.
  • Delete personal information we hold about you.
  • Correct inaccurate personal information.
  • Opt out of the "sale" or "sharing" of your personal information.
  • Limit the use of sensitive personal information (we do not collect any).
  • Non-discrimination: we will not deny you service for exercising a right.

How to exercise: send an email to [email protected] with the subject line "California privacy request" and describe which right you are exercising. We will verify your request using reasonable measures (typically by asking you to reply from an email address reasonably linked to the activity) and respond within 45 days, extendable once for an additional 45 days if needed. You may also authorise an agent to make a request on your behalf.

Categories of personal information collected in the last 12 months: identifiers, internet and electronic network activity, approximate geolocation, and, for correspondents, commercial contact information. No sensitive personal information categories are collected.

Categories disclosed for a business purpose: identifiers and internet activity to our hosting, analytics (with consent), and advertising (with consent) service providers.

Categories "sold" or "shared" in the last 12 months: we do not sell personal information. Use of advertising cookies may constitute "sharing" under CPRA. You can opt out at any time.

Shine the Light (Cal. Civ. Code §1798.83): we do not share personal information with third parties for their own direct marketing.

8. Other US state residents

If you are a resident of Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, or a state that has enacted a comprehensive consumer privacy law, you have rights that typically include: the right to know what we collect, the right to access, the right to correct (where applicable), the right to delete, the right to data portability, and the right to opt out of targeted advertising and the sale of personal information. Specifics vary by state law. To exercise any of these rights, email [email protected] with a description of your request and your state of residence. If we deny your request, we will inform you of the process to appeal the decision, as required by your state law.

9. Global Privacy Control (GPC)

We recognise the Global Privacy Control browser signal. If your browser or extension sends GPC, we treat it as a valid opt-out of the "sale" and "sharing" of personal information for that browser, without any additional action on your part. You will still see the cookie banner so you can review your remaining choices.

10. Children

The Site is not directed to children under 13 and we do not knowingly collect personal information from children under 13. We do not knowingly sell or share the personal information of minors under 16. If you believe a child has provided us with personal information, contact [email protected] and we will delete it.

11. Security

We serve all pages over HTTPS, rate-limit suspicious requests, and restrict access to operational data to a small number of individuals. No method of transmission over the internet is perfectly secure. If we become aware of a breach affecting your personal information, we will notify you as required by applicable law.

12. International users

RateOrchard is operated from Poland. The Site targets readers in the United States. If you visit from outside the US, your information may be transferred to and processed in countries with data protection laws that differ from those of your home country. By using the Site, you consent to that transfer.

13. Changes

If we materially change this policy, we will update the effective date at the top and, when the change affects how your personal information is handled, post a notice on the homepage for at least 30 days.

14. Contact

Privacy requests and questions: [email protected]. For general correspondence: [email protected].