Back to Dashboard

Privacy Policy

Effective and last updated: May 4, 2026

1. Effective Date

This Privacy Policy is effective as of May 4, 2026 and was last updated on May 4, 2026. It applies to your use of How Much+ at howmuchplus.com, the How Much+ mobile application, and any related services (collectively, the "Service"). Material changes will be communicated as described in Section 16.

2. Who We Are

The Service is operated by Search The Hull LLC, a Florida limited liability company (FL Document #L26000219318) ("we," "us," "our," "the Company"), whose mailing address is 400 N Tampa St, Ste 1550 #875509, Tampa, FL 33602, United States. You can reach us by email at:

3. Data We Collect

3.1 Account data

When you create an account (via Google Sign-In or with an email and password), we collect your email address, your first and last name (optional, used for profile display), your profile picture URL (optional, provided by Google when you use social login), account identifiers and authentication tokens, your plan status (Free or How Much+), and your account creation and last-login timestamps.

3.2 User-entered data

By default, the Service is offline-first: financial data you enter — including hourly work sessions, commission/gig jobs, passive income streams, expenses, financial goals, tax settings, and app preferences — is stored on your device's local storage (browser localStorage or device storage). When you are logged in, the Service additionally stores backup snapshots of this data on our servers so you can restore it across devices: up to 50 backups for 3 months on the Free plan, up to 200 backups for 16 months on the How Much+ plan.

3.3 Technical data

When you access the Service, our servers automatically collect technical information including your IP address, browser type and version, device type, operating system, referring URL, pages visited, and timestamps. When you accept our Terms of Service we additionally log your user ID, the version of the Terms accepted, your IP address, and your browser's User-Agent string as a record of your agreement.

3.4 Cookies and analytics data

The Service uses cookies and similar technologies for authentication, analytics (Google Analytics), and on the website only, advertising (Google AdSense). The full breakdown of cookie categories is in Section 8.

3.5 Payment data

We do not directly collect, store, or process credit card numbers, bank account details, or other payment credentials. Payments for the How Much+ lifetime plan ($9.99 USD) and the optional GPS Auto Clock add-on ($1.99 USD/month) are processed by Stripe, Inc. We receive only a payment confirmation, your Stripe customer identifier, and (for the GPS add-on) the subscription status (active / canceled / past due).

3.6 Location data (GPS Auto Clock — opt-in)

The GPS Auto Clock feature is strictly opt-in and requires both the GPS Auto Clock subscription and your explicit OS-level location permission. While enabled, the Service reads latitude, longitude, accuracy, and timestamp only to determine whether you are inside a work site boundary you defined. Raw coordinates are stored locally on your device and are not transmitted to our servers; only the resulting work session (start, end, site name) may be synced as part of your cloud backup. Location data is never shared with advertisers, analytics providers, or data brokers.

3.7 Receipt images (AI Receipt Scanner — opt-in)

When you choose to scan a receipt, that image is sent over an encrypted connection to OpenAI's API solely to extract the merchant, amount, and line items. We do not retain the image after extraction completes, and we do not use receipt images to train any AI model.

3.8 AI chat content (House Worker / Monty)

When you message the in-app AI assistant, the text of your message and recent conversation context is transmitted to Anthropic, PBC over an encrypted connection to generate a reply. We do not send your account email, financial records, location, or receipt images to the assistant — only the chat text you type. Conversation history is stored locally (up to 60 messages) and is cleared when you tap "Clear chat".

4. How We Collect Your Data

We collect data in three ways: (a) directly from you, when you register, enter financial information, message the AI assistant, scan a receipt, or contact support; (b) automatically, through cookies, server logs, and the Service's runtime telemetry; and (c) from third-party scripts embedded in the Service (Google Analytics, Google AdSense on the website, and Google Sign-In if you use it to authenticate). We do not buy or rent personal information from data brokers.

5. Why We Collect Your Data

  • Provide the Service. Authenticate you, store and restore your cloud backups, verify your How Much+ plan status, process the optional GPS add-on, generate receipt extractions and AI assistant replies, and deliver the educational articles.
  • Analytics. Understand aggregate usage patterns, diagnose technical issues, and improve the Service.
  • Advertising (website only). Display Google AdSense ads that fund the free tier.
  • Legal compliance. Comply with legal obligations, enforce our Terms of Service, respond to lawful requests, and protect our rights and the rights of our users.
  • Security. Detect, prevent, and respond to fraud, abuse, and security incidents.
  • Communication. Send important service announcements, security alerts, and account-related notifications via Resend.

6. Legal Bases for Processing (GDPR Article 6)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we rely on the following legal bases under Article 6 of the General Data Protection Regulation:

  • Performance of a contract (Art. 6(1)(b)) — for account creation, login, cloud backup, the How Much+ purchase, the GPS add-on subscription, AI assistant replies, and receipt extraction.
  • Legitimate interests (Art. 6(1)(f)) — for security monitoring, fraud prevention, server logs, aggregate analytics, and improving the Service. You may object at any time using the contact in Section 15.
  • Consent (Art. 6(1)(a)) — for non-essential cookies, personalized advertising, and any optional processing presented through our consent banner. You may withdraw your consent at any time through the cookie banner or your browser settings without affecting the lawfulness of prior processing.
  • Legal obligation (Art. 6(1)(c)) — for tax and accounting records, responses to lawful regulatory or law-enforcement requests, and retention of Terms-of-Service acceptance records.

7. Third Parties We Share Data With

We do not sell, rent, or trade your personal information. We share information only with the service providers listed below and only to the extent needed to deliver the Service:

  • Google LLC — Sign-In (authentication), Analytics (anonymized usage statistics), AdSense (advertising on the website only), and Tag Manager (script delivery). Privacy: policies.google.com/privacy.
  • Resend, Inc. — transactional email delivery (account verification, password reset, security alerts, support replies). Privacy: resend.com/legal/privacy-policy.
  • Replit, Inc. — hosting infrastructure for the Service. Privacy: replit.com/site/privacy.
  • Stripe, Inc. — payment processing for the How Much+ lifetime plan and the GPS Auto Clock subscription. Privacy: stripe.com/privacy.
  • Anthropic, PBC — Claude API for the in-app AI assistant. Privacy: anthropic.com/legal/privacy.
  • OpenAI, L.L.C. — image API for the optional Receipt Scanner. Privacy: openai.com/policies/privacy-policy.
  • Legal & safety. We may disclose information when required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business transfers. In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a materially different privacy policy.

Google API Limited Use Disclosure. Information received from Google APIs (your Google email, name, and profile picture) is used solely to authenticate you and populate your profile. It is never used for advertising, profiling, or sold to third parties. How Much+'s use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

8. Cookies Disclosure

The Service uses the following categories of cookies. Essential cookies are always on because the Service cannot function without them. Analytics and Advertising cookies are set only after you give consent through our cookie banner, and you can withdraw consent at any time.

CategoryPurposeProviderStatus
EssentialAuthentication session (sid), OIDC login flow (code_verifier, nonce, state), CSRF protection.How Much+Always on (required for the Service to work).
AnalyticsAnonymized usage measurement (pages visited, time on page, device type, general region) via cookies such as _ga and _gid.Google AnalyticsOn with consent. Off by default in regions that require opt-in.
AdvertisingPersonalized ads served on the website to fund the free tier; may include cross-site identifiers used by AdSense and its partners.Google AdSense (web only)On with consent. Off by default in regions that require opt-in. The mobile app does not display third-party ads.

You can also opt out of Google Analytics with the Google Analytics Opt-out Browser Add-on and out of personalized advertising via Google Ad Settings or aboutads.info.

9. International Data Transfers

We are based in the United States, and our service providers (including Google, Stripe, Resend, Replit, Anthropic, and OpenAI) primarily process data in the United States. If you access the Service from outside the United States, your information will be transferred to, stored in, and processed in the United States. Where the transfer involves personal data of EEA, United Kingdom, or Swiss residents, we rely on the European Commission's Standard Contractual Clauses (SCCs) as the lawful transfer mechanism, supplemented where required by additional safeguards. By using the Service from outside the United States, you understand and consent to the transfer of your data to the United States.

10. Data Retention

  • Account data — retained while your account is active and for up to 90 days after closure, after which it is deleted, except where retention is required by law (for example, tax records) or for legitimate business purposes.
  • Cloud backups — Free accounts: up to 50 backups for 3 months. How Much+ accounts: up to 200 backups for 16 months. Backups beyond these limits are automatically pruned.
  • Local data on your device — remains on your device until you clear it (via "Clear All Data" in Settings) or clear your browser/app storage. We have no access to or control over locally-stored data.
  • Server logs (technical data) — retained for up to 90 days for security and diagnostic purposes, then deleted or anonymized.
  • Analytics data — retained per Google Analytics' configured retention window.
  • Terms-of-Service acceptance records — retained as a legal record for as long as your account is active.
  • Receipt images and AI chat content — receipt images are not retained after extraction; chat history is stored locally and cleared when you tap "Clear chat".

11. Security

We implement reasonable administrative, technical, and physical safeguards to protect your information. All communication between your device and our servers is encrypted in transit using HTTPS / TLS. Cloud backup data and account data are encrypted at rest by our hosting and database providers. Authentication tokens are stored as HTTP-only, secure cookies that cannot be read by client-side scripts; passwords are hashed using bcrypt with industry-standard salt rounds; and access to production systems is restricted by role-based access controls and multi-factor authentication. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

12. Children's Privacy

The Service is not directed to children under 13 years of age (or under 16 in the EEA, where applicable). We do not knowingly collect personal information from children. Any account that we discover, or are notified, belongs to a user under 13 will be terminated and the associated personal information promptly deleted. If you believe a child has provided us with personal information, please contact us immediately at privacy@howmuchplus.com.

13. Your Rights

13.1 EEA / UK / Swiss residents (GDPR / UK GDPR)

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate or incomplete data.
  • Erasure ("right to be forgotten") — request deletion, subject to legal exceptions.
  • Restriction — ask us to limit processing in certain circumstances.
  • Portability — receive your data in a structured, commonly-used, machine-readable format.
  • Objection — object to processing based on legitimate interests, including for direct marketing.
  • Withdraw consent — at any time, without affecting the lawfulness of prior processing.
  • Lodge a complaint with your local data protection authority.

13.2 California residents (CCPA / CPRA)

  • Right to know what personal information we collect, use, disclose, and share.
  • Right to delete personal information we have collected from you.
  • Right to correct inaccurate personal information.
  • Right to opt out of the sale or sharing of personal information for cross-context behavioral advertising — see Section 14.
  • Right to limit the use of sensitive personal information to what is necessary to deliver the Service.
  • Right to non-discrimination for exercising your privacy rights.

14. Do Not Sell or Share My Personal Information

We do not sell your personal information for money. However, under the broad definitions of "sale" and "share" in the California Consumer Privacy Act (CCPA / CPRA), the use of Google AdSense on the website may be considered a "share" of personal information for cross-context behavioral advertising, because AdSense and its partners may use device identifiers, IP addresses, and browsing signals to personalize ads. The mobile app does not display third-party ads and does not engage in any such sharing.

How to opt out. You can opt out of personalized advertising at any time through the following mechanisms; we will honor each one:

  • Click "Reject" or "Manage cookies" in our cookie banner — this updates Google's Consent Mode to disable advertising and analytics cookies.
  • Visit Google's Ad Settings to disable personalized ads on Google services and partner sites.
  • Use the IAB Multi-State Privacy Agreement Global Privacy Control (GPC) signal in your browser. We honor a valid GPC signal as a request to opt out of "sale" and "sharing" under the CCPA.
  • Email privacy@howmuchplus.com to request that we exclude your account from advertising-related data sharing on our side.

15. How to Exercise Your Rights

To exercise any of the rights described in Sections 13 and 14, email privacy@howmuchplus.com from the email address associated with your account, or include enough information in your request for us to verify your identity. We will respond within 30 days (or sooner if required by applicable law). For California requests, you may designate an authorized agent to act on your behalf, in which case we will require written authorization and may verify directly with you. We will not discriminate against you for exercising your privacy rights.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Effective and last updated" date at the top of this page and, for material changes, take reasonable steps to notify active users (for example, by posting a prominent notice in the Service or by sending an email to the address associated with your account). Your continued use of the Service after the effective date constitutes your acceptance of the updated Privacy Policy.

17. Contact

If you have any questions about this Privacy Policy, please use the appropriate contact below:

Key takeaway: Your financial data stays on your device by default. If you create an account, we back it up so you don't lose it across devices. We don't sell your personal information; on the website we use Google AdSense to fund the free tier, which may count as "sharing" under California law — see Section 14 to opt out. The mobile app shows no third-party ads. This document is not legal advice.