Effective and last updated: May 4, 2026
This Privacy Policy is effective as of May 4, 2026 and was last updated on May 4, 2026. It applies to your use of How Much+ at howmuchplus.com, the How Much+ mobile application, and any related services (collectively, the "Service"). Material changes will be communicated as described in Section 16.
The Service is operated by Search The Hull LLC, a Florida limited liability company (FL Document #L26000219318) ("we," "us," "our," "the Company"), whose mailing address is 400 N Tampa St, Ste 1550 #875509, Tampa, FL 33602, United States. You can reach us by email at:
3.1 Account data
When you create an account (via Google Sign-In or with an email and password), we collect your email address, your first and last name (optional, used for profile display), your profile picture URL (optional, provided by Google when you use social login), account identifiers and authentication tokens, your plan status (Free or How Much+), and your account creation and last-login timestamps.
3.2 User-entered data
By default, the Service is offline-first: financial data you enter — including hourly work sessions, commission/gig jobs, passive income streams, expenses, financial goals, tax settings, and app preferences — is stored on your device's local storage (browser localStorage or device storage). When you are logged in, the Service additionally stores backup snapshots of this data on our servers so you can restore it across devices: up to 50 backups for 3 months on the Free plan, up to 200 backups for 16 months on the How Much+ plan.
3.3 Technical data
When you access the Service, our servers automatically collect technical information including your IP address, browser type and version, device type, operating system, referring URL, pages visited, and timestamps. When you accept our Terms of Service we additionally log your user ID, the version of the Terms accepted, your IP address, and your browser's User-Agent string as a record of your agreement.
3.4 Cookies and analytics data
The Service uses cookies and similar technologies for authentication, analytics (Google Analytics), and on the website only, advertising (Google AdSense). The full breakdown of cookie categories is in Section 8.
3.5 Payment data
We do not directly collect, store, or process credit card numbers, bank account details, or other payment credentials. Payments for the How Much+ lifetime plan ($9.99 USD) and the optional GPS Auto Clock add-on ($1.99 USD/month) are processed by Stripe, Inc. We receive only a payment confirmation, your Stripe customer identifier, and (for the GPS add-on) the subscription status (active / canceled / past due).
3.6 Location data (GPS Auto Clock — opt-in)
The GPS Auto Clock feature is strictly opt-in and requires both the GPS Auto Clock subscription and your explicit OS-level location permission. While enabled, the Service reads latitude, longitude, accuracy, and timestamp only to determine whether you are inside a work site boundary you defined. Raw coordinates are stored locally on your device and are not transmitted to our servers; only the resulting work session (start, end, site name) may be synced as part of your cloud backup. Location data is never shared with advertisers, analytics providers, or data brokers.
3.7 Receipt images (AI Receipt Scanner — opt-in)
When you choose to scan a receipt, that image is sent over an encrypted connection to OpenAI's API solely to extract the merchant, amount, and line items. We do not retain the image after extraction completes, and we do not use receipt images to train any AI model.
3.8 AI chat content (House Worker / Monty)
When you message the in-app AI assistant, the text of your message and recent conversation context is transmitted to Anthropic, PBC over an encrypted connection to generate a reply. We do not send your account email, financial records, location, or receipt images to the assistant — only the chat text you type. Conversation history is stored locally (up to 60 messages) and is cleared when you tap "Clear chat".
We collect data in three ways: (a) directly from you, when you register, enter financial information, message the AI assistant, scan a receipt, or contact support; (b) automatically, through cookies, server logs, and the Service's runtime telemetry; and (c) from third-party scripts embedded in the Service (Google Analytics, Google AdSense on the website, and Google Sign-In if you use it to authenticate). We do not buy or rent personal information from data brokers.
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we rely on the following legal bases under Article 6 of the General Data Protection Regulation:
We do not sell, rent, or trade your personal information. We share information only with the service providers listed below and only to the extent needed to deliver the Service:
Google API Limited Use Disclosure. Information received from Google APIs (your Google email, name, and profile picture) is used solely to authenticate you and populate your profile. It is never used for advertising, profiling, or sold to third parties. How Much+'s use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
The Service uses the following categories of cookies. Essential cookies are always on because the Service cannot function without them. Analytics and Advertising cookies are set only after you give consent through our cookie banner, and you can withdraw consent at any time.
| Category | Purpose | Provider | Status |
|---|---|---|---|
| Essential | Authentication session (sid), OIDC login flow (code_verifier, nonce, state), CSRF protection. | How Much+ | Always on (required for the Service to work). |
| Analytics | Anonymized usage measurement (pages visited, time on page, device type, general region) via cookies such as _ga and _gid. | Google Analytics | On with consent. Off by default in regions that require opt-in. |
| Advertising | Personalized ads served on the website to fund the free tier; may include cross-site identifiers used by AdSense and its partners. | Google AdSense (web only) | On with consent. Off by default in regions that require opt-in. The mobile app does not display third-party ads. |
You can also opt out of Google Analytics with the Google Analytics Opt-out Browser Add-on and out of personalized advertising via Google Ad Settings or aboutads.info.
We are based in the United States, and our service providers (including Google, Stripe, Resend, Replit, Anthropic, and OpenAI) primarily process data in the United States. If you access the Service from outside the United States, your information will be transferred to, stored in, and processed in the United States. Where the transfer involves personal data of EEA, United Kingdom, or Swiss residents, we rely on the European Commission's Standard Contractual Clauses (SCCs) as the lawful transfer mechanism, supplemented where required by additional safeguards. By using the Service from outside the United States, you understand and consent to the transfer of your data to the United States.
We implement reasonable administrative, technical, and physical safeguards to protect your information. All communication between your device and our servers is encrypted in transit using HTTPS / TLS. Cloud backup data and account data are encrypted at rest by our hosting and database providers. Authentication tokens are stored as HTTP-only, secure cookies that cannot be read by client-side scripts; passwords are hashed using bcrypt with industry-standard salt rounds; and access to production systems is restricted by role-based access controls and multi-factor authentication. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
The Service is not directed to children under 13 years of age (or under 16 in the EEA, where applicable). We do not knowingly collect personal information from children. Any account that we discover, or are notified, belongs to a user under 13 will be terminated and the associated personal information promptly deleted. If you believe a child has provided us with personal information, please contact us immediately at privacy@howmuchplus.com.
13.1 EEA / UK / Swiss residents (GDPR / UK GDPR)
13.2 California residents (CCPA / CPRA)
We do not sell your personal information for money. However, under the broad definitions of "sale" and "share" in the California Consumer Privacy Act (CCPA / CPRA), the use of Google AdSense on the website may be considered a "share" of personal information for cross-context behavioral advertising, because AdSense and its partners may use device identifiers, IP addresses, and browsing signals to personalize ads. The mobile app does not display third-party ads and does not engage in any such sharing.
How to opt out. You can opt out of personalized advertising at any time through the following mechanisms; we will honor each one:
To exercise any of the rights described in Sections 13 and 14, email privacy@howmuchplus.com from the email address associated with your account, or include enough information in your request for us to verify your identity. We will respond within 30 days (or sooner if required by applicable law). For California requests, you may designate an authorized agent to act on your behalf, in which case we will require written authorization and may verify directly with you. We will not discriminate against you for exercising your privacy rights.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Effective and last updated" date at the top of this page and, for material changes, take reasonable steps to notify active users (for example, by posting a prominent notice in the Service or by sending an email to the address associated with your account). Your continued use of the Service after the effective date constitutes your acceptance of the updated Privacy Policy.
If you have any questions about this Privacy Policy, please use the appropriate contact below:
Key takeaway: Your financial data stays on your device by default. If you create an account, we back it up so you don't lose it across devices. We don't sell your personal information; on the website we use Google AdSense to fund the free tier, which may count as "sharing" under California law — see Section 14 to opt out. The mobile app shows no third-party ads. This document is not legal advice.