PRIVACY POLICY
Last updated: July 11, 2026
Version: 2.3
This Policy applies to all users of the App, both in the free and Premium versions, in all countries where the App is available (Europe, South America, North America, Africa, Asia).
If you have questions, contact me at: howmuch.preventivi@gmail.com
1. WHO I AM (DATA CONTROLLER)
Alessio Di Pede
Data Controller / Controlador (LGPD) / Responsible Party (POPIA)
Email: howmuch.preventivi@gmail.com
Address: Via Flacca 1195, Terracina, 04019 Latina, Italy
Legal seat: Italy
Data Protection Officer (DPO) / Encarregado (LGPD):
Not appointed as I do not fall under the obligation of Art. 37 GDPR.
For privacy matters: howmuch.preventivi@gmail.com
I am solely responsible for decisions on how and why your data is processed.
2. WHAT DATA I COLLECT AND WHY
The processing is different for free and Premium users:
A) FOR ALL USERS (free and Premium):
- Automatic technical data: Device type, operating system, App version, anonymized IP address, usage times, functions used. This data does NOT identify you personally.
- Data for advertising (free version only): The App displays ads through Google AdMob and Meta Audience Network. To show relevant ads, the device's advertising ID (AAID/IDFA) and general usage data may be collected. Ad personalization can be disabled in your device settings.
- Device permissions:
- Storage/Photos (optional): Required to save estimate PDFs on your device and share them (WhatsApp, email, etc.) and to add a logo from the gallery or camera. Photos used as logos are NEVER uploaded to our servers or saved in the cloud; they are used only locally to generate the PDF.
B) PREMIUM USERS ONLY:
- Account: To save estimates in the cloud and sync across devices, you need to create an account with an email address. We only save the email for access.
- Estimate data (voluntarily provided by YOU): When you create an estimate and choose to save it in the cloud, the data you enter is stored on Google Firebase's secure servers (Firestore). This may include:
- Your information: First name, last name, phone number, VAT number, RUT (Chile), CUIT/CUIL (Argentina), business email, logo.
- Client information: First name, last name, phone, VAT/RUT/CUIT number, address.
- Estimate details: Services, prices, VAT, notes.
C) PREMIUM USERS ONLY (AI and Voice Assistant Features):
- Voice recordings (temporary): When you use the AI voice assistant feature, your voice is temporarily recorded and transcribed to process your request.
- Audio recordings are NOT saved and are deleted immediately after transcription
- Only the transcribed text is sent to the AI for processing
- Voice recording is activated only when the user voluntarily clicks the voice assistant activation button
- Recording is automatically stopped after 30 seconds of inactivity or when the user manually interrupts it
- Microphone (optional): Required exclusively for the AI voice assistant feature. The microphone is activated only when the user voluntarily starts voice recording. No recording is made without your explicit consent and voluntary action.
3. LEGAL BASES (WHY WE CAN PROCESS YOUR DATA)
| Purpose | What Data | Legal Basis (GDPR/LGPD/POPIA/South American Laws) |
|---|---|---|
| Provide basic functionality (create, save locally, PDF) | Technical data, storage permission | Contract performance (the App must work) - Art. 6.1.b GDPR, Art. 7 LGPD, Section 11 POPIA |
| Manage Premium account and cloud sync | Email, estimate data | Contract performance (paid Premium service) - Art. 6.1.b GDPR, Art. 7 LGPD |
| Show advertising (free version) | Advertising ID, usage data | Your consent (manageable in device settings) - Art. 6.1.a GDPR, Art. 7 LGPD, Section 11 POPIA |
| App analysis and improvement (stability, crashes) | Anonymized technical data | Legitimate interest (improving the App for everyone) - Art. 6.1.f GDPR, Art. 10 LGPD |
| Respond to support requests | Email, data you provide | Legitimate interest / pre-contractual measures - Art. 6.1.f GDPR, Section 11 POPIA |
| AI Voice Assistant (Premium feature) | Temporary voice recordings, transcribed text | Contract performance / your explicit consent at the time of use - Art. 6.1.b GDPR, Art. 7 LGPD |
4. WHO WE SHARE DATA WITH
We NEVER sell your data. We share it only with essential providers ("Data Processors"):
- Google Firebase (Google Cloud Platform): Hosts the database (Firestore) where Premium users save estimates. Servers are secure and located in the EU/US depending on the region. Google's Privacy Policy.
- Google AdMob and Meta Audience Network: To manage advertisements. Meta's Privacy Policy.
- Google Gemini API: For the AI voice assistant feature (Premium users only). Receives the transcribed text, DOES NOT receive audio recordings or personal data. Google's Privacy Policy.
- Payment stores: If you purchase Premium through the Apple App Store or Google Play Store, they handle payment data. I never receive your credit card.
- RevenueCat (optional): I may use this service to manage Premium subscriptions. RevenueCat's Privacy Policy.
With all these providers, we have contractual agreements that require them to protect your data and use it only as per our instructions.
5. ARTIFICIAL INTELLIGENCE (AI) - GOOGLE GEMINI
The App offers an optional AI analysis feature for estimates and price lists through the Google Gemini API (Google's artificial intelligence service).
What is sent to the AI:
- Prices and descriptions of jobs entered in the estimate/price list
- Industry sector detected (e.g., construction, plumbing, electrical)
- Country and currency selected by the user
- Numbers and quantities of jobs (for analysis purposes only)
What is NEVER sent to the AI:
- Personal data (name, surname, email, phone, VAT number, address)
- Client data (name, phone, address)
- Geographic coordinates or precise location
- Payment data or sensitive financial information
- Device ID or unique identifiers
- Audio recordings (only transcribed text is sent)
How it works:
- AI analysis is only for Premium users (after purchasing the subscription)
- The user must actively click the "Analyze with AI" button
- No automatic analysis is performed without your explicit consent
- Analyses are processed in real-time and are not stored by Google Gemini after processing
- Only anonymous logs (date, number of requests, success/error) are saved to improve the service
Where data is processed:
AI requests are managed through Google Cloud Functions and the Google Gemini API, which can process data on servers located in:
- United States (us-central1 region, Iowa)
- Europe (europe-west3 region, Frankfurt) - preferred for EU/EEA/UK/Switzerland users
Data transfers to the US are carried out in compliance with the Standard Contractual Clauses (SCC) of the European Commission and the EU-US Data Privacy Framework.
Limitations:
- AI analyses are limited to 5 in the first 7 days of Premium, then 50 per month
- The limit resets automatically every month
- You can see how many analyses you have left directly in the App
Disabling:
The AI feature is completely optional. If you don't want to use it, simply don't click the button. The App works normally without AI analysis.
More information:
For details on how Google manages data when you use Gemini, see:
6. INTERNATIONAL TRANSFERS
Our providers may process data in countries outside your region:
- Google (USA): Transfers are based on the Standard Contractual Clauses (SCC) of the European Commission (Decision 2021/914) and the EU-US Data Privacy Framework (adequacy decision 10.07.2023, European Commission).
- Meta (USA): Similarly based on SCC and Data Privacy Framework.
- LGPD (Brazil): Transfers are made to countries with an adequate level of protection recognized by the ANPD or with specific contractual guarantees under Arts. 33 and 34 of the LGPD.
- POPIA (South Africa): Transfers comply with the conditions of Section 72 of the POPIA Act and the authorizations of the Information Regulator.
- Argentina (Ley 25.326): Transfers comply with Decree 1558/2001 and the authorizations of the Dirección Nacional de Protección de Datos Personales.
- Chile (Ley 19.628): Transfers comply with the adequate protection standards provided by Chilean legislation.
7. DATA RETENTION (HOW LONG WE KEEP IT)
- Free users: Data saved locally remains on your device until you uninstall the App or delete the data. We do not store it.
- Premium users: Your data (email and estimates) is kept as long as you keep your account active. Upon account deletion, data is removed from our servers within:
- 30 days for GDPR and European regulations
- 15 business days for LGPD (Brazil) upon request
- Reasonable timeframe for POPIA (South Africa) and South American laws
- Voice recordings: ARE NOT stored. They are deleted immediately after transcription.
- Anonymized technical data: Kept for a maximum of 24 months for aggregate analysis.
- Data for legal obligations: Kept for the period required by the tax and commercial laws of each country (typically 5-10 years).
8. YOUR RIGHTS (GDPR, LGPD, POPIA, SOUTH AMERICAN LAWS)
Depending on your residence, you have specific rights:
| Right | Description | Response Times |
|---|---|---|
| Access (Art. 15 GDPR, Art. 18 LGPD, Sec. 23 POPIA) | Obtain a copy of your data | 30 days (GDPR) 15 days (LGPD) Reasonable time (POPIA) |
| Rectification (Art. 16 GDPR, Art. 18 LGPD) | Correct inaccurate data | Modify in App or 30 days |
| Erasure ("Right to be forgotten") (Art. 17 GDPR, Art. 18 LGPD) | Have your data deleted | 30 days (GDPR) 15 days (LGPD) |
| Restriction of processing (Art. 18 GDPR) | Temporarily suspend processing | 30 days |
| Data portability (Art. 20 GDPR, Art. 18 LGPD) | Receive your data in a structured format | 30 days |
| Objection (Art. 21 GDPR, Art. 18 LGPD) | Object to processing for legitimate reasons | Immediate in App settings |
| Withdraw consent (Art. 7 GDPR, Art. 8 LGPD) | Withdraw consent at any time | Immediate |
| Information on data (Art. 9 Ley 25.326 Argentina) | Know about the existence of databases | 5 days |
| Habeas Data (Colombia, Peru, Ecuador laws) | Constitutional rights over personal data | Specific legal deadlines |
| CCPA/CPRA (California): "Do Not Sell My Personal Information" | Right to opt-out of data sales | We don't sell data. For general opt-out: 45 days |
To exercise these rights, contact me at: howmuch.preventivi@gmail.com
We will respond to all requests within the timeframes set by applicable local law.
9. DATA SECURITY
We implement technical and organizational measures to protect your data:
- Firebase Security Rules: Access to data only for authorized users
- Encryption: Data in transit (HTTPS/TLS) and at rest (Firestore encryption)
- Limited access: Only I (Alessio Di Pede) have administrative access
- Periodic risk assessment and adequate measures
- Encrypted backups on secure servers
However, no system is 100% immune. In the event of a data breach that poses a risk to your rights:
- GDPR: Notification to the Authority within 72 hours and to you without undue delay
- LGPD: Communication to the ANPD and data subjects within a "reasonable time"
- POPIA: Notification to the Information Regulator and data subjects immediately
- Argentina: Notification to the Dirección Nacional de Protección de Datos Personales
10. COOKIES AND SIMILAR TECHNOLOGIES
The App does not use traditional cookies. We use:
- Local Storage: To save preferences and estimates locally (on your device)
- Device identifiers: For anonymous analytics (Crashlytics) and advertising (AdMob)
- Tracking pixels: Only to measure ad performance (Meta, Google)
You can manage ad personalization preferences in your device settings:
- iOS: Settings > Privacy > Tracking
- Android: Settings > Google > Ads > Reset advertising ID / Opt out of Ads Personalization
- Huawei devices: Settings > Privacy > Advertising & Privacy
11. MINORS
The App is not intended for minors according to the following minimum ages:
- EU/EEA/UK: 16 years (GDPR) or lower age if provided by Member State
- Brazil: 18 years (LGPD) or 16-17 with parental consent
- South Africa: 18 years (POPIA)
- Argentina: 18 years (Ley 25.326)
- Chile: 18 years (Ley 19.628)
- USA (COPPA): 13 years
We do not knowingly collect data from minors. If you are a parent and discover that your child has provided us with data, contact me for immediate deletion.
12. CHANGES TO THIS POLICY
I will update this Policy when necessary (regulatory changes, new features). The updated version will have a new date at the top. Significant changes will be communicated:
- Premium users: By email and in-app notification 30 days in advance
- Free users: In-app notification on next launch
- On the website: Immediate publication
I invite you to review this page periodically. Continued use of the App after changes constitutes acceptance of the new Policy.
13. CONTACTS AND SUPERVISORY AUTHORITIES
To exercise your rights or for questions:
Alessio Di Pede
Email: howmuch.preventivi@gmail.com
Address: Via Flacca 1195, Terracina, 04019 Latina, Italy
Competent data protection authorities:
- Italy: Garante per la protezione dei dati personali, Piazza di Monte Citorio n. 121, 00186 ROME (garanteprivacy.it)
- EU/EEA: Authority of your Member State (EDPB authority list)
- UK: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF (ico.org.uk)
- Brazil: Autoridade Nacional de Proteção de Dados - ANPD, Setor de Autarquias Sul, Quadra 01, Bloco C, Edifício Darcy Ribeiro, Brasília/DF (gov.br/anpd)
- South Africa: Information Regulator South Africa, JD House, 27 Stiemens Street, Braamfontein, Johannesburg (justice.gov.za/inforeg)
- Argentina: Dirección Nacional de Protección de Datos Personales, Sarmiento 1118 5º piso, C1041AAX, Ciudad Autónoma de Buenos Aires (argentina.gob.ar/aaip/datospersonales)
- Chile: Agencia de Protección de Datos Personales (in implementation phase)
- Colombia: Superintendencia de Industria y Comercio - SIC (sic.gov.co)
- Peru: Dirección General de Transparencia, Acceso a la Información Pública y Protección de Datos Personales (minjus.gob.pe)
- Switzerland: Federal Data Protection and Information Commissioner, Feldeggweg 1, CH-3003 Bern (edoeb.admin.ch)
14. HOW TO DELETE YOUR ACCOUNT AND DATA
You have the right to delete your account and all associated data at any time. Here's how:
Method 1: Deletion directly from the App (Recommended)
- Open the "How Much - Estimates" app on your device
- Go to Settings → Profile
- Tap the "Delete account" button
- Confirm your choice by entering your password (if prompted)
- The account and all associated data will be permanently deleted
Deletion timeframes:
- Data in Firebase Firestore: Immediate deletion from the database
- Firebase Authentication account: Immediate deletion
- Backups: Completely removed within 30 days
Method 2: Request by Email
If you cannot access the App, you can send a deletion request by email to:
Subject: "How Much account deletion request"
Specify the email address associated with your account in the email.
You will receive a deletion confirmation within 7 business days.
Method 3: Direct link (only for users with access to the App)
If you have configured the URL scheme in the App, you can use this link to open the deletion screen directly:
howmuch://delete-account
- Deletion is permanent and irreversible
- All estimates saved in the cloud will be deleted
- Data saved locally on your device is not automatically deleted by the App; you must delete it manually from device settings or by uninstalling the App
- The Premium subscription (if active) must be canceled separately through the Google Play Store or Apple App Store to avoid future charges
Data retention after deletion
- Aggregated anonymized data: May remain for statistical analysis, but does NOT identify you personally
- Legal obligations: Some data may be kept for a longer period if required by tax or commercial laws (e.g., for accounting), but will be anonymized
- Maximum timeframe: In any case, within 30 days of the request, all personal data will be deleted
For any issues during the deletion process, contact me at: howmuch.preventivi@gmail.com