Who Controls Your Information

Howtomanual operates howtomanual.com and determines how your details are managed. When you interact with our budget management platform, we become responsible for protecting what you share.

Our physical location: 1521 Old Bayshore Hwy, Burlingame, CA 94010, United States. Questions reach us through info@howtomanual.com or by calling +19127649983.

Information That Enters Our System

Different interactions lead to different records. Some arrive directly from you. Others get generated automatically as you navigate our platform.

Account Creation Records

Starting an account requires basics: your name identifies you in our system. Email addresses provide our primary contact channel. Passwords (which we encrypt immediately) secure your access. Company names help contextualize your budget management needs.

Project Details You Enter

Budget management means numbers. You input project names, financial allocations, spending categories, team member assignments, and timeline parameters. These details form the core of what our platform does for you.

Technical Operation Data

Our servers automatically log certain technical elements when you visit. IP addresses show where connections originate. Browser types and operating systems help us optimize interface compatibility. Session timestamps reveal usage patterns that guide our development priorities.

Payment Transaction Records

Subscription billing creates financial records. We retain transaction dates, amounts paid, and payment method indicators (like last four card digits). Full payment card numbers never reach our servers—third-party processors handle those directly.

Why This Information Gets Collected

Every piece serves specific functions. Nothing gets gathered without operational justification.

Information Type	Primary Purpose	Secondary Functions
Account credentials	Platform access control	Security monitoring, account recovery
Project financial data	Budget tracking calculations	Report generation, spending analysis
Usage patterns	Interface optimization	Feature prioritization, performance tuning
Payment records	Subscription management	Invoice generation, renewal processing
Communication history	Support ticket resolution	Service quality assessment

Contract fulfillment forms our legal basis for most processing activities. You sign up for budget management services—we need relevant details to deliver them. Some processing relies on legitimate business interests, like preventing fraud or improving platform security. Where required by law, we obtain explicit consent before processing begins.

How Your Records Get Managed

Once information arrives, various operations begin. These vary considerably based on what you're doing at any given moment.

Service Delivery Operations

Your budget data gets calculated, aggregated, and displayed in real-time dashboards. Team permissions get checked against access rules. Export functions pull specific records when you generate reports. Notification systems reference your communication preferences before sending alerts.

Internal Quality Processes

Anonymized usage metrics help our product team identify which features deserve enhancement. Support staff review conversation histories when addressing your questions. Security specialists analyze login patterns to detect unusual activity that might signal unauthorized access attempts.

Automated Versus Manual Handling

Most operations happen automatically through software processes. Database queries retrieve your project information when you log in. Calculation engines process your budget allocations without human involvement. Backup systems copy encrypted records to redundant storage locations.

Human access occurs selectively. Support agents view account details only when resolving your specific tickets. Development staff work with anonymized datasets that strip identifying elements. Financial personnel see transaction summaries during billing reconciliation, not detailed account activity.

Information Sharing Boundaries

Your details primarily stay within our organizational boundaries. Certain operational necessities require limited external sharing under strict constraints.

Essential Service Providers

Infrastructure hosting requires data center partnerships. Our servers physically reside in facilities operated by Amazon Web Services, located in the United States. Payment processing flows through Stripe, which handles transaction authorization without exposing full card numbers to us. Email delivery relies on SendGrid to transmit account notifications and platform updates.

Each provider operates under contractual obligations. Data processing agreements specify permitted uses, mandate security standards, and prohibit unauthorized disclosure. These relationships exist solely to support service functionality—providers cannot repurpose your information for their independent business interests.

Legal Compliance Scenarios

Court orders occasionally compel disclosure. Subpoenas issued through proper legal channels get evaluated by counsel, then fulfilled to the extent legally required. Law enforcement requests undergo similar scrutiny—we verify legitimacy and narrow scope before responding.

Regulatory obligations sometimes mandate reporting. Tax authorities may require transaction summaries. Financial regulators could request audit trails for specific accounts. These disclosures remain strictly limited to what statutes explicitly demand.

Business Transition Circumstances

Should Howtomanual merge with another entity or get acquired, your records would transfer to the successor organization. Such transitions maintain existing privacy commitments—the acquiring party inherits our obligations to protect your details under terms substantially similar to these.

Protection Measures We Implement

Security layers surround your records throughout their lifecycle in our systems.

• Encryption applies during transmission—TLS protocols scramble data traveling between your browser and our servers, preventing interception.
• Passwords undergo one-way hashing immediately upon receipt. We store mathematical representations, not readable text. Even our administrators cannot retrieve your actual password.
• Database access requires authentication. Staff members receive credentials only for systems their roles necessitate. Activity logs track who accessed what and when.
• Network perimeters employ firewalls configured to block unauthorized connection attempts. Intrusion detection systems monitor traffic patterns for suspicious behavior.
• Regular backups create recovery points. These encrypted copies reside in geographically separate locations, protecting against data loss from hardware failure or localized incidents.
• Vulnerability assessments happen quarterly. External security specialists probe our infrastructure for weaknesses, which we remediate according to severity classifications.

Despite these precautions, absolute security doesn't exist. Determined attackers sometimes breach even well-defended systems. Insider threats occasionally emerge despite screening processes. Technical failures can expose information despite redundant safeguards. We work diligently to minimize these risks, understanding complete elimination remains impossible.

How Long Records Persist

Different information types follow different retention schedules based on operational and legal requirements.

Active Account Duration

While your subscription remains current, we maintain complete records. All project data, transaction history, and account settings stay accessible. This enables full platform functionality and ensures continuity across sessions.

Post-Cancellation Periods

Account closure triggers staged deletion. Project details and financial records enter a 90-day grace period, allowing subscription renewal if you change your mind. After this window closes, we purge detailed operational data from production systems.

Certain elements persist longer due to legal obligations. Transaction summaries required for tax compliance remain for seven years, matching IRS record-keeping mandates. Support communications that might relate to disputes stay until applicable statutes of limitation expire, typically three to four years depending on claim type.

Backup Retention

Deleted information lingers temporarily in backup archives. Our recovery systems maintain snapshots for 60 days beyond deletion dates. This protects against accidental removal but delays complete erasure. Once backup cycles conclude, records disappear entirely from our infrastructure.

Your Control Mechanisms

Multiple options let you manage what we hold and how we handle it.

Access and Portability

Request copies of your records anytime. We'll compile available information into structured formats within 30 days of receiving verified requests. This includes account details, project data, and communication logs associated with your profile.

Export functions built into the platform let you download project information directly. CSV and JSON formats support transfer to other systems if you decide to switch providers.

Correction Rights

Inaccurate records get fixed upon notification. Most account details can be updated directly through platform settings. Financial information or system-generated logs require support tickets—our staff will make necessary corrections after verifying the requested changes.

Deletion Requests

Ask us to remove your information entirely. Complete account deletion erases all project data, personal details, and associated records from active systems, subject to the retention schedules described earlier.

Some limitations apply. Financial records we're legally required to maintain cannot be deleted until retention periods expire. Information involved in ongoing disputes stays accessible until matters resolve. Anonymized datasets already stripped of identifying elements fall outside deletion scope since they no longer relate to you specifically.

Processing Restrictions

Object to specific handling activities. If you dispute information accuracy, we'll pause processing while verifying correctness. Legal claims involving your account can trigger holds that preserve records until proceedings conclude.

How to Exercise These Rights

Email info@howtomanual.com with specific requests. Include your account email and describe which rights you're invoking. We verify identity before fulfilling requests—this protects against unauthorized access disguised as privacy inquiries.

Most requests get processed within 30 days. Complex compilations might require 60 days, about which we'll notify you. Requests we cannot fulfill receive explanations detailing legal or technical constraints preventing compliance.

Geographic Considerations

Our infrastructure resides primarily in the United States. Information you provide gets processed and stored on American servers, subject to US legal frameworks and government access powers.

Users outside the United States should understand that their details will transfer internationally. European users receive protections under GDPR despite this transfer—we maintain processing standards that satisfy adequacy requirements and provide mechanisms for exercising EU-specific rights.

California residents gain additional rights under CCPA. You can request disclosure of specific information categories we've gathered, sold, or shared about you over the previous 12 months. California law also grants deletion rights beyond federal baseline protections. Contact us using the details provided earlier to invoke these state-specific options.

Age Restrictions

Howtomanual serves business customers, not children. We don't knowingly gather information from anyone under 18 years old. Our platform isn't designed for minors, and our terms prohibit underage account creation.

Should we discover a minor has provided details, we'll delete them promptly upon verification. Parents or guardians who believe their child has created an account should contact us immediately for removal.

Policy Modifications

Business evolution occasionally necessitates privacy practice updates. New features might require different data handling. Legal changes could mandate adjusted procedures. Technology shifts may introduce alternative protection methods.

When substantive changes occur, we'll notify active account holders via email at least 30 days before new terms take effect. The date at this document's top indicates the most recent revision. Continued platform use after notification periods constitute acceptance of modified terms.

Material changes that expand our handling activities beyond original purposes will prompt requests for renewed consent where legally required. You maintain the option to decline by closing your account before new terms activate.