Privacy Policy

Last Updated: May 20, 2026
Last Reviewed: May 20, 2026

Rocky Mountain Logic LLC, d/b/a More Van Less Money ("we," "us," or "our"), respects your privacy. This Privacy Policy explains what personal information we collect, how we use it, our lawful bases for processing, who we share it with, how long we keep it, and your rights — including under the EU GDPR, UK GDPR, and the California Consumer Privacy Act / California Privacy Rights Act (collectively "CCPA").

We are the data controller for the personal information described below. Contact us at privacy@morevanlessmoney.com with any privacy question or request.

1. Information We Collect

Account information (optional).

If you choose to sign in with Google or GitHub, we receive your name, email address, profile picture, and a stable account identifier from your authentication provider. Sign-in is entirely optional and used only to sync your build-plan data across devices.

Build-plan data.

If you sign in, your electrical plan selections, water plan, build-tracker line items, weight inputs, and other planner state are stored so you can access them across devices. This data is associated with your account identifier or email.

Interactive-tool inputs (anonymous use).

Even without signing in, when you use our interactive tools we may receive your inputs server-side in the following cases:

  • Share links and Open-Graph (preview) images. Our tools encode your configuration in the URL query string so you can copy a shareable link. When that URL (or any tool-page URL with query parameters) is requested, our serverless Open-Graph endpoint may render a preview image using the same parameters. Server-side rendering happens at Vercel; logs and image cache may briefly include the parameter values you entered.
  • QR codes on printed label sheets. When you print Avery-style wire labels, each QR code encodes the same share-link URL. Anyone who scans the QR can resolve it to the corresponding planner view, and the resulting page request flows through our infrastructure like any other visit.

We do not associate tool inputs with a specific person unless you are signed in.

Newsletter subscription.

If you subscribe to our newsletter, your email address is shared with Kit (formerly ConvertKit), our email-service provider, to manage your subscription. You can unsubscribe at any time from a link in any newsletter email.

Contact / consulting inquiries.

If you contact us through a form or via email, we collect the information you submit (name, email, message) and any attachments. We use this only to respond to your inquiry and to provide the requested service.

Analytics data.

We use Google Analytics 4 (GA4) to understand how visitors use the site (pages visited, time on site, browser type, general geographic region). GA4 uses cookies. We do not send your name, email, or account identifier to GA4, and we have not enabled the User-ID feature; Google may still process your IP address to determine general location, in line with their default GA4 behavior. If we detect that you may be located in the EU, UK, or another region where prior consent for non-essential cookies is required by law, GA4 does not load until you accept it via our cookie banner.

Server logs and rate limiting.

Our hosting platform (Vercel) and rate-limiting service (Upstash) automatically record IP addresses, user-agent strings, request paths, and timing of requests, for security, abuse prevention, and operational diagnostics. IP addresses used for rate limiting are stored short-term and are not joined to your account.

What we do not collect.

We do not collect government identifiers (SSN, driver license), financial-account or payment-card data (any future paid service would route through a third-party processor that we do not control), precise geolocation, biometric data, or special-category data under GDPR Art. 9. We do not knowingly collect personal information from children under 13.

2. How We Use Personal Information

  • To authenticate your account and sync your build-plan data
  • To render shareable tool outputs (preview images, share links, QR codes)
  • To send you newsletter emails if you have subscribed
  • To respond to your contact or consulting inquiries
  • To analyze how the site is used and improve our content
  • To detect, prevent, and respond to abuse, fraud, and security incidents
  • To comply with our legal obligations and enforce our Terms

3. Legal Bases for Processing (GDPR / UK GDPR)

If you are located in the EU, UK, or another jurisdiction with similar requirements, the lawful bases on which we rely (GDPR Art. 6) are:

  • Performance of a contract (Art. 6(1)(b)): Providing the Services to you, including authenticating you, syncing your build plan, and delivering newsletter content you have requested.
  • Consent (Art. 6(1)(a)): Loading non-essential cookies (analytics) and sending marketing email. You may withdraw consent at any time.
  • Legitimate interests (Art. 6(1)(f)): Operating, securing, and improving the Services; preventing abuse and fraud; rendering shareable tool outputs you generate; responding to your inquiries. Where we rely on legitimate interests we have considered your rights and freedoms and concluded our interests are not overridden.
  • Legal obligation (Art. 6(1)(c)): Complying with applicable laws and lawful regulatory requests.

4. Third-Party Processors and Recipients

We use the following third-party services that may process your personal information on our behalf:

  • Google — authentication (OAuth), Google Analytics 4 (analytics)
  • GitHub — authentication (OAuth)
  • Vercel — hosting, edge functions, key-value storage (Vercel KV), Open-Graph image rendering
  • Kit (ConvertKit) — newsletter email delivery
  • Upstash — rate limiting

Each of these processors has its own privacy practices and policies. We do not sell or rent your personal information to any third party. We share data with the providers above only to the extent necessary to provide our Services, in accordance with their roles as processors.

5. International Data Transfers

We are based in the United States. Our hosting (Vercel), rate-limiting (Upstash), analytics (Google), authentication (Google, GitHub), and email (Kit) providers are also primarily based in or operate infrastructure in the United States. If you access the Services from the EU, UK, Switzerland, or another jurisdiction with cross-border restrictions, your personal information will be transferred to and processed in the United States.

For transfers from the EU, UK, or Switzerland, we rely on the European Commission's Standard Contractual Clauses (SCCs) and, where applicable, the UK's International Data Transfer Addendum, with our processors. You may request a copy of the relevant safeguards by contacting privacy@morevanlessmoney.com.

6. Cookies and Similar Technologies

We use the following categories of cookies and local-storage values:

  • Strictly necessary — authentication, session cookies, security tokens, and the localStorage values used to remember your tool-acceptance acknowledgment, share-link / label-sheet privacy acknowledgments, and your saved planner state. These are required for the Services to function and are not subject to consent.
  • Analytics (non-essential) — Google Analytics 4 cookies (_ga, _ga_*) used to distinguish users and aggregate site usage. Loaded only after you affirmatively accept the cookie banner, where the banner is shown.

You can control cookies through your browser settings. Disabling strictly-necessary cookies will affect your ability to sign in and use the tools. You can also opt out of Google Analytics via the Google Analytics Opt-out Browser Add-on.

7. Data Retention

  • Account & build-plan data: retained while your account is active; deleted within 30 days of your deletion request or account closure (longer only where retained for legal-obligation or dispute-resolution purposes).
  • Newsletter subscription: retained by Kit until you unsubscribe; we keep a suppression-list record after unsubscribe to honor your opt-out.
  • Contact / consulting correspondence: retained for up to 36 months for service-quality, follow-up, and dispute-resolution purposes; longer where legally required.
  • Analytics data: retained according to Google Analytics' default retention setting (we set this to 14 months).
  • Server logs / rate-limit counters: 30 days or less, except where retained longer for security investigations.
  • Tool inputs encoded in URLs: not separately retained — they exist only as part of the request URL and any short-term cache of the rendered Open-Graph image.

8. Your Rights

If you are in the EU, UK, EEA, or Switzerland:

You have the right to (a) access the personal information we hold about you and receive a copy in a portable format; (b) correct inaccurate or incomplete personal information; (c) request deletion ("right to be forgotten"); (d) restrict or object to processing; (e) data portability; (f) withdraw consent at any time without affecting the lawfulness of prior processing; and (g) lodge a complaint with your local supervisory authority. You can find your supervisory authority via the EDPB's list (edpb.europa.eu) or, in the UK, the ICO (ico.org.uk).

If you are a California resident (CCPA / CPRA):

You have the right to (a) know what personal information we collect, use, disclose, sell, or share; (b) access and receive a copy of the personal information we hold about you; (c) correct inaccurate personal information; (d) delete personal information we collected from you (subject to statutory exceptions); (e) opt out of any "sale" or "sharing" (as those terms are defined under California law) of your personal information; (f) limit the use of sensitive personal information; and (g) be free from retaliation for exercising your rights.

We do not sell or share personal information as those terms are defined under the CCPA. See our dedicated Do Not Sell or Share My Personal Information notice for details on how to exercise this right anyway, including by authorized agent.

All users:

  • You can unsubscribe from newsletter emails at any time using the unsubscribe link in any newsletter.
  • You can opt out of Google Analytics using the browser add-on linked above, or by rejecting analytics in the cookie banner where shown.
  • You can ask us to delete your account and build-plan data by emailing privacy@morevanlessmoney.com.

9. How to Exercise Your Rights

To exercise any of the rights described above, email privacy@morevanlessmoney.com with:

  • The right you wish to exercise (access, correction, deletion, opt-out, etc.)
  • Enough information for us to identify your records (e.g., the email address you signed in with, the email address of your newsletter subscription)
  • If the request comes from an authorized agent, written permission signed by you

We will respond within the timeframes required by applicable law (generally within 30 days for GDPR; within 45 days, extendable once by 45 days, for CCPA). We will verify your identity in a manner proportionate to the sensitivity of the request and our risk of disclosing data to an unauthorized party. We do not charge a fee for reasonable requests, and we will not retaliate against you for exercising your rights.

10. Security and Breach Notification

We take reasonable technical and organizational measures to protect your personal information, including encrypted transport (HTTPS/TLS), secure authentication via OAuth providers, scoped access controls on our data stores, rate limiting, and standard secret-management practices. No system is perfectly secure, and we cannot guarantee absolute security.

If we determine that a security incident has compromised your personal information in a manner that requires notification under applicable law (including Colorado's data-breach notification statute, CRS § 6-1-716, the GDPR / UK GDPR, the CCPA, and other state breach-notification statutes), we will notify affected individuals and applicable regulators within the timeframes those laws require — generally without unreasonable delay, and in the case of the GDPR, supervisory authorities within 72 hours of becoming aware where feasible. Notice will describe the categories of data involved, the steps we are taking, and what you can do to protect yourself.

11. Children's Privacy

The Services are not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us at privacy@morevanlessmoney.com so we can delete it.

12. We Do Not Sell Your Data

We do not sell, rent, or trade your personal information. Your data is shared only with the third-party processors listed in Section 4 to provide the Services. See the dedicated Do Not Sell or Share My Personal Information notice for California-specific details.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will reflect changes by updating the "Last Updated" date at the top of this page. For material changes, we will provide reasonable advance notice consistent with the change-notice mechanism in our Terms (Section 22) — generally a banner on affected pages and email to subscribers and account holders where we have your email address. Continued use of the Services after the effective date constitutes acceptance of the updated policy.

14. Contact

Rocky Mountain Logic LLC
Email (privacy / data requests): privacy@morevanlessmoney.com
Email (general): hello@morevanlessmoney.com

See also: Disclaimer & Terms of Use → · Do Not Sell or Share My Personal Information →