Privacy Policy

We take your privacy seriously. Here is exactly what we collect and why.

Last updated: April 3, 2026

1. Introduction

SmartSplitter ("we," "our," or "us") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Service"). Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.

By using the Service, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.

2. Information We Collect

Information you provide directly:

  • Account information: name, email address, profile photo
  • Expense data: amounts, descriptions, categories, dates, and participant information you enter
  • Group information: group names, member lists, and settings
  • Payment method handles: Venmo usernames, PayPal links, CashApp tags, Zelle information, or similar payment identifiers you choose to add (we do not process payments or store financial account credentials)
  • Communication data: messages or requests sent through the Service
  • Two-factor authentication (2FA) data: your email address is used to deliver one-time passcodes (OTP) via SendGrid for account verification

Information collected automatically:

  • Device information: device type, operating system, unique device identifiers
  • Usage data: features used, screens viewed, actions taken within the app
  • Log data: IP address, browser type, pages visited, timestamps
  • Analytics data: crash reports and performance diagnostics (via Firebase Crashlytics and Firebase Analytics)
  • Push notification token: a device token generated by your platform (iOS/Android) used solely to deliver push notifications; you may revoke this at any time in your device settings

Information from third parties:

  • When you sign in with Google or Apple, we receive your name, email address, and profile photo from those providers
  • We do not receive any payment information from third-party sign-in providers
  • When you connect a bank account via Plaid, we receive limited financial data as described in Section 5 below

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Create and manage your account
  • Enable you to share expenses and collaborate with other users
  • Display bank account balances and transaction data you authorize through Plaid
  • Facilitate expense settlements by matching payment information
  • Send transactional emails (expense notifications, settlement requests, OTP codes) that you opt into
  • Send service announcements, security updates, and support responses
  • Analyze usage patterns to improve features and fix bugs
  • Comply with legal obligations and enforce our Terms of Use
  • With your explicit consent: send marketing communications (you may opt out at any time)

4. How We Share Your Information

We do not sell your personal data. We share information only in the following limited circumstances:

  • With group members: When you join or create a group, other members can see your name, profile photo, and expense data within that group
  • With Plaid Technologies, Inc.: When you connect a bank account, your financial institution credentials and data are shared with Plaid as described in Section 5. Plaid's use of your data is governed by Plaid's End User Privacy Policy
  • With Firebase (Google): Authentication, database, cloud storage, analytics, crash reporting, and push notifications are powered by Google Firebase
  • With SendGrid (Twilio): Transactional and notification emails are delivered via SendGrid
  • With RevenueCat: In-app subscription management and purchase verification
  • For legal compliance: If required by law, subpoena, or to protect our legal rights
  • In a business transfer: If SmartSplitter is acquired or merged, your data may transfer to the acquiring entity under the same privacy commitments

5. Banking Data & Plaid

SmartSplitter uses Plaid Technologies, Inc. ("Plaid") to connect your bank accounts and gather financial data from your financial institutions. This section describes how that integration works and your rights with respect to your banking data.

How Plaid works: When you choose to connect a bank account, you will interact with Plaid's secure interface ("Plaid Link"). You enter your financial institution credentials directly into Plaid's interface — SmartSplitter never sees, receives, or stores your banking username or password. Your credentials go directly and securely to Plaid.

What data SmartSplitter receives via Plaid:

  • Account balances (current and available)
  • Transaction history (dates, amounts, merchant names, categories)
  • Account identifiers (masked account numbers showing last 4 digits only; routing numbers for payment matching purposes)
  • Account type and name (e.g., "Chase Checking")
  • Account owner information (name associated with the account at your institution)
  • Institution name and logo

How SmartSplitter uses your banking data:

  • To display your connected account balances within the app
  • To show relevant transaction history for expense matching and verification
  • To facilitate settlement coordination between group members
  • To help you identify and categorize shared expenses

Data sharing with Plaid: By connecting your bank account, you authorize SmartSplitter to share data with Plaid as necessary to provide the banking connectivity feature. Your use of Plaid's services is subject to Plaid's Privacy Policy and Plaid's End User Privacy Policy.

Plaid Link disclosure: By clicking "Connect a bank account" and proceeding through Plaid Link, you agree to Plaid's Terms of Use and End User Privacy Policy.

Your rights regarding banking data:

  • Disconnect at any time: You may disconnect your bank account at any time from Settings → Bank Accounts → Disconnect. Upon disconnection, SmartSplitter will stop retrieving data from that account
  • Request deletion of Plaid-held data: To request that Plaid delete data Plaid holds about you, visit Plaid's End User Privacy Policy or contact Plaid directly at privacy@plaid.com
  • Request deletion of SmartSplitter-held banking data: Contact privacy@smartsplitter.app and we will delete all banking data associated with your account within 30 days

Bank connectivity is optional: Connecting a bank account is entirely optional. All core expense-splitting and group management features work without connecting any bank account.

Security: Your bank credentials are never transmitted to or stored by SmartSplitter. All Plaid communications occur over encrypted TLS connections. SmartSplitter stores only the data tokens and limited financial data that Plaid returns after you grant authorization.

6. Data Retention

We retain your account data for as long as your account is active. When you delete your account, we delete your personal data within 30 days, except where required to retain it for legal obligations. Banking data retrieved via Plaid is deleted when you disconnect your bank account or delete your account, whichever comes first. Anonymized, aggregated analytics data may be retained indefinitely.

7. Your Rights and Choices

You have the following rights regarding your data:

  • Access: You may request a copy of the data we hold about you
  • Correction: You can update your account information directly in the app at any time
  • Deletion: You can delete your account from Settings → Account → Delete Account. This removes all your personal data from our systems within 30 days
  • Portability: You may request an export of your expense data in CSV format
  • Marketing opt-out: You can unsubscribe from marketing emails at any time using the unsubscribe link in any email, or in Settings → Notifications
  • Push notification control: You can manage push notification preferences in your device settings or within the app
  • Banking data: You may disconnect bank accounts and request deletion of associated data as described in Section 5

8. Data Security

We implement industry-standard security measures to protect your information:

  • All data in transit is encrypted using TLS 1.2 or higher
  • All data at rest is encrypted by Firebase/Google Cloud infrastructure
  • Authentication is handled by Firebase Authentication with support for multi-factor authentication (2FA via email OTP)
  • Firebase Security Rules enforce role-based access controls — users can only access their own data and authorized group data
  • Firebase App Check is enabled to prevent unauthorized API access
  • API secrets, Plaid credentials, and service keys are stored in Firebase Functions config and are never exposed in client code or source control
  • Access to production data is restricted to authorized personnel only, with multi-factor authentication required for all administrative access
  • In the event of a data breach or security incident, affected users will be notified within 72 hours as required by applicable law

No method of transmission over the internet is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

9. Children's Privacy (COPPA)

SmartSplitter is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. Our Service is a financial expense-tracking tool intended for adults and young adults aged 13 and over, with parental or guardian consent required for users between 13 and 18. If you believe we have inadvertently collected information from a child under 13, please contact us immediately at privacy@smartsplitter.app and we will delete it promptly. We comply with the Children's Online Privacy Protection Act (COPPA).

10. Third-Party Services

Our Service uses the following third-party services, each with their own privacy policies:

  • Firebase (Google): Authentication, Firestore database, Cloud Storage, Analytics, Crashlytics, Cloud Messaging — Firebase Privacy
  • Plaid Technologies, Inc.: Bank account connectivity — Plaid End User Privacy Policy
  • SendGrid (Twilio): Transactional email delivery — Twilio Privacy Policy
  • RevenueCat: In-app subscription management — RevenueCat Privacy Policy
  • Google Sign-In / Sign in with Apple: Third-party authentication providers
  • Apple App Store / Google Play Store: In-app purchase processing; payment details are handled entirely by the platform and are never seen or stored by SmartSplitter

11. International Data Transfers

Your information may be transferred to and processed in the United States, where our service providers operate. By using the Service, you consent to this transfer. We ensure appropriate safeguards are in place per applicable law, including standard contractual clauses where required by GDPR.

12. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You may request information about the categories and specific pieces of personal information we have collected, the categories of sources from which it was collected, our business purpose for collecting it, and the categories of third parties with whom we share it
  • Right to Delete: You may request deletion of personal information we have collected from you, subject to certain legal exceptions
  • Right to Opt Out of Sale: We do not sell personal information. We do not sell or share your personal information with third parties for their own commercial purposes
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
  • Right to Correct: You may request correction of inaccurate personal information we hold about you

To exercise your CCPA rights, contact us at privacy@smartsplitter.app. We will respond within 45 days of receiving your verifiable request.

13. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) and applicable local laws:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data in certain circumstances
  • Right to Restriction of Processing: Request that we limit how we use your data in certain circumstances
  • Right to Data Portability: Request a machine-readable copy of your data
  • Right to Object: Object to processing based on legitimate interests
  • Rights related to automated decision-making: We do not use automated decision-making or profiling that produces significant legal effects

Our legal bases for processing your data are: (1) performance of a contract (providing the Service you requested); (2) legitimate interests (improving the Service, preventing fraud); and (3) consent (marketing communications, optional banking connectivity). To exercise your GDPR rights, contact us at privacy@smartsplitter.app. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

14. Financial Data Disclaimer

SmartSplitter is an expense management and tracking tool. We are not a bank, financial institution, payment processor, or financial advisor. Financial figures displayed in the app, including balances retrieved via Plaid, are provided for convenience and informational purposes only. They do not constitute financial advice, legally binding statements of debt, or accounting records for tax or legal purposes. Always verify important financial information independently.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last updated" date. For material changes, we will provide additional notice via email or in-app notification at least 14 days before they take effect. Continued use of the Service after changes constitutes acceptance of the updated policy.

16. Contact Us

If you have any questions about this Privacy Policy, our privacy practices, or to exercise any of your rights described above, please contact us at:

We aim to respond to all privacy-related requests within 30 days as required by applicable law.