Last updated: April 7, 2026
Welcome to PaySplit ("we," "our," or "us"). We are committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, with whom we share it, and your rights regarding your data when you use the PaySplit mobile app and web app (collectively, the "App").
By using the App, you agree to the collection and use of information as described in this policy.
a. Account Information
When you create an account, we collect your name, email address, phone number, and profile picture (if provided). If you sign in via Google, we receive your name, email address, and profile picture from Google.
b. Financial Data
We collect the expense records, group names and descriptions, split amounts, payment amounts, balances, and transaction history that you enter manually into the App. All monetary amounts are stored as integers (in the smallest currency unit, e.g. cents) on our servers.
c. Contact List Information
When you grant contacts permission, PaySplit reads your device's full contact list to help you find friends already on the App and to invite others. The following data is collected:
Contact names — stored on PaySplit servers only when you explicitly invite that person to a group.
Email addresses — hashed on-device using SHA-256, then sent to PaySplit servers to find friends already on the App.
Phone numbers — sent to PaySplit servers in normalised form to find friends already on the App.
When you invite a contact to a group, their name and email address are stored on our servers as a group member record and to deliver an invitation link. Your full contact list is read to perform matching. Contact data is used only for friend matching and invitations — it is never sold or shared with third parties for marketing purposes.
d. Device and Technical Information
We collect your IP address, device type, operating system version, and app version for security and performance monitoring. We also collect your push notification token, device platform (iOS or Android), and device model name (e.g., "Samsung Galaxy S24") to enable push notifications. These are stored on our servers and linked to your account for the duration of your use of the App.
e. Usage Analytics
We use PostHog to collect usage analytics. PostHog receives your user ID, email address, and event data recording actions such as signing in, creating a group, adding an expense, sending an invitation, and completing onboarding. This data is used solely to understand how the App is used and to improve it. It is not used for advertising. PostHog processes this data on our behalf under a data processing agreement.
f. AI Assistant
If you use the AI assistant feature, your messages are processed by Google Gemini (Google's Generative AI API). Each request sent to Gemini includes your conversation history for the current session, your name and the current date, all your active group names and member names, your balances across all groups and currencies, your last 20 recent expenses (description, amount, currency, who paid, and date), and your friend balances. This financial context is included so the assistant can give you relevant, personalised answers.
This data leaves PaySplit servers and is processed by Google under Google's AI terms of service. Do not enter sensitive personal information (such as passwords, payment card numbers, or government ID numbers) into the AI assistant. AI usage counts are stored on our servers for rate-limiting purposes only.
g. Invitation Data
When you invite someone to a group, their email address is stored on our servers and used to send them an invitation email via Resend (our transactional email provider). Invitation records include the invitee's email address, the group they were invited to, an expiry timestamp (7 days), and the invitation status.
We use the information we collect to:
Create and manage your account and authenticate you
Enable group expense splitting, balance tracking, and settlement recording
Match your contacts with existing PaySplit users using privacy-preserving on-device hashing of email addresses
Deliver push notifications about group activity (e.g. when someone adds you to a group or logs an expense)
Send invitation emails to contacts you choose to invite
Power the AI assistant with relevant financial context from your account
Analyse usage patterns via PostHog to improve the App's features and performance
Enforce rate limits on the AI assistant
Diagnose errors, monitor security, and maintain service reliability
Comply with applicable legal obligations and prevent fraud
We do not sell your personal data. We share your information only in the following circumstances:
Service providers — we use the following third-party processors, each bound by confidentiality obligations or data processing agreements:
Supabase (AWS, ap-southeast-1 region) — database, authentication, and backend services. All app data is stored here.
Google Gemini — AI assistant message processing. Receives your conversation history, group names, member names, balances, expenses, and friend data.
PostHog — usage analytics. Receives your user ID, email address, and event names.
Expo — push notification delivery. Receives push tokens and notification content.
Resend — invitation email delivery. Receives the invitee's email address and group name.
With your consent — when you explicitly invite a contact, share a group invite link, or take another action that shares your data with another person.
Legal requirements — if required by law, court order, or to protect the rights, property, or safety of PaySplit, our users, or the public.
Your data is stored on Supabase servers hosted on AWS in the ap-southeast-1 (Singapore) region. We use the following security measures:
Encryption in transit via TLS for all data between your device and our servers
Row-Level Security on all database tables, ensuring users can only read or write data in groups they belong to
Secure token storage on your device using platform-provided mechanisms (Keychain on iOS, Keystore on Android)
Push notification tokens are disabled on the server when you sign out
No method of transmission or storage is 100% secure. While we implement industry-standard protections, we cannot guarantee absolute security against all threats.
We retain your data for as long as your account is active. Specific retention periods:
Expense and group data — retained until you delete the group or your account
Push notification tokens — disabled when you sign out; retained in disabled state for up to 90 days
AI usage counters — retained for rolling rate-limiting windows, then deleted automatically
Invitations — expire automatically after 7 days if not accepted
Account deletion requests — processed within 30 days, after which all personal data is removed
You have the right to:
Access the personal data we hold about you
Correct inaccurate information via account settings in the App
Delete your account and all associated data
Object to or restrict certain processing (e.g. analytics) by contacting us
To delete your account, go to Account → Delete Account in the App, or email us at hanushh@gmail.com. We will process deletion requests within 30 days. Note that expense and balance records shared with other group members may be retained in anonymised form to preserve the integrity of those groups' financial history.
The App is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us at hanushh@gmail.com and we will delete it promptly.
Your data may be transferred to and processed in countries other than your country of residence. Specifically:
Supabase stores data in Singapore (AWS ap-southeast-1)
Google Gemini processes data in Google-operated data centres
PostHog is hosted in the United States
Resend is hosted in the United States
By using the App, you consent to these transfers. We ensure that any such transfers are subject to appropriate safeguards consistent with applicable data protection law.
The App may allow you to open third-party payment apps (e.g. Venmo, PayPal) via deep links. We do not control those services and are not responsible for their privacy practices. Please review their privacy policies before use.
We may update this Privacy Policy from time to time. When we do, we will post the updated policy here with a revised "Last updated" date. For material changes, we will notify you via a notice in the App or by email. We encourage you to review this policy periodically.
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
Email: hanushh@gmail.com