Privacy Policy

Effective Date: April 28, 2026

SplitterBot™ ("we," "us," or "our") operates the SplitterBot™ website and mobile application (together, the "Service"). This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

1. Information We Collect

Account information

When you create an account, we collect your email address, first name, and last name. If you sign in with Apple or Google, we receive your name and email from the provider. Authentication credentials are managed securely by Amazon Cognito.

Receipt data

Receipt images you upload are processed using AWS Textract for text extraction. Images are stored in AWS S3 and extracted data (establishment name, items, amounts) is stored in AWS DynamoDB.

Splitter information

Names and payment app usernames (Venmo, CashApp, PayPal, Zelle) that you enter for people you split with. This information is stored with the receipt and included when you share a split.

Subscription data

Subscription status for mobile users is managed by RevenueCat. We do not process or store payment card information — all paid plan purchases are handled by Apple App Store or Google Play Store.

Device information

On mobile, we collect your push notification token and device platform (iOS/Android) so we can send notifications you've opted in to. We also store a stable device identifier so we can count how many free-trial receipts a device has used. This identifier is not tied to your personal information; it only enforces the free-trial cap consistently across reinstalls and account deletes.

2. How We Use Your Data

  • Provide receipt scanning, splitting, and sharing functionality
  • Manage your account and authentication
  • Process subscription purchases and enforce plan limits
  • Send push notifications (with your permission)
  • Send transactional emails (e.g., receipt summaries)
  • Improve the Service based on aggregate usage patterns

3. Third-Party Services

We use the following third-party services to operate the Service:

  • Amazon Web Services (AWS) — Authentication (Cognito), data storage (DynamoDB, S3), receipt processing (Textract), API hosting (API Gateway, Lambda)
  • RevenueCat — Subscription management and purchase verification (mobile)
  • Expo — Push notification delivery and over-the-air updates (mobile)
  • Apple / Google — Social sign-in, in-app purchases, and app distribution
  • Resend — Transactional email delivery
  • Sentry — Crash reporting, error monitoring, and session replay (see Section 6)
  • Google reCAPTCHA — Bot protection on public forms (e.g., Contact). Subject to Google's Privacy Policy and Terms of Service.

4. Data Sharing

We do not sell your personal data to third parties. We share data only in these circumstances:

  • With the third-party services listed above, solely to operate the Service
  • When you share a receipt split, the names and amounts of all splitters are included in the shared message and on the public split page you link to
  • If required by law, regulation, or legal process

5. Data Retention

Your data is retained as long as your account is active. Receipt images may be archived or deleted after 30 days. You can delete your account and all associated data at any time from Profile settings. Upon account deletion, we remove your data from our systems within 30 days.

6. Error Monitoring and Session Replay

We use Sentry to monitor crashes, errors, and performance so we can diagnose and fix problems. Sentry also records a sample of app sessions (session replay) to help us reproduce issues. Replays are recorded with all text, images, and graphics masked, so the visual content of your screens — including receipt images, names, amounts, and payment usernames — is not captured. What is recorded is the structure of screens you visited and the taps and gestures you performed.

In production, roughly 10% of sessions are sampled, and any session in which an error occurs is recorded in full. Recordings are stored by Sentry and used solely to debug and improve the Service.

The Service does not use advertising trackers and does not track your activity across other apps or websites.

7. Children's Privacy

The Service is not intended for children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

8. California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Opt out of the sale of personal information (we do not sell your data)
  • Not be discriminated against for exercising your privacy rights

To exercise these rights, contact us at privacy@splitterbot.com.

9. Security

We use industry-standard security measures including encrypted connections (HTTPS/TLS), secure authentication via Amazon Cognito, and access controls on all data storage. However, no method of electronic transmission or storage is 100% secure.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected by an updated "Effective Date" at the top of this page. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, contact us at privacy@splitterbot.com.