Privacy Policy

Last Updated: February 8, 2026

1. Introduction

At SplitterUp, we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application.

We want to be clear: we do not sell, rent, or share your personal data with third parties for marketing purposes. Your data is yours.

2. Information We Collect

We collect information that you provide directly to us, including:

  • Account information (name, email address, profile picture)
  • Expense and transaction data
  • Friend and group connections
  • Communications with us and other users
  • Device contacts (phone numbers only, when you choose to find friends)
  • Bank account and transaction data (when you choose to link a bank account)

3. Contacts Data

When you use the "Find Friends from Contacts" feature, we access your device contacts to help you find friends who are already using SplitterUp. Here's exactly what happens:

  • We read phone numbers from your device contacts (no names or other data)
  • Phone numbers are sent to our server to check for matching SplitterUp users
  • We do NOT store your contacts—phone numbers are used only for matching and are immediately discarded
  • This feature is entirely optional and requires your explicit permission

4. Bank Account Data

SplitterUp offers an optional bank import feature (premium subscription required) that allows you to link bank accounts and import transactions as expenses. When you use this feature, we connect to your financial institution through Teller, a secure third-party bank data aggregation service. Here's exactly what happens:

  • You authorize the connection through Teller Connect, a secure interface provided by Teller where you log in to your bank directly—we never see your bank login credentials
  • We collect: institution name, account type and name, last 4 digits of your account number, and transaction details (amounts, dates, descriptions, and categories)
  • Access tokens provided by Teller are encrypted using AES-256-GCM and are never exposed to the app—all Teller API calls are made server-side through our secure Edge Functions
  • Transactions that are not imported as expenses are automatically deleted after 30 days
  • Disconnecting a bank account immediately revokes access and deletes all associated data (enrollment, accounts, and transactions)
  • This feature is entirely optional, requires explicit user consent, and is available only with a premium subscription

5. How We Use Your Information

We use the information we collect to provide, maintain, and improve our services, including to process transactions, send notifications, respond to your requests, and personalize your experience. We also use your information to protect against fraud and abuse.

6. Information Sharing and Third Parties

We do NOT sell, rent, or share your personal information with third parties for their marketing purposes. Period.

We only share your information in these limited circumstances:

  • With other SplitterUp users you explicitly connect with (friends, group members) to enable expense splitting features
  • With Supabase, our secure backend infrastructure provider, solely for data storage and app functionality
  • With Sentry, for error monitoring and crash reporting to help us identify and fix issues. This includes anonymous device information and crash logs, but never your personal financial data.
  • With Mistral AI, for receipt scanning and text extraction when you use the receipt scanning feature. Receipt images are processed to extract text and are not stored by Mistral.
  • With Teller, for bank account linking and transaction retrieval when you use the bank import feature. All communication with Teller is secured via mutual TLS (mTLS). Teller does not receive any of your SplitterUp data.
  • When required by law or to protect our rights and safety

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Bank access tokens are encrypted using AES-256-GCM, and all communication with banking services is secured via mutual TLS (mTLS). However, no method of transmission over the internet or electronic storage is completely secure.

8. Your Rights

You have the right to access, update, or delete your personal information at any time. You can do this through your account settings or by contacting us directly. You may also opt out of certain communications.

9. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. For bank account data specifically: unlinked transactions are automatically deleted after 30 days, and all bank data (enrollment, accounts, and transactions) is immediately deleted when you disconnect a bank account.

10. Children's Privacy

SplitterUp is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected such information, we will take steps to delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last Updated" date. We encourage you to review this policy periodically for any changes.

12. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at contact@splitterup.app.