Privacy Policy

1. Introduction

This Privacy Policy explains how DoSplit ("DoSplit", "we", "us", "our") — operated from Chișinău, Moldova — collects, uses, shares, and safeguards personal information when you use the DoSplit mobile and web applications and any related APIs (collectively, the "Service").

By using the Service you acknowledge this Policy. If you do not agree, do not use the Service. For privacy questions or requests, contact [email protected].

2. Personal Information We Collect

We collect the following categories of personal information, using the categories defined by the California Consumer Privacy Act (as amended by the CPRA, the "CCPA"):

• Identifiers — name, email address, account ID, optional nickname, your chosen avatar emoji, and the federated identifier returned by Apple or Google when you choose to sign in with them.
• Customer records (Cal. Civ. Code §1798.80) — phone number you optionally add to your profile.
• Commercial information — groups you create or join, expense titles, amounts, currencies, split allocations, settlement records, group invite codes, and per-email-family opt-out preferences you set in Profile → Notification settings.
• Internet or network activity — IP address used to deliver API responses and authenticate sessions; access timestamps held in operational server logs for up to 30 days.
• Sign-in history — for each session you start: IP address, user agent, approximate city-level location derived from IP, and timestamp. Surfaced in the app as Recent Visits so you can audit account activity and revoke specific devices. Retained while your account is active.
• Analytics identifiers — a randomised client identifier set by Google Analytics 4 on this website and by Firebase Analytics in the mobile app, used to count aggregate page-views / screen-views. Not linked to your account identifier. See §9 for details on opting out.
• Inferences — per-group debt summaries and leaderboard rankings computed from your expenses and settlements. We do not use inferences for advertising or behavioural profiling.

3. What We Do Not Collect

We do not collect precise geolocation, biometric identifiers, racial or ethnic origin, religious or philosophical beliefs, union membership, genetic, health, or sex-life information, the contents of your communications, government identifiers (SSN, driver’s licence, passport), or any other "sensitive personal information" as defined by the CPRA.

4. Sources of Personal Information

We collect personal information directly from you (account sign-up, expense entry, profile edits), from authentication providers (Apple, Google) when you choose to sign in with them, and automatically from your device (IP address, server-log timestamps).

5. How We Use Your Personal Information

We use personal information for the following business purposes (CCPA §1798.140(e)):

• Providing the Service — account creation, group management, expense tracking, debt computation, settle-up reminders, and other transactional emails (settle-up notifications, expense-added / expense-changed alerts, member-removal notices, and a monthly group summary). Each of these email families is independently opt-out from Profile → Notification settings or via the unsubscribe link in every email footer.
• Authentication and security — verifying your identity, securing your account, detecting fraud and abuse, and surfacing the Recent Visits log so you can spot unfamiliar sessions.
• Real-time syncing — synchronising shared group data between members’ devices over our Socket.IO sync gateway.
• Aggregate analytics — measuring which pages and screens are most useful so we know what to keep, change, or remove (see §9).
• Service improvement — diagnosing bugs (including via crash reports from the mobile app) and improving Service performance.
• Support — responding to your support requests.
• Legal compliance — complying with legal obligations and enforcing our Terms of Service.

6. Legal Bases for Processing (EEA / UK / Switzerland)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following lawful bases under the GDPR / UK GDPR / Swiss FADP:

• Performance of a contract — to provide the Service you signed up for.
• Legitimate interests — securing the Service, preventing abuse, improving performance, defending legal claims.
• Consent — for opt-out transactional email families (monthly summaries, settle-up notifications, expense alerts) and for analytics where consent is the relevant lawful basis in your region. You can withdraw consent at any time from Profile → Notification settings, via the unsubscribe link in any email footer, or by opting out of analytics as described in §9.
• Legal obligation — responding to lawful requests from authorities and meeting tax / accounting duties.

7. How We Share Personal Information

We do not sell, rent, or trade your personal information. We share only as follows:

• With other members of a group you create or join — expense titles, amounts, splits, and settlement records you enter become visible to those members; your name and avatar are visible to your groups.
• Service providers (processors) — acting on our written instructions and bound by confidentiality:
  • Hosting — cloud infrastructure in the European region.
  • Email delivery — Amazon Web Services (Simple Email Service).
  • Crash reporting — Firebase Crashlytics (Google LLC), mobile app only.
  • Analytics — Google Analytics 4 on the website; Firebase Analytics (Google LLC) on the mobile app.
  Each processor is engaged for the limited purpose described and may not use your data for its own purposes.
• Authentication providers — Apple or Google when you choose to sign in with them.
• Legal disclosures — when required by law, regulation, valid legal process, or governmental request, or to protect the rights, property, or safety of DoSplit, our users, or others.
• Business transfers — if DoSplit is involved in a merger, acquisition, or sale of assets, your information may be transferred subject to the surviving entity continuing to honour this Policy.

8. We Do Not Sell or "Share" Personal Information

DoSplit has not sold and does not sell personal information as defined under the CCPA, and we do not "share" personal information for cross-context behavioural advertising. We have not done so in the preceding 12 months and have no plans to do so. Because we do not sell or share, we are not required to publish a "Do Not Sell or Share My Personal Information" link, but we recognise the Global Privacy Control (GPC) signal as a valid universal opt-out.

9. Cookies, Analytics, and Tracking

On the web (this website and the web app at app.dosplit.com):

• Google Analytics 4 — counts aggregate page-views and traffic sources so we know which pages are useful. GA4 sets first-party cookies and stores a randomised client identifier on your device. We do not link GA4 data to your account.
• Authentication storage — on the web app, your access and refresh tokens are stored in your browser’s local storage (not as HTTP cookies) so you stay signed in across reloads. This is strictly necessary for the Service.
• No advertising SDKs, no remarketing pixels, no cross-site tracking.

In the mobile app (iOS and Android):

• Firebase Analytics — aggregate screen-view and feature-engagement metrics. You can disable analytics collection from your device’s app settings.
• Firebase Crashlytics — crash reports used solely to fix bugs. Stack traces and device-type metadata are sent; we do not transmit your account contents in crash payloads.

Opt-out paths. To opt out of Google Analytics on this website, install the official Google Analytics Opt-Out browser add-on, block third-party cookies, or use a browser that honours the Global Privacy Control (GPC) signal — we treat GPC as a valid universal opt-out. To opt out of Firebase Analytics in the mobile app, disable the corresponding setting in your device’s app preferences. We do not respond to the legacy "Do Not Track" header because GPC supersedes it on the web.

10. Device Permissions

The mobile application requests the following device permissions only when you actively use the feature that requires them:

• Camera — used solely to scan group-invite QR codes when you choose to join a group by scanning. Camera frames are processed on-device by the operating system’s barcode scanner and decoded locally; we do not capture, store, transmit, or share images, video, or any other content from your camera. The permission can be revoked at any time in your device settings, and revoking it does not affect any other feature of the Service.
• Photo library — used solely when you choose to attach a screenshot to a support request via the Contact Us screen. We process only the image(s) you select for that submission; we do not access or index the rest of your photo library, and DoSplit does not support profile photos or group photos at all (avatars are single emoji characters).

The Service does not request access to your location, microphone, contacts, calendar, SMS, call logs, or motion sensors.

11. Data Retention

We retain personal information only for as long as needed to provide the Service or comply with a legal obligation:

• Account information — while your account is active.
• Expense and settlement records — while at least one member of the group is active.
• Sign-in history (Recent Visits) — while your account is active. These rows contain IP address, user agent, and city-level location and are deleted when your account is purged.
• Operational server logs — up to 30 days, then deleted.
• Backups — purged on a 30-day rolling cycle.
• Analytics data — Google Analytics retains aggregate event data per our GA4 configuration; Firebase Crashlytics retains crash reports for 90 days; Firebase Analytics retains aggregated events on Google’s standard retention schedule.

Account deletion timing. Tapping Delete Account in the app schedules a removal 30 days in the future. During that grace period your account stays active and signing back in cancels the request. Once the 30-day window elapses (or, for email requests, when we process them), we permanently erase or anonymize the data described on our Account Deletion page:

• Groups you own are hard-deleted at that point — including every expense, settlement, and activity entry inside them. Other members lose access to that shared history. If you want a shared group to survive, email [email protected] before scheduling deletion so we can transfer ownership manually.
• Records inside groups you do not own are kept so other members can still see their own history, but your name is replaced with "Deleted user", your avatar is reset to a generic icon, and your email and phone are removed.

12. Data Security

We use industry-standard safeguards including TLS-encrypted transport, bcrypt password hashing (cost factor 12), short-lived JWT access tokens with rotation on refresh, encrypted device storage for tokens, role-based access controls, and least-privilege server credentials.

No system is 100% secure. Please report suspected vulnerabilities responsibly to [email protected].

13. International Data Transfers

We are headquartered in Moldova and our primary servers are in the European region. If you access the Service from outside Moldova your personal information will be transferred to and processed in Moldova, which the European Commission has recognised as offering an adequate level of protection (Commission Implementing Decision 2010/146/EU). For other transfers we rely on the European Commission’s Standard Contractual Clauses or another lawful transfer mechanism appropriate to your jurisdiction.

14. Your Privacy Rights (General)

Depending on where you live, you may have the right to:

• Access — request a copy of the personal information we hold about you.
• Correction — request correction of inaccurate or incomplete data.
• Deletion — request deletion of your personal information.
• Portability — request a portable, machine-readable copy of the data you provided to us.
• Restriction / objection — restrict or object to certain processing.
• Withdraw consent — withdraw any consent you previously gave.

15. California Privacy Rights (CCPA / CPRA)

California residents have the rights set out below. We will not deny you the Service, charge you a different price, or provide a different level of quality because you exercised any privacy right.

• Right to know — request the categories of personal information we collected, the sources, the purposes for collecting, the categories of third parties we shared with, and the specific pieces of personal information we collected about you in the preceding 12 months.
• Right to delete — request deletion of personal information we collected from you, subject to limited statutory exceptions.
• Right to correct — request correction of inaccurate personal information.
• Right to opt out of sale or sharing — DoSplit does not sell or share personal information for cross-context behavioural advertising; no opt-out is required, but we honour the Global Privacy Control signal.
• Right to limit use of sensitive personal information — DoSplit does not collect sensitive personal information; this right does not apply.
• Right to non-discrimination — we will not retaliate against you for exercising any of these rights.
• Authorised agent — you may use an authorised agent to submit a request. We require written authorisation and may verify your identity directly.

16. California "Shine the Light" Notice

Under California Civil Code §1798.83, California residents may request a list of any third parties to whom we have disclosed personal information for those parties’ direct-marketing purposes during the preceding calendar year. We do not currently disclose personal information for any third party’s direct-marketing purposes; therefore, no list is maintained.

17. EEA / UK Privacy Rights (GDPR / UK GDPR)

In addition to the general rights above, individuals in the EEA or UK have:

• Right to object — object to processing based on legitimate interests.
• Right to lodge a complaint — file a complaint with your local Data Protection Authority (in the UK, the Information Commissioner’s Office — ico.org.uk).
• Automated decision-making — right not to be subject to a decision based solely on automated processing producing legal or similarly significant effects. We do not engage in such processing.

18. Children's Privacy

The Service is not intended for individuals under 13 (or under the age of digital consent in your country, which may be 14, 15, or 16 in parts of the EEA / UK). We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact [email protected] and we will delete it promptly.

19. Changes to This Policy

We may update this Policy. Material changes will be highlighted in the Service and take effect 14 days after the "Last updated" date above. Continued use of the Service after the effective date constitutes acceptance.

20. Contact

DoSplit
Chișinău, Moldova

Privacy enquiries: [email protected]
General support: [email protected]
Security disclosures: [email protected]

To exercise any of the rights described in this policy, email [email protected] from the address on your account or use Profile → Delete Account in the app. We respond within 45 days (extendable by 45 days when reasonably necessary, with notice).