Privacy Policy

Last updated: January 15, 2025

By using Budget Splitter, you acknowledge that you have read this Privacy Policy and understand how we collect, use, and protect your personal information. If you do not agree with this Privacy Policy, please do not use our service.

1. Data Controller

Data Controller: Mikhail Kosy

Email: mishapublisher@gmail.com

Development Team: Mikhail Kosy, Yahor Skarupich

Location: Poland

2. Information We Collect

Email address
Username
Group information (names, descriptions, participants)
Expense records (descriptions, amounts, dates)
Receipt photos and Group avatars
Device information (device type, operating system)
Access and refresh tokens (stored locally)

3. Legal Basis for Processing (GDPR)

Contractual Necessity (Article 6(1)(b) GDPR): Performance of contract
Legitimate Interests (Article 6(1)(f) GDPR): Service improvement, security, fraud prevention
Consent (Article 6(1)(a) GDPR): AI receipt scanning (optional feature)

4. Purposes of Processing

Provide and maintain the service
Authenticate and authorize access
Process and store expense data
Analyze receipt photos using OpenAI
Enable expense splitting and calculations
Improve service and fix technical issues
Ensure security and comply with legal obligations

5. Data Recipients

Your data is shared with:

Other users within your groups
AWS Cognito (authentication)
OpenAI (receipt processing, when you use AI feature)
When required by law

We do not sell your personal information.

6. International Data Transfers

Your data may be transferred outside the EEA (including to the United States). We use Standard Contractual Clauses (SCCs) and other GDPR-compliant safeguards.

7. Data Retention

Active account data: While account is active
Shared group data: May be retained if other members have access
Receipt photos and Group avatars: Stored in cloud storage (AWS S3) while associated with an expense record. When you delete an expense, the photo is scheduled for deletion and will be permanently removed from storage within 30 days.
Legal compliance data: As required by law

8. Your Rights

GDPR Rights (EU Users)

Right of Access (Article 15)
Right to Rectification (Article 16)
Right to Erasure (Article 17)
Right to Restrict Processing (Article 18)
Right to Data Portability (Article 20)
Right to Object (Article 21)
Right to Withdraw Consent
Right to Lodge a Complaint with supervisory authority

Supervisory Authority (Poland):

Urząd Ochrony Danych Osobowych (UODO)

ul. Stawki 2, 00-193 Warsaw, Poland

Website: uodo.gov.pl

Email: kancelaria@uodo.gov.pl

CCPA Rights (California Residents)

Right to Know
Right to Delete
Right to Opt-Out (we do not sell personal information)
Right to Non-Discrimination

To exercise your rights, contact us at mishapublisher@gmail.com. We will respond within 30 days (45 days for CCPA requests).

9. Data Breach Notification

In the event of a personal data breach likely to result in high risk, we will notify the supervisory authority within 72 hours and affected users without undue delay.

10. Children's Privacy

Budget Splitter is not intended for children under 13 (or 16 in the EU without parental consent). We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us immediately.

11. Contact Us

Email: mishapublisher@gmail.com

Data Controller: Mikhail Kosy

Development Team: Mikhail Kosy, Yahor Skarupich

Location: Poland

12. Governing Law

This policy is governed by the laws of Poland and the European Union (GDPR) for EU users, and applicable US privacy laws (including CCPA) for US users.