← splitmax

Privacy Policy for splitmax

Effective Date: April 7, 2026 Last Updated: April 7, 2026

1. Overview

This Privacy Policy explains how splitmax ("we", "us", "our", or "splitmax") collects, uses, shares, and protects personal information when you use the splitmax mobile application (the "App") or the splitmax website at https://splitmax.app (the "Website"), collectively the "Service".

splitmax is a receipt-splitting service that lets you scan a receipt, share a link with people at the table, and let them claim items they ordered so everyone pays their fair share. The Service is operated by Splitmax (operated by an independent developer based in the United States). Contact: support@splitmax.app.

See also our Terms of Service.

By using splitmax, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect three categories of information.

2.1 Information you provide directly

  • Account information: Your name, email address, and profile photo when you sign in with Apple or Google.
  • Payment handles: Your usernames or identifiers for Venmo, Cash App, PayPal, and Zelle. We store these so the people you split bills with can pay you back. We never store your actual passwords or full account credentials for these services. We are not a payment processor — we only generate deep links into the apps you already use.
  • Receipt content: Item names, prices, tax, tip, and totals extracted from receipts you scan. This is required for the splitting math.
  • Receipt photos (optional): If you opt in to "save receipt photos to history" in Settings, we store the image of each receipt you scan. This is off by default and can be turned on or off at any time. Photos are auto-deleted after 90 days unless you have a Pro subscription.
  • Friend list and saved crews: Names and payment handles of people you've split bills with, plus any "crews" (recurring groups) you create.
  • Communications: If you contact us for support, we collect the contents of your message and your contact info.

2.2 Information collected automatically

  • Device information: Device model, operating system version, language, time zone, and a randomly generated device identifier (stored locally; never tied to your name unless you sign in).
  • Usage data: Events like "scan started", "group shared", "joiner joined", "payment marked." We use these to improve the product and run A/B experiments. Captured via PostHog (see § 5).
  • Approximate geographic region: Inferred from your IP address, only to set your default currency and region.
  • Crash and performance data: Stack traces and performance metrics if the App crashes.
  • Advertising identifiers: Apple's IDFA or Google's Advertising ID, only if you have NOT opted out via your device's privacy settings AND you are on the free tier (see § 5 — AdMob).

2.3 Information from people you split with ("joiners")

When someone opens a share link you sent them, splitmax collects:

  • The name they enter
  • The payment handle they enter for the method they choose
  • Which items they tap to claim
  • A randomly generated device identifier to keep their session linked across page reloads
  • Optional: an email address if they sign up for "notify me when paid"

This information is stored on the group record and is visible to you (the scanner) and to other joiners on the same group. Joiners can request deletion at any time by emailing support@splitmax.app.

2.4 Information we do NOT collect

We explicitly do not collect:

  • Your bank account numbers, credit card numbers, or any actual financial credentials
  • Your contacts list (unless you explicitly grant contact access for the share-with-contacts feature)
  • Your precise GPS location
  • Your photo library (we only access individual photos you select for OCR)
  • Health, biometric, or fitness data
  • Information about children under 13 (see § 9)

2.5 California / CPRA Categories of Personal Information

For California residents, the categories of personal information we collect, as defined under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), are:

  • Identifiers — name, email address, user ID, IP address, device identifier
  • Customer records (Cal. Civ. Code §1798.80(e)) — payment handles for third-party services (Venmo, Cash App, PayPal, Zelle)
  • Commercial information — Pro subscription status, transaction records (purchase receipts only — never the underlying payments)
  • Internet or network activity — app interactions, page views, search queries within the app, browser type
  • Geolocation data — approximate region only, never precise GPS
  • Inferences — aggregated usage patterns used for product improvement

These categories are collected for the business purposes described in §3 (How We Use Information). We do not "sell" personal information as defined under applicable privacy laws. We may "share" certain identifiers (advertising IDs, IP address) with advertising networks like Google AdMob/AdSense for the purpose of serving non-personalized banner ads to free tier users; you can opt out at any time (see §8.1).

3. How We Use Information

We use your information to:

  • Provide the core service — extract items from receipts, calculate fair shares, generate payment deep links, send push notifications when people pay
  • Process AI receipt extraction — we send the OCR text (not the photo) to Groq, an AI inference provider, to convert raw text into structured items. This is the only way the App works.
  • Run your account — authenticate you, sync your history across devices, manage your Pro subscription
  • Communicate with you — push notifications about your active groups, optional product update emails (you can unsubscribe)
  • Improve splitmax — analyze aggregate usage patterns, run A/B experiments on UI variants, debug crashes
  • Show ads (free tier only) — display banner ads relevant to your region. We never share your payment handles, receipt contents, or any directly identifying info with advertisers.
  • Prevent abuse — detect fraudulent accounts, rate-limit AI scans, enforce free tier limits
  • Comply with law — respond to lawful requests from regulators or law enforcement

We do not use your data to:

  • Train AI models (Groq does not retain or train on the text we send them per their terms)
  • Sell to third parties for marketing purposes
  • Build advertising profiles tied to your identity

3.1 Artificial Intelligence Disclosure

splitmax uses artificial intelligence to extract structured data (item names, prices, tax, tip, total) from receipt OCR text. We process this through our AI vendor Groq as described in §5. The AI output is informational only and may contain errors — you should always review and edit the extracted items before sharing a group with others.

We do not use Customer Content (your receipts, payment handles, friend list, or any personal data) to train external AI models or third-party AI systems. We do not rely solely on automated decision-making that produces legal, financial, or similarly significant effects on individuals. The receipt-splitting process is fully reviewable and editable by you at every step.

We do not sell personal data. This is a deliberate design choice, not just a regulatory minimum.

4. Legal Basis for Processing (EU/UK Users)

If you are in the European Economic Area, United Kingdom, or Switzerland, we process your information based on the following legal grounds:

  • Performance of a contract — to provide the service you signed up for
  • Legitimate interests — to improve the product, prevent fraud, and ensure security (balanced against your privacy rights)
  • Consent — for optional features like saving receipt photos or sending marketing emails
  • Legal obligation — to respond to lawful regulatory or law enforcement requests

You can withdraw consent at any time without affecting the lawfulness of prior processing.

5. Third-Party Services We Use

splitmax shares limited information with the following service providers, each bound by contractual data processing agreements:

ProviderWhat we sharePurpose
GroqOCR text extracted from your receiptsAI structuring of receipt items into JSON. Groq does not retain or train on this data per their terms.
VercelAll web traffic + database queriesHosting, serverless functions, edge network
NeonAll database content (user records, groups, items, claims)Postgres database hosting
BetterAuthAuthentication stateOAuth session management
AppleOAuth tokens for Sign in with AppleUser authentication
GoogleOAuth tokens for Sign in with GoogleUser authentication
RevenueCatSubscription status, receipts, anonymized user IDPro tier subscription management
Apple App Store / Google PlayPurchase receiptsPro subscription processing
PostHogAnonymized event data, session metadataProduct analytics, A/B testing. PII (names, payment handles) is stripped before sending.
AdMob (Google)Advertising identifier (if not opted out), device info, regionBanner ad serving (free tier only)
Google AdSenseSame as AdMob, web onlyWeb banner ads on the joiner page (free tier only)
Expo Push ServiceDevice push tokens, notification payloadsPush notification delivery

5.1 AdMob and AdSense

When you use the free tier of splitmax, we display banner ads via Google AdMob (in the App) and Google AdSense (on the joiner web page). These services may collect:

  • Your IP address
  • Your device's advertising identifier (unless opted out)
  • Your approximate location (region level)
  • Your device type and OS version

You can opt out of personalized advertising in your device's privacy settings (iOS: Settings → Privacy → Tracking; Android: Settings → Google → Ads → Opt out of Ads Personalization). You can also remove ads entirely by upgrading to splitmax Pro ($4.99/year).

6. Data Retention

DataRetention period
Account informationUntil you delete your account
Active group dataUntil you delete the group, or 90 days after settling (then archived in your history)
Anonymous group data (no signed-in scanner)30 days from creation
Receipt photos (if opted in)90 days for free tier, indefinite for Pro
Anonymous joiner records (no name submitted)24 hours from last activity
OCR text sent to GroqNot retained — discarded immediately after structuring
Push notification tokensUntil you uninstall the App or sign out
Crash and performance logs30 days
Aggregated analytics events2 years
Marketing emails subscriptionUntil you unsubscribe

7. Data Security

We take reasonable measures to protect your information:

  • Encryption in transit — all communication uses HTTPS (TLS 1.3)
  • Encryption at rest — payment handles are stored encrypted in our database using column-level encryption
  • Authentication — sessions use secure, HTTP-only, SameSite cookies on web; secure storage (expo-secure-store) on mobile
  • Access controls — only authorized engineers have access to production data, and only when needed for support or debugging
  • No password storage — we use OAuth (Sign in with Apple, Sign in with Google) so we never see or store your passwords
  • Regular security review — we periodically review our infrastructure for vulnerabilities

No system is perfectly secure. If we discover a breach affecting your personal information, we will notify you within 72 hours via email or in-app notification, as required by applicable law.

8. Your Privacy Rights

Regardless of where you live, you can exercise the following rights:

  • Access — view all the data we have about you (request via support@splitmax.app or in-app Settings → Export My Data)
  • Correction — update inaccurate information
  • Deletion — delete your account and all associated data (Settings → Delete Account, or email support@splitmax.app)
  • Portability — export your data in a machine-readable JSON format (in-app Settings → Export My Data)
  • Opt out of marketing — unsubscribe from any email we send

8.1 California residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information we collect, use, and share
  • Right to delete your personal information (with some exceptions)
  • Right to correct inaccurate personal information
  • Right to opt out of "sale" or "sharing" of personal information — splitmax does not sell your personal information for monetary compensation, but ad-related identifiers may constitute "sharing" under CPRA. You can opt out of personalized ads in your device settings or by upgrading to Pro.
  • Right to limit use of sensitive personal information — we treat payment handles as sensitive and only use them for the core service
  • Right to non-discrimination — we will not penalize you for exercising your rights

To exercise these rights, email support@splitmax.app with the subject line "California Privacy Rights Request" and we will respond within 45 days.

8.2 EU/UK/Swiss residents (GDPR)

If you are in the EEA, UK, or Switzerland, you also have:

  • Right of access under GDPR Article 15
  • Right to rectification under Article 16
  • Right to erasure ("right to be forgotten") under Article 17
  • Right to restrict processing under Article 18
  • Right to data portability under Article 20
  • Right to object to processing based on legitimate interests under Article 21
  • Right to lodge a complaint with your local supervisory authority

To exercise these rights, email support@splitmax.app with the subject line "GDPR Request".

Note on international data transfers: splitmax is operated from the United States. If you use splitmax from outside the US, your data will be transferred to and processed in the US. We rely on Standard Contractual Clauses approved by the European Commission to safeguard these transfers where applicable.

9. Children's Privacy

splitmax is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@splitmax.app and we will promptly delete it.

If you are between 13 and 18 years old, please use splitmax only with the permission of a parent or guardian.

10. Apple-Specific Disclosures (iOS Users)

If you use the splitmax iOS app, the following Apple-specific disclosures apply:

Apple Privacy Nutrition Labels

The categories of data linked to your identity in the iOS App Store listing are:

  • Identifiers (User ID for sign-in)
  • Contact Info (email)
  • User Content (receipt items, payment handles you provide)
  • Usage Data (app interactions, anonymized for product improvement)
  • Diagnostics (crash and performance data)

App Tracking Transparency (ATT)

splitmax may request permission to track you across apps and websites owned by other companies for advertising purposes. You can decline this prompt and splitmax will continue to work fully — you will simply see less-personalized ads. Pro tier users do not see ads at all and are never asked.

Sign in with Apple

When you sign in with Apple, you can choose to hide your real email address using Apple's Hide My Email feature. splitmax fully supports this — we use whatever email Apple provides us, hidden or real, to communicate with you.

11. Google Play-Specific Disclosures (Android Users)

The Google Play Data Safety section for splitmax discloses:

  • Personal info collected: Name, email, user ID, payment handles
  • App activity: App interactions, in-app search history (if any), installed apps (no), other user-generated content (yes — receipts)
  • App info and performance: Crash logs, diagnostics, other app performance data
  • Device or other IDs: Device or other IDs
  • Encryption in transit: Yes
  • Encryption at rest: Yes
  • Data deletion request: Yes — via in-app Settings or email

12. Cookies and Local Storage (Website only)

The splitmax website uses cookies and similar technologies for:

  • Strictly necessary cookies — session management, CSRF tokens (cannot be disabled)
  • Functional cookies — remembering your preferences (e.g., your name on the join page)
  • Analytics cookies — PostHog event tracking (you can opt out via the cookie banner)
  • Advertising cookies — Google AdSense for the joiner page banner ads (you can opt out via the cookie banner; Pro users never see these)

The first time you visit splitmax.app from the EU/UK, you will see a cookie consent banner letting you choose which categories to accept.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last Updated" date at the top
  • Display a notice in the App on your next launch
  • Email signed-in users about significant changes (e.g., new third-party services, new data categories collected)

Your continued use of splitmax after we publish a new version means you accept the changes. If you do not agree, you can delete your account.

14. No Third-Party Tracking or Analytics Pixels

splitmax does not use any of the following:

  • Facebook Pixel or Meta tracking
  • Google Analytics
  • Mixpanel, Amplitude, or similar third-party analytics platforms
  • Twitter/X Pixel
  • TikTok Pixel or any other social media tracking pixel

We use PostHog (a privacy-friendly analytics tool) for in-product analytics. PostHog data is anonymized before any PII (names, payment handles) could reach it. We do not use any cross-site or cross-app advertising tracking beyond what is described in §5.1 (AdMob/AdSense).

15. Contact Us

For privacy questions, data subject requests, or any concerns:

  • Operator: Splitmax (operated by an independent developer based in the United States)
  • Email: support@splitmax.app
  • Subject lines that get faster routing:
    • "Delete My Account"
    • "Export My Data"
    • "California Privacy Rights Request"
    • "GDPR Request"
    • "Security Concern"

We aim to respond to all privacy requests within 30 days (or 45 days for CCPA requests).

This is the splitmax Privacy Policy as of the Last Updated date above. The current version is always at https://splitmax.app/privacy. See also our Terms of Service.