1. Controller
Developer: Daniel Kimmich
Address: c/o Block Services, Stuttgarter Str. 106, 70736 Fellbach, Germany
Email: info@splithappens.io
2. Overview
This Privacy Policy informs you about the processing of your personal data when using the SplitHappens app ("App"). SplitHappens is an expense-sharing app for groups with AI-powered receipt recognition, voice control, and real-time collaboration.
3. Data We Collect
3.1 Registration and Profile Data
- Email address (upon registration)
- Name/display name (freely chosen)
- Profile picture (optional, uploaded by the user)
- User ID (automatically generated)
3.2 Third-Party Authentication Data
- Google Sign-In: Name, email address, profile picture (if you sign in via Google)
- Apple Sign-In: Name, email address or anonymous email (if you sign in via Apple)
3.3 Financial and Transaction Data
- Expenses and receipts (amounts, descriptions, categories)
- Group memberships and friend connections
- Balances and debts between users
- Payment history and settlement calculations
3.4 Multimedia Data
- Receipt photos (for AI-based text recognition and data extraction)
3.5 Device and Usage Data
- Device information (operating system, app version)
- Usage statistics (app features, frequency of use)
- Error reports (for app improvement)
- Network connection data (for real-time synchronization)
4. Legal Basis for Processing
Your data is processed on the basis of the EU General Data Protection Regulation (GDPR):
- Art. 6(1)(a) GDPR: Consent (e.g., for optional profile picture)
- Art. 6(1)(b) GDPR: Performance of a contract (providing app functionality)
- Art. 6(1)(f) GDPR: Legitimate interests (security, error analysis)
5. Purposes of Data Processing
5.1 Providing App Features
- User registration and authentication
- Expense tracking and management
- Group management and friend connections
- Real-time synchronization across devices
- Balance calculation and settlement suggestions
5.2 AI-Based Services
- Receipt recognition: Automatic text recognition from receipt photos using Azure Document Intelligence (Microsoft, EU servers)
5.3 App Improvement and Support
- Error analysis and resolution
- Performance optimization
- Development of new features
- Customer support for issues
6. Data Sharing with Third Parties
6.1 Supabase (Backend Service) — Self-Hosted
Operation: Self-hosted on Hetzner Cloud, Germany (EU)
Software: Supabase (Open Source)
Data: All data stored in the app (profiles, expenses, friendships)
Purpose: Database, authentication, real-time synchronization
Location: Data center in Germany — your data does not leave the EU
6.2 Azure Document Intelligence (Receipt Recognition)
Provider: Microsoft Corporation (Azure)
Data: Receipt photos (only temporarily for text recognition)
Purpose: AI-powered receipt recognition and data extraction
Location: EU servers (GDPR-compliant)
Privacy: Microsoft Privacy Statement
6.3 Google Services (for Google Sign-In)
Provider: Google LLC, USA
Data: Name, email address, profile picture
Purpose: Authentication
Privacy: Google Privacy Policy
6.4 Apple Services (for Apple Sign-In)
Provider: Apple Inc., USA
Data: Name, email address (or anonymous email)
Purpose: Authentication
Privacy: Apple Privacy Policy
6.5 No Sharing with Other Third Parties
Your data is not shared with advertisers, data brokers, or other commercial third parties.
7. Data Storage and Deletion
7.1 Retention Period
- Profile data: As long as your account is active
- Expenses and receipts: As long as the corresponding groups exist
- Receipt photos: After successful text recognition (max. 30 days)
- Error reports: 12 months
7.2 Account Deletion
You can permanently delete your account at any time:
- In the app settings under "Delete Account"
- Or by email to info@splithappens.io
- Complete deletion of all your data within 30 days
8. Your Rights
Under the GDPR, you have the following rights:
Right of Access (Art. 15 GDPR)
You can request a copy of all data stored about you.
Right to Rectification (Art. 16 GDPR)
You can have incorrect or incomplete data corrected.
Right to Erasure (Art. 17 GDPR)
You can request the deletion of your data ("right to be forgotten").
Right to Restriction of Processing (Art. 18 GDPR)
You can request the temporary suspension of data processing.
Right to Data Portability (Art. 20 GDPR)
You can receive your data in a structured, commonly used format.
Right to Object (Art. 21 GDPR)
You can object to the processing of your data.
Contact for privacy inquiries: info@splithappens.io
9. Data Security
We implement technical and organizational measures to protect your data:
- Encryption: All data is transmitted encrypted (TLS/SSL)
- Access control: Restricted access to personal data
- Secure servers: Self-hosted infrastructure on Hetzner Cloud (Germany)
- Regular updates: Security patches and system updates
10. International Data Transfers
Your app data is stored on our self-hosted servers in Germany (Hetzner Cloud) and does not leave the EU. Data transfers only occur when using third-party authentication:
- Google Sign-In / Apple Sign-In: Authentication data is transmitted to Google LLC or Apple Inc. (USA)
- Legal basis: EU Commission adequacy decision for the USA, Standard Contractual Clauses
- Additional safeguards: Encryption, access restrictions
11. Children's Privacy
The app is intended for persons aged 16 and older. We do not knowingly collect data from children under 16. If you become aware that a child under 16 has submitted data, please contact us immediately.
12. Cookies and Tracking
The SplitHappens app uses no cookies or third-party tracking tools. All data is processed exclusively for app functionality.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. In the event of material changes, you will be notified via the app. The current version is always available at this URL.
14. Contact and Complaints
Privacy Inquiries:
Email: info@splithappens.io
Response time: Within 72 hours
Complaints:
You have the right to lodge a complaint with a data protection supervisory authority:
- Germany: Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (Federal Commissioner for Data Protection and Freedom of Information)
- Or with the supervisory authority of your EU member state
See also our Terms of Service.