Privacy Policy

1. Introduction

Welcome to CollectiveSplit. Our core data philosophy is simple: "Less is more." We collect the absolute minimum amount of information required to provide our expense-splitting services, and we actively encourage the use of pseudonyms and privacy-preserving tools such as Apple’s "Hide My Email." This Privacy Policy explains how we collect, use, process, and protect your information when you use the CollectiveSplit application globally.

2. Information We Collect

We only collect data that is strictly necessary for the app to function.

• Account Information
  When you create an account via Sign in with Apple or Google, we collect your email address, a chosen nickname, an optional profile image, and your default currency.
• How We Determine Currency
  To automatically set your default currency during profile creation, the app temporarily checks your device's location. If location access is unavailable or denied, it defaults to your device's locale settings. We do not store your location data. We only save the resulting currency selection (e.g., SGD), which you can manually change at any time within the app.
• Group and Activity Data
  To facilitate tracking of shared expenses, we store group names, optional group banner images, group default currencies, and the specific details of your group activities. This includes the activity title, category, tags, total amount, transaction currency, who paid, and the exact mathematical breakdown of who owes what (split logic). For specialised activities, we also store associated metadata, such as recurring schedules (rates, start dates, and optional end dates) and depreciation rates.
• Purchase & Subscription Data
  When you subscribe to Split+, we (via our billing partner, Superwall) collect your purchase history and transaction metadata. We use this to manage your subscription status and provide access to Split+ perks.
• Device & Technical Identifiers
  Our service providers collect device-level identifiers (such as the IDFV) and basic technical info (IP address, OS version) to facilitate app functionality, manage user authentication, and prevent fraudulent activity.
• What We Do Not Collect
  We do not store or track your geographical location, we do not access your device's contact book, and we do not track your activity across other applications or websites.

3. How We Use Your Information

The information we collect is used strictly for operational purposes:

• Core Functionality
  To calculate group expenses, synchronise offline and online activity accurately across devices, and maintain the mathematical integrity of shared group records and balances.
• Communication & Notifications
  We utilise your device's notification identifier (FCM token) to deliver push notifications. Alerts regarding activities and payments that directly involve you are essential to the service and can only be disabled via your device's operating system settings. Other notifications, such as group invitations, are optional and can be managed directly within the app. We will only use your email address for critical, service-level announcements.
• Account Management & Customer Support
  To securely authenticate your login credentials and manage your access to Split+ perks.
  • General Inquiries: For technical support or general questions, we aim to respond as promptly as our small team allows.
  • Sensitive Requests: For requests involving data portability or account changes, we follow the identity verification protocol in Section 6. If you are contacting us from an email address other than the one linked to your account, please include your current Friend Code in your initial message to help us verify your identity faster.

4. Third-Party Data Processors

To operate CollectiveSplit, we rely on trusted third-party service providers. These providers act as Data Processors and are bound by strict data protection agreements.

• Google Firebase
  Utilised for secure database hosting, server-side logic, and user authentication.
• Superwall
  Utilised strictly as our billing infrastructure to facilitate in-app purchases, securely communicate with the App Store, and manage subscription statuses.

Functional & Analytical Data: To securely authenticate logins and properly process your subscription transactions, these third-party processors automatically collect specific identifiers:

• Identifiers: User IDs and Device IDs are used to maintain your account session and link your subscription to your device.

• Transaction Data: Purchase history is processed to fulfil your Split+ access.

• Technical Metrics: Baseline data (device model, OS version, and temporary IP addresses) is used strictly for fraud prevention, server uptime, and service integrity.

Third-Party Privacy Policies: Please be aware that while this Privacy Policy governs the data you provide to CollectiveSplit, our third-party infrastructure partners operate under their own privacy policies. We encourage you to review the privacy policies of Google (for Firebase) and Superwall to understand exactly how they manage the foundational technical data they process on our behalf.

Cross-Border Data Transfers: Because CollectiveSplit utilises a global infrastructure, your data may be processed on servers located outside of your country of residence. We rely on recognised legal frameworks to ensure your information remains protected during international transit.

5. Data Retention and Deletion

We respect your right to leave our service without leaving a trace. We balance this with the need to keep shared group records accurate for remaining users.

• Account Deletion
  When you delete your account, all personal information is permanently erased. This includes your email, nickname, and image. Your profile is converted to a generic "Deleted User" label. This anonymises your identity while keeping past group records mathematically correct.
• Activity Deletion
  When you delete an individual activity, it is hidden from your interface but kept on our servers for 30 days. This allows for offline device synchronisation. On day 31, the activity is scrubbed of all personal and financial data. It becomes an anonymous shell linked to its Group ID.
• Group Deletion and Scrubbing
  When a group is deleted, it follows the same 30-day synchronisation window. Once a group is permanently scrubbed on day 31, every activity associated with that Group ID is also permanently deleted from our servers. This includes any previously scrubbed or "soft deleted" activities.
• Data in Backups
  To protect against data loss, we maintain encrypted daily database backups. When data is deleted in the live database, it may remain in these encrypted archives for up to 3 days before being overwritten.

6. Your Data Rights and Choices

We aim to provide clear choices regarding your data. While CollectiveSplit is a collaborative platform, we respect your individual privacy rights under frameworks like the Indonesian PDP Law and the GDPR.

• Right to Access and Correct
  You can view and update your nickname, profile image, and currency in the app. Your account email is provided by Apple or Google and cannot be edited within CollectiveSplit. To change your email, you must delete your account and start fresh with a new login.

• Account Deletion (Right to Erasure)
  You can delete your account at any time in the settings. This immediately erases your personal identity (email, name, and photo) from our servers.

• Collaborative Data Integrity
  To keep group records accurate for other users, any expenses or groups you participated in will remain. However, your name will be replaced with a generic "Deleted User" label, and your personal link to that data is permanently severed.

• Withdrawing Consent
  By using CollectiveSplit, you consent to the minimal data processing required to run the service. You can withdraw this consent at any time by deleting your account and removing the app from your device.

• Non-Discrimination
  We will never provide a lower quality of service or charge different prices because you chose to exercise your privacy rights.

• Data Portability & Verification
  If you need a copy of the basic account information you provided to us, please contact us via email. To ensure we never share your data with an unauthorised party, we follow this verification protocol:

  • Initial Identifier: We check if the request matches the email linked to your account. If it does not, you must provide your current in-app "Friend Code" in your initial email.

  • The Handshake: We will require you to regenerate your Friend Code in the app settings and reply with the new code within 24 hours. This proves you have active, physical control of the authenticated device.

  Timeline for Data Exports: Once your identity is successfully verified via the "handshake" above, your data export will be provided in a standard text format within 7 to 14 days. This timeline applies specifically to formal data access requests; general support queries are handled separately.

  • Regional Compliance: For users in certain jurisdictions with stricter mandates, such as Indonesia (under the PDP Law), we will try our best to fulfil requests for data correction or deletion within the legally required 72-hour window upon successful identity verification.

7. Children’s Privacy

CollectiveSplit is a general utility app and is not directed at children. You must be at least 13 years old to use our service. We do not knowingly collect personal information from minors. If we discover that a child under 13 has provided us with personal information, we will delete it immediately.

8. Contact Us

If you have questions regarding this Privacy Policy or wish to exercise your data rights, please contact us at: