Privacy Policy

1. Overview

Plit ("we," "us," or "our") is a mobile application that helps you split bills and track shared expenses. We take your privacy seriously. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your personal data.

By using Plit, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the app.

2. Data We Collect

2.1 Account Information

When you create an account, we collect:

• Email address
• Display name
• Profile handle (@username)
• Profile photo (if you upload one)
• Phone number (optional, used for contact matching)

You may sign in using Apple Sign-In or Google Sign-In. In those cases, we receive only what those providers share with us (typically your name and email).

2.2 Receipt & Spending Data

When you save receipts to your account, we store:

• Merchant name, date, and time
• Line items, prices, tax, and tip
• Total amount and currency
• Spending category and tags you assign
• Bill split assignments (who owes what)

Receipt photos are never stored on our servers. Photos are processed locally and sent directly to Google's Gemini AI for text extraction only; they are not retained after processing. See Section 6 for details.

2.3 Usage Data

We may collect standard app analytics such as:

• App version and device type (iOS/Android)
• Feature usage patterns (e.g., how often AI scanning is used)
• Crash reports and error logs

2.4 Device Permissions

Plit may request the following device permissions:

• Camera — to scan receipts
• Photo Library — to choose existing receipt photos
• Contacts — to find friends already using Plit (phone numbers are hashed and never stored in plaintext)
• Notifications — to alert you when someone shares a receipt with you

You can revoke any permission at any time in your device's Settings app.

3. How We Use Your Data

We use the data we collect to:

• Provide and improve the Plit app experience
• Sync your receipts and spending data across devices
• Enable sharing receipts with friends via @handles
• Power spending insights and category analytics
• Send you push notifications when receipts are shared with you
• Process subscription payments through Apple or Google
• Respond to support requests
• Detect and prevent fraud or abuse

We do not sell your personal data to third parties. We do not use your receipt data for advertising purposes.

4. Third-Party Services

Plit uses the following third-party services. Each has its own privacy policy.

4.1 Supabase

We use Supabase for backend infrastructure, including authentication and database storage. Your account and receipt data is stored on Supabase's servers. Supabase is SOC 2 Type II compliant.

4.2 Google Gemini AI

When you scan a receipt, the photo is sent to Google's Gemini AI API for text extraction. The image is processed in real time and is not retained by Google for training purposes under the API terms. No photo is stored on our servers.

4.3 RevenueCat

Subscriptions are managed through RevenueCat. RevenueCat processes your subscription status (active/expired plan type). Payment processing itself is handled by Apple (App Store) or Google (Play Store) — we never receive or store your payment card details.

4.4 Apple & Google Sign-In

If you use Apple Sign-In or Google Sign-In, those providers handle authentication. We receive only a user identifier and, if you choose to share it, your name and email address. Refer to Apple's Privacy Policy and Google's Privacy Policy.

4.5 Push Notifications

Push notifications are delivered through Apple Push Notification Service (APNs) and Firebase Cloud Messaging (FCM). Device tokens are stored securely and used only to deliver notifications relevant to your account.

5. Data Storage & Security

Your data is stored on servers in the United States (Supabase, US-East region). We use HTTPS/TLS for all data in transit. Data at rest is encrypted using AES-256.

We implement reasonable technical and organizational measures to protect your data. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. Receipt Photos & AI Processing

This section is especially important because it directly addresses photos you take of receipts.

• Photos are never stored on our servers. The image stays on your device until you initiate a scan.
• When you tap "Scan," the photo is sent directly from your device to Google Gemini's API over a secure HTTPS connection.
• Google processes the image to extract text (items, prices, merchant name, date). The image is not retained after processing under the API's data usage terms.
• Only the extracted structured data (item names, prices, etc.) is sent to our servers — never the raw image.

7. Sharing & Disclosure

We share your data only in these limited circumstances:

• With friends you add — When you share a receipt with a friend's @handle, they see the split breakdown. They do not see your full transaction history.
• Business teammates — If you belong to a Plit Business, your submitted receipts are visible to the business owner and managers.
• Service providers — As described in Section 4, with Supabase, Google, RevenueCat, Apple, and Google for operational purposes only.
• Legal requirements — If required by law, court order, or to protect the rights and safety of Plit or its users.
• Business transfers — In the event of a merger or acquisition, user data may be transferred as part of business assets. We will notify you in advance.

8. Your Rights

Depending on your location, you may have the following rights:

• Access — Request a copy of the personal data we hold about you.
• Correction — Request that inaccurate data be corrected.
• Deletion — Request deletion of your account and associated data. You can delete your account directly in the app under Account → Delete Account.
• Portability — Request your data in a portable format.
• Objection / Restriction — Object to or restrict certain processing of your data.
• Withdraw consent — Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at privacy@plitapp.com. We will respond within 30 days.

California residents (CCPA): You have the right to know what personal information we collect, to request deletion, and to opt out of the sale of your data (we do not sell your data). Contact us at privacy@plitapp.com.

EU/EEA residents (GDPR): Your data is processed based on legitimate interest (providing the service you requested) and, where applicable, your consent. You have the right to lodge a complaint with your local data protection authority.

9. Children's Privacy

Plit is not directed to children under 13 years of age (or under 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at privacy@plitapp.com and we will promptly delete such data.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify you via an in-app notification or email. Your continued use of Plit after changes are posted constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

• Email: privacy@plitapp.com
• Support: plitapp.com/support