Privacy

Privacy Notice

Last updated: 2026-05-17

Split Pay is a tool for splitting trip expenses between friends. This notice explains what data we handle, why, and your rights under the EU General Data Protection Regulation (GDPR).

Who we are

Split Pay is operated as a sole-operator project by Pavel Borokh, the data controller under GDPR.

For privacy questions, data access requests, or complaints, contact: support@rijnsoft.com

What data we process

Account data (organizers)

When you sign in to create or manage a shared expense, we store your email address, your display name, authentication tokens (session cookies), and basic device / IP information collected by our auth provider for security purposes. Our auth provider, Clerk, manages this data on our behalf — see Sub-processors below.

Shared-expense data

When you use the app, we store:

This is stored in our database hosted on Render in Frankfurt, Germany (EU).

Account metering and trial

To enforce our free-trial OCR limit and provide basic operational insight, we keep a small internal record per signed-in account: your email and display name (denormalized from Clerk so we can search them in the admin tools), your trial start date, your scan count, and a per-scan log noting the time, the bill the scan was for (if any), and whether the scan was allowed or rejected. This data is hosted on Render in Frankfurt, Germany, alongside the rest of your shared-expense data, and is deleted when you delete your account.

OCR processing

When you scan a receipt, the image is sent to Microsoft Azure Document Intelligencein the Germany West Central region (Frankfurt) for line-item extraction. Azure's prebuilt-receipt model is stateless — Microsoft does not retain the image or train models on it. Receipt data never leaves the EU.

Payment requests

Split Pay does not currently process payments. The app generates a plain payment-request link with the amount and a short description, which you share with the participant via your preferred channel (chat, email, etc.). The actual transfer happens through whatever payment service you and the other person already use — we never see, store, or transmit card numbers, IBANs, or any payment credentials.

We may add an integrated payment processor (such as Mollie B.V.) at a later stage. If we do, this notice will be updated to describe what data is shared with that provider, where it is processed, and how it is retained, before the integration goes live.

Cookies and local storage

We use no analytics, no advertising trackers, and no third-party fingerprinting.

Why we process it (legal basis)

We do not sell, rent, or trade your data with any party.

Sub-processors

Sub-processorPurposeLocationTransfer mechanism
Clerk Inc.Authentication, session managementUnited StatesEU–US Data Privacy Framework + SCCs
Microsoft Azure (Document Intelligence)Receipt OCR — image processingGermany West CentralEU residency, no transfer
Render Services, Inc.App and database hostingFrankfurt, GermanyEU residency for application data

How long we keep your data

Your rights

Under GDPR you have the right to:

We respond to requests within 30 days.

Children

Split Pay is not directed at children under 16. Please don't sign up if you're under 16.

Changes to this notice

If we add a sub-processor, change retention, or materially update how we handle data, we'll update the Last updated date above and notify signed-in users by email for material changes.