Privacy Notice
Last updated: 2026-05-17
Split Pay is a tool for splitting trip expenses between friends. This notice explains what data we handle, why, and your rights under the EU General Data Protection Regulation (GDPR).
Who we are
Split Pay is operated as a sole-operator project by Pavel Borokh, the data controller under GDPR.
For privacy questions, data access requests, or complaints, contact: support@rijnsoft.com
What data we process
Account data (organizers)
When you sign in to create or manage a shared expense, we store your email address, your display name, authentication tokens (session cookies), and basic device / IP information collected by our auth provider for security purposes. Our auth provider, Clerk, manages this data on our behalf — see Sub-processors below.
Shared-expense data
When you use the app, we store:
- Shared-expense names and participant lists
- Receipt images you upload
- Extracted line items (name, quantity, price)
- Claim assignments (who took which item)
- "Done" and "paid" markers
This is stored in our database hosted on Render in Frankfurt, Germany (EU).
Account metering and trial
To enforce our free-trial OCR limit and provide basic operational insight, we keep a small internal record per signed-in account: your email and display name (denormalized from Clerk so we can search them in the admin tools), your trial start date, your scan count, and a per-scan log noting the time, the bill the scan was for (if any), and whether the scan was allowed or rejected. This data is hosted on Render in Frankfurt, Germany, alongside the rest of your shared-expense data, and is deleted when you delete your account.
OCR processing
When you scan a receipt, the image is sent to Microsoft Azure Document Intelligencein the Germany West Central region (Frankfurt) for line-item extraction. Azure's prebuilt-receipt model is stateless — Microsoft does not retain the image or train models on it. Receipt data never leaves the EU.
Payment requests
Split Pay does not currently process payments. The app generates a plain payment-request link with the amount and a short description, which you share with the participant via your preferred channel (chat, email, etc.). The actual transfer happens through whatever payment service you and the other person already use — we never see, store, or transmit card numbers, IBANs, or any payment credentials.
We may add an integrated payment processor (such as Mollie B.V.) at a later stage. If we do, this notice will be updated to describe what data is shared with that provider, where it is processed, and how it is retained, before the integration goes live.
Cookies and local storage
- Locale cookie (
locale) — remembers your language choice. Strictly necessary; no consent required. - Clerk session cookies — required to keep you signed in.
- Visited cookie (
sp_visited) — remembers that you have used the app before so we show the right home screen. Strictly necessary; no consent required. - Browser localStorage (
my-splits) — lists shared expenses you've been invited to as an anonymous participant. This stays in your browser; it never reaches our server.
We use no analytics, no advertising trackers, and no third-party fingerprinting.
Why we process it (legal basis)
- Performance of contract— running the app you're using.
- Legitimate interest — preventing abuse and securing accounts.
We do not sell, rent, or trade your data with any party.
Sub-processors
| Sub-processor | Purpose | Location | Transfer mechanism |
|---|---|---|---|
| Clerk Inc. | Authentication, session management | United States | EU–US Data Privacy Framework + SCCs |
| Microsoft Azure (Document Intelligence) | Receipt OCR — image processing | Germany West Central | EU residency, no transfer |
| Render Services, Inc. | App and database hosting | Frankfurt, Germany | EU residency for application data |
How long we keep your data
- Account data — kept until you delete your account (Settings → Delete account).
- Shared expenses — kept until you delete the individual shared expense or your account. Settled ones are not auto-deleted — they remain in your history so you can refer back. Account deletion cascades to everything you organized.
- Receipt images — stored alongside the bill; deleted when the shared expense or account is deleted.
Your rights
Under GDPR you have the right to:
- Access your data — use Settings → Export my data for a JSON dump of your account and shared expenses.
- Correct your data — edit display name in Settings; edit contents inside each shared-expense view.
- Delete your data — Settings → Delete account removes everything we hold about you, including your Clerk record.
- Object to processing or restrict it — email us.
- Portability — the JSON export covers this.
- Lodge a complaint with the Dutch supervisory authority, Autoriteit Persoonsgegevens.
We respond to requests within 30 days.
Children
Split Pay is not directed at children under 16. Please don't sign up if you're under 16.
Changes to this notice
If we add a sub-processor, change retention, or materially update how we handle data, we'll update the Last updated date above and notify signed-in users by email for material changes.