Back to Home

Privacy Policy

Last updated: December 2, 2025

1. Data Controller

SplitFast ("we," "our," or "us") operates the SplitFast Telegram Mini-App.

We aim to comply with applicable data protection laws including GDPR.

Contact: @splitfast

You may exercise any of your privacy rights by contacting us through the channel above.

2. Personal Data We Collect

We collect the following categories of personal data:

2.1 Account Information (from Telegram)

When you use SplitFast, Telegram provides us with:

  • Telegram user ID
  • First name and last name
  • Username (if set)
  • Profile photo URL
  • Language preference
  • Telegram Premium status

2.2 Group Information

  • Telegram group/chat ID
  • Group name
  • List of group members who use SplitFast

2.3 Financial Data You Create

  • Expense descriptions and amounts
  • Split information (who owes what)
  • Settlement records
  • Currency preferences

2.4 Payment Methods (Optional)

If you add settlement methods, we store:

  • Payment method type (bank, PayPal, Revolut, etc.)
  • Account details you provide

Note: This information is shared with your group members when they settle debts with you.

2.5 Technical Data

We automatically collect certain technical information:

  • IP addresses
  • Request timestamps
  • HTTP request data (headers, user agent)
  • Error logs and diagnostic information

This data is used for security, debugging, and service improvement.

2.6 Receipt Images (Premium Feature)

If you use receipt scanning:

  • Receipt images are stored on our servers
  • Extracted data: store name, items, prices, totals
  • Images remain accessible to view attached receipts

3. How We Use Your Data

Purpose Legal Basis (GDPR)
Provide expense tracking and splitting services Contract performance (Art. 6(1)(b))
Calculate balances between group members Contract performance (Art. 6(1)(b))
Process receipt images to extract expense data Contract performance (Art. 6(1)(b))
Send notifications about expenses (if enabled) Legitimate interest (Art. 6(1)(f))
Process premium subscriptions via Telegram Stars Contract performance (Art. 6(1)(b))
Improve our services and fix bugs Legitimate interest (Art. 6(1)(f))
Security and abuse prevention Legitimate interest (Art. 6(1)(f))
Comply with legal obligations Legal obligation (Art. 6(1)(c))

4. Cookies and Tracking

SplitFast currently does not use:

  • Browser cookies
  • Third-party tracking pixels
  • Analytics services (Google Analytics, etc.)

If we implement any of these in the future, we will update this policy and obtain consent where required by law.

5. Third-Party Services

We use the following third-party services to provide our functionality:

5.1 Telegram

SplitFast operates as a Telegram Mini-App. All authentication is handled by Telegram. See Telegram's Privacy Policy.

5.2 Image Processing (Receipt Scanning)

When you scan a receipt, the image is processed by Google's AI services. See Google's Privacy Policy.

5.3 Exchange Rate APIs

We use third-party APIs to obtain currency exchange rates. These requests do not include personal data.

5.4 Cloud Storage

Receipt images and application data are stored on DigitalOcean infrastructure in the European Union (Frankfurt, Germany).

6. Data Retention

Data Type Retention Period
Account data Retained while your account is active
Expenses and settlements Retained until you delete them or delete your account
Receipt images Retained with associated expenses until deleted
Technical logs Retained for a reasonable period for security and debugging
Deleted account data Permanently removed within 30 days of deletion request

7. Data Sharing

We share your data only in these circumstances:

  • With group members: Expenses, splits, and balances are visible to members of the same group
  • Settlement methods: Your payment details are shown to group members who owe you money
  • Infrastructure providers: Our hosting and cloud service providers process data under contract
  • Service providers: As described in Section 5 (third-party services)
  • Legal requirements: If required by law, valid legal process, or to protect our rights

We do not sell your personal data.

8. International Data Transfers

Our primary data storage is in the European Union (Frankfurt, Germany). However, your data may be transferred to:

  • European Union: Primary data storage (DigitalOcean Frankfurt)
  • United States: Google Cloud services for image processing

For transfers outside the EU/EEA, we rely on appropriate safeguards including EU Standard Contractual Clauses (SCCs).

9. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the following rights:

  • Access (Art. 15): Request a copy of your personal data
  • Rectification (Art. 16): Request correction of inaccurate data
  • Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
  • Restriction (Art. 18): Request limitation of processing
  • Portability (Art. 20): Receive your data in a structured, machine-readable format
  • Object (Art. 21): Object to processing based on legitimate interests
  • Withdraw consent (Art. 7): Where processing is based on consent, you may withdraw at any time

To exercise these rights, contact us at @splitfast on Telegram.

10. Account Deletion

You can request deletion of your account and associated data at any time:

  • Contact us at @splitfast on Telegram
  • Specify that you want your account and data deleted
  • We will process your request within 30 days
  • Some data may be retained if required by law

Note: Deleting your account will remove your personal data but may not remove you from group expense records where other users have recorded expenses involving you.

11. Right to Complain

If you believe we have not handled your data correctly, you have the right to lodge a complaint with a supervisory authority.

For users in Germany, the relevant authority is the Federal Commissioner for Data Protection and Freedom of Information (BfDI).

12. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption of data in transit (HTTPS/TLS)
  • Secure database storage with access controls
  • Regular security updates and vulnerability assessments
  • Limited access to production data
  • Secure authentication via Telegram's verification mechanism

While we take reasonable precautions, no method of transmission or storage is 100% secure.

13. Children's Privacy

SplitFast is not intended for children under 16. We do not knowingly collect personal data from children under 16.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the app or website.

Continued use of SplitFast after changes constitutes acceptance of the updated policy.

15. Contact Us

For questions about this Privacy Policy or to exercise your data rights:

Telegram: @splitfast