← Back to Splitsie

Privacy Policy

Last updated: May 31, 2026

Welcome to Splitsie. Novendum Holding B.V. ("we", "us") respects your privacy and handles personal data with care. This privacy policy explains which data we process, why we process it, how long we keep it, and what rights you have.

1. Who is responsible?

Controller: Novendum Holding B.V.
Email (privacy): privacy@splitsie.ai
Email (legal): legal@splitsie.ai
Address: Novendum Holding B.V., Oude Apeldoornseweg 45 067, 7333 NR Apeldoorn

Splitsie is an application that lets you scan receipts and split costs.

2. What data do we process?

2.1 Data you provide

• Profile data: name, preferred currency, and (optional) payment platform handles you enter.
• Receipt and transaction data: photos, images or PDF documents of receipts you upload and the extracted data (items, amounts, VAT, date, merchant).
• Usage and sessions: split sessions you create, pots/groups, assignments per person/item, chat assignment prompts, and export/share actions.
• Account data (if logged in): email address, authentication sessions, and device identifiers for login/security.
• Profile and business data: optional profile avatar, company name, VAT number, billing address, payment handle and preferred currency.
• Billing metadata: subscription tier, provider, status, customer/subscription identifiers and entitlement usage. We do not store full payment card details.

2.2 Automatically collected data

• Anonymous client ID: a randomly generated identifier stored locally to support usage limits and subscription tiers.
• Technical data: device/browser type, access times, request metadata, and diagnostic data for security and troubleshooting (where available).

3. Why do we process your data?

We process data for:

• Service delivery: receipt processing, splitting, calculations, exports, and sharing.
• Subscriptions and limits: managing tiers, scan limits, and abuse prevention.
• Security and reliability: protection against fraud, outages, and misuse.
• Service messages: functional communications (e.g. updates or important changes).
• Analytics/marketing: only if you explicitly grant consent via the consent settings/banner and only when such providers are configured.

4. Legal basis (GDPR)

We process personal data based on:

• Performance of a contract (Art. 6(1)(b) GDPR): to provide Splitsie to you.
• Legitimate interest (Art. 6(1)(f) GDPR): security, fraud prevention, product improvement (minimal impact).
• Consent (Art. 6(1)(a) GDPR): for non-essential analytics/marketing. You can withdraw consent at any time.

5. Storage: local and server-side

5.1 Local storage

Splitsie can store data in your browser (localStorage), including:

• split sessions and history;
• profile settings;
• consent preferences.

You can remove this data by clearing app data in your browser.

5.2 Server-side storage

We store server-side data to enable accounts, sync, and subscriptions:

• account data: email address, authentication sessions, and device identifiers (login/security);
• synced data (if logged in): sessions, events, and profile settings;
• subscription entitlements and scan usage for tier enforcement;
• AI job metadata, temporary input while jobs are queued/running/retrying, and sanitized results where needed for processing and export/delete support;
• receipt images/documents for Business tier users (stored in Cloudflare R2).

We do not store full payment card details.

6. Receipt images and AI processing

Receipt images and PDFs are processed to extract transaction data. This processing may (in part) be performed by Google Gemini or another configured AI service. Assignment chat can send the command, receipt items and existing assignment context to the AI service.

When async AI jobs are used, receipt input may be stored temporarily while a job is queued, running or retrying. After a receipt job reaches a terminal state, base64 receipt input is removed from the job input and replaced with metadata. AI job records are removed based on the configured retention period.

For Business tier users, receipt images/documents can be stored in Cloudflare R2 so they can be reopened from web or native. For other tiers, uploaded receipt input is used for extraction and is not stored as a permanent receipt file in R2.

7. Security

We take appropriate technical and organizational measures, including:

• encrypted connections (HTTPS);
• secure storage of server-side data;
• access controls and monitoring;
• periodic updates and security improvements.

No system is 100% secure; we continuously improve our measures based on risks.

8. Third parties (processors) and recipients

We use third parties for:

• Google Gemini AI: processing receipt images and extracting data.
• Cloudflare R2: storage of receipt images/documents for Business tier users.
• Heroku and Heroku Postgres: backend hosting and database storage.
• Vercel: web frontend hosting.
• Brevo (Sendinblue): sending magic link authentication emails.
• Stripe: payment processing for web subscriptions.
• RevenueCat, Apple and Google: mobile subscription processing if and when in-app purchases are enabled.
• Analytics providers: only after your consent and only when configured.

Where required, we enter into data processing agreements or similar contractual arrangements.

9. International transfers

Data may be processed outside the European Economic Area (EEA), for example in the United States. We apply appropriate safeguards such as EU Standard Contractual Clauses (SCCs) and additional measures where needed.

10. Retention periods

• Local data: stored in your browser until you delete it.
• Server-side data: account and sync data is retained while your account is active, or until you request deletion.
• Receipt images/documents (Business tier): stored in Cloudflare R2 and removed based on configured retention. Soft-deleted files are permanently removed after a retention window.
• AI jobs: retained for the configured AI job retention period; terminal receipt jobs do not retain base64 input.
• Billing records: subscription and payment-provider metadata may be retained where required for accounting, fraud prevention, dispute handling or legal obligations.

The current retention configuration is exposed in the app privacy/account view where available. Operational retention depends on the configured scheduler/cleanup mechanism.

11. Your rights

Under the GDPR you have the right to:

• access;
• rectification;
• erasure (including local deletion via your browser);
• restriction of processing;
• objection (especially to processing based on legitimate interest);
• data portability (where relevant; export feature in Splitsie).

You can withdraw consent for analytics/marketing at any time via settings/profile (if available).

If you are logged in, Splitsie provides account export and account deletion controls in the profile/privacy section. Account deletion removes app data and user-linked AI jobs where supported by the service; some billing or legal records may remain where required by law or payment-provider rules.

12. Complaints

You can file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we handle your data incorrectly.

13. Children

Splitsie is not intended for users under 16 years of age. We do not knowingly collect data from children.

14. Changes

We may update this policy. For important changes we update the date above and may additionally communicate them in the app.

15. Contact

Questions or requests about privacy: privacy@splitsie.ai

Legal questions: legal@splitsie.ai

---

© 2026 Splitsie. All rights reserved.