splits

Privacy Policy

Last updated: 2026-05-18.

The summary below is the plain-language version. For the full, formal policy — including data-subject rights, international transfers, and our retention schedule — see the Privacy Policy PDF (download).

What we collect

When you sign up, we collect your email, a phone number, your chosen display name, and optionally a Venmo handle and Cash App handle so we can deep-link you to those apps at settle time. We don't store payment-method details (card or bank numbers) ourselves.

Phone numbers and SMS

We use your phone number to verify it's really you signing up (a 6-digit code sent via SMS) and for security-only messages afterward — sign-in challenges, suspicious-activity alerts. We do not send marketing texts. The phone-verification SMS is delivered by Twilio, which acts as our sub-processor; Twilio receives the destination phone number and the verification code to deliver the message and discards them per its standard retention.

Plaid data handling

Linking a bank routes you through Plaid. After a successful link, we receive an access token from Plaid (not your credentials) and store it encrypted at rest (AES-256-GCM). We use this token to:

  • List your bank accounts and balances.
  • Fetch transactions via Plaid's /transactions/sync endpoint.

We do not share your transaction data with third parties. We do not sell your data. You can disconnect a bank at any time from Settings — this invalidates the access token at Plaid and deletes the corresponding accounts and transactions from our database.

Friends and ledger entries

When you split a bill with a friend, both of you can see the resulting ledger entries (you owe / you're owed). The original transaction merchant name appears alongside each split. The full bank transaction (amount, date, raw Plaid record) is visible only to the bank's owner.

Email and push notifications

We send transactional emails for friend requests, splits, and payments. You can disable them in Settings. Push notifications are opt-in and per device.

Analytics

We use PostHog to understand product usage (events like bank_linked, rule_created). We use Sentry to catch errors. Both can be configured off — see our open-source repo for details.

Data retention

We keep your data only as long as your account is active or as required to operate the service. For the full category-by-category schedule, see our Data Retention and Disposal Policy (PDF). Concrete periods:

  • Profile, friendships, splits, ledger entries, notifications: retained while your account is active; purged within 7 days of account deletion.
  • Plaid items, accounts, transactions: retained while the bank is linked. When you remove a bank or delete your account, we revoke the Plaid access token immediately and delete the local rows.
  • Operational logs (Vercel, Supabase): rolling 30-day window.
  • Database backups: 30-day point-in-time recovery window, after which copies expire.

Your rights

You can delete your account at any time from Settings → Danger zone. Deletion revokes Plaid access immediately and removes your profile, friendships, plaid items, accounts, transactions, rules, participants, ledger entries, notifications, and push subscriptions. If you prefer, email privacy@splitshq.com and we will process the same deletion, or send a copy of your data.

Security

Our security and vulnerability-management practices, including how to report a security issue, are documented on our Security page.