No data selling
Your data is never sold or shared with advertisers.
No tracking SDKs
Zero advertising or cross-app tracking frameworks.
On-device OCR
Receipt scanning runs entirely on your device.
Account deletion
Delete your account and data anytime, in-app.
1. Overview
CoinSplit ("we," "our," or "us") is a multi-currency expense splitting application for iOS developed and operated by CoinSplit. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use the CoinSplit app and website at coinsplit.ai.
By using CoinSplit, you agree to the practices described in this policy. If you do not agree, please do not use the app.
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Name — to identify you to other split members
- Email address — for authentication and account notifications
- Authentication tokens — Apple or Google OAuth tokens when you use social sign-in (we receive only the sub-identifier and profile info Apple/Google choose to share)
- Password hash — if you use email/password sign-in (bcrypt, never stored in plaintext)
2.2 Expense & Financial Data
To provide the service, we store:
| Data | Purpose | Retention |
|---|---|---|
| Expense amounts (original + base currency) | Balance calculation, settlement | Until account deletion |
| Expense descriptions and categories | Splitting and history display | Until account deletion |
| Split memberships and roles | Access control | Until removed from split |
| Settlement records | Audit trail, dispute resolution | Until account deletion |
| Exchange rates (date-locked) | Multi-currency conversion | Permanent (market data) |
2.3 Receipt Images
If you choose to attach a receipt photo to an expense, the image is uploaded to Cloudflare R2 (our object storage) via a presigned URL. Receipt images are:
- Stored in Cloudflare R2 in the region you're served from
- Accessed only by members of the same split
- Deleted when you delete the associated expense or your account
2.4 Device & Notification Tokens
To send push notifications, we store your Apple Push Notification service (APNs) device token on our servers. This token is:
- Used exclusively to send you in-app notifications (settlement confirmations, expense additions)
- Not used for advertising or cross-app tracking
- Deleted when you disable notifications or delete your account
2.5 User Preferences
We store your preferences (timezone, display language, preferred currency, notification settings) to provide a personalized experience. These are stored server-side to sync across devices.
2.6 Technical Logs
Our servers generate standard web server logs containing IP addresses, request timestamps, and HTTP status codes. These are used for debugging and security monitoring and are automatically purged after 30 days.
3. How We Use Your Information
We use your information only to:
- Provide, maintain, and improve the CoinSplit service
- Authenticate your identity and protect your account
- Calculate and display expense balances and settlements
- Send transactional push notifications about your splits (you can turn these off)
- Respond to support requests
- Detect and prevent fraud or abuse
- Comply with legal obligations
4. Data Storage & Security
4.1 Server Storage
Your data is stored in a PostgreSQL database hosted on secure infrastructure. Database connections use TLS. At-rest encryption is enabled at the storage volume level.
4.2 Receipt Images
Receipt images are stored in Cloudflare R2. Access is controlled via presigned URLs with short expiry windows. Images are never publicly listed or indexed.
4.3 On-Device Storage
The iOS app caches your data locally in a SQLite database (via GRDB) for offline access. Authentication tokens are stored in the iOS Keychain with kSecAttrAccessibleWhenUnlockedThisDeviceOnly access level — tokens cannot leave your device and are not backed up to iCloud.
4.4 Security Practices
- All API communication uses HTTPS (TLS 1.2+)
- Authentication uses short-lived JWT access tokens with refresh token rotation
- Passwords are hashed with bcrypt (cost factor 12+)
- Financial records use soft-delete — data is never hard-deleted until account removal
- We conduct periodic security reviews using Brakeman (static analysis)
5. Third-Party Services
CoinSplit uses the following third-party services. We do not use advertising networks, analytics SDKs, or data brokers.
| Service | Purpose | Data shared |
|---|---|---|
| Apple Sign In | Optional social authentication | Sub-identifier, name, email (if user consents) |
| Google Sign In | Optional social authentication | Google account ID, name, email |
| Apple Vision | On-device receipt OCR | None — runs entirely on-device |
| Apple Push Notification service | Push notifications | Device token, notification payload |
| OpenExchangeRates API | Currency exchange rate data | None — we query rates, no user data sent |
| Cloudflare R2 | Receipt image storage | Receipt images (only when user attaches one) |
We do not integrate Facebook, TikTok, Firebase Analytics, Amplitude, Mixpanel, Segment, or any other behavioral analytics or advertising platform.
5.1 AI / LLM Processing
When you use the AI receipt parsing feature, the extracted text (from on-device OCR) may be sent to a server-side LLM API for structured parsing. Raw images are never sent to LLM providers — only the OCR-extracted text. This feature can be used without the AI parsing step (manual entry is always available).
6. On-Device Processing
CoinSplit prioritizes on-device processing wherever possible:
- Receipt OCR: Apple Vision framework — runs locally, no network call
- Speech recognition: SFSpeechRecognizer — expense dictation processed on-device for supported locales
- Biometric authentication: Face ID / Touch ID via LocalAuthentication — biometric data never leaves your device
- Local database: GRDB/SQLite cache — fully accessible offline
7. Your Rights
You have the following rights regarding your personal data:
7.1 Access
You can view all your account information and expense data within the app at any time. For a structured data export, email [email protected].
7.2 Correction
You can update your name, email, and preferences in the Profile section of the app.
7.3 Deletion (Right to Erasure)
You can delete your account by going to Profile → Account → Delete Account. This initiates a 30-day deletion window after which all personally identifiable information is permanently removed from our systems.
Shared expense records are retained in anonymized form to preserve the integrity of other members' financial records. Your identifiers are replaced with "Deleted User."
7.4 Portability
You can request a machine-readable export of your data (JSON format) by emailing [email protected]. We will respond within 5 business days.
7.5 Objection / Restriction
You can disable push notifications in iOS Settings or within the app at any time. This does not affect your ability to use CoinSplit.
7.6 Exercising Your Rights
For any privacy-related request, email [email protected]. We will respond within 30 days (14 days for GDPR-covered individuals).
8. Children's Privacy
CoinSplit is not directed to children under the age of 13 (or 16 in the EU/UK). We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under the applicable age limit, we will delete that information promptly.
If you believe a child has provided us with personal information, please contact [email protected].
9. GDPR (EU / UK Users)
If you are located in the European Economic Area (EEA) or United Kingdom, CoinSplit processes your personal data under the following legal bases:
- Contract performance — Processing your account, expense, and settlement data to provide the service you signed up for (Article 6(1)(b) GDPR)
- Legitimate interests — Security monitoring, fraud prevention, and technical server logs (Article 6(1)(f) GDPR)
- Consent — Push notifications (you can withdraw at any time)
- Legal obligation — Compliance with applicable law
You have the right to lodge a complaint with your local supervisory authority. A list of EEA supervisory authorities is available at edpb.europa.eu.
Data transfers: Your data may be processed in the United States and other countries where our service providers operate. We rely on Standard Contractual Clauses (SCCs) as the legal mechanism for such transfers.
10. CCPA (California Residents)
Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the following rights:
- Right to Know — You can request disclosure of the categories and specific pieces of personal information we have collected about you
- Right to Delete — You can request deletion of your personal information (subject to certain exceptions)
- Right to Correct — You can request correction of inaccurate personal information
- Right to Opt-Out of Sale or Sharing — We do not sell or share personal information for cross-context behavioral advertising. No opt-out needed.
- Right to Non-Discrimination — We will not discriminate against you for exercising any of these rights
To exercise these rights, email [email protected] with the subject line "CCPA Request." We will verify your identity before responding.
CoinSplit does not sell personal information to third parties. We do not use personal information for cross-context behavioral advertising.
11. Policy Changes
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Send a push notification to active app users
- Display a notice in the app at next launch
We encourage you to review this policy periodically. Continued use of CoinSplit after a change constitutes acceptance of the updated policy.
12. Contact Us
For privacy-related questions, data requests, or to report a concern:
Email: [email protected]
Support: [email protected]
Website: coinsplit.ai
We aim to acknowledge all privacy requests within 5 business days and resolve them within 30 days.