Privacy Policy

1. Introduction

Plit ("we", "our", or "us") is operated by Hlib Martynenko. This Privacy Policy explains how we collect, use, and protect your information when you use the Plit mobile application and website (collectively, the "Service").

By using Plit, you agree to the collection and use of information as described in this policy.

2. Information We Collect

Information you provide directly

• Name — your first and last name for your profile
• Email address — used for account creation and authentication
• Phone number — optionally provided for your profile, also used to invite friends
• Profile photo — optionally uploaded for your account
• Business information — optional name, description, and logo when you create or join a business workspace
• Vehicle information — when you use the mileage tracking feature, you may enter your vehicle's nickname, type, license plate, fuel type, and mileage rate

Information collected automatically

• User ID — a unique identifier assigned to your account
• Device identifiers — push notification tokens (Expo Push) tied to your device for delivering alerts
• Purchase history — your subscription status and purchase records via RevenueCat
• Receipt photos — when you grant camera or photo library access to scan receipts, captured or selected images are sent to Google Gemini for OCR and stored securely in your account for future access
• Expense data — receipts, amounts, categories, splits, folders, notes, and labels you create
• Bank account data — when you connect a bank or card through Plaid, we receive and store account information (account name, type, mask, balance, currency, institution) and transactions (merchant name, amount, date, category) to power spending insights, subscription detection, and per-card analytics. We never receive your full card number, expiration date, or CVV. You can disconnect at any time, which deletes the associated data
• Card preferences — your chosen card designs, display order, and which cards you've hidden from your home screen
• Location data (mileage tracking only) — when you enable mileage tracking (either by manually starting a trip or by turning on auto-tracking), we collect precise GPS coordinates in the foreground and, if you grant background location permission, while the App is in the background. This data is used solely to record your trips (start and end coordinates, route points, distance, and duration) for personal or business mileage logging. Location data is stored linked to your account on our servers and is never shared with advertisers, data brokers, or third parties. You can stop collection at any time by ending the active trip or disabling location permission in iOS Settings
• Contacts — accessed only to find friends who use Plit; phone numbers are hashed locally on your device and only the hashes are matched on our servers against registered profiles. We do not store raw phone numbers from your address book
• Push notification tokens — a unique device-level token used to send you alerts about group expenses, payment requests, friend activity, and mileage trip events. You can revoke this by disabling notifications in iOS Settings
• Diagnostic information — when the App crashes or encounters an error, we collect technical details (app version, operating system version, device model, anonymized stack trace, and a crash reference ID) via Sentry to identify and fix issues
• Performance data — anonymized application performance metrics (load times, request durations) collected via Sentry sampling, used to improve app responsiveness
• Support communications — when you contact us via the in-app Send Feedback or Report a Bug buttons, we pre-fill the email with diagnostic information (app version, OS version, device model, your user ID, and where applicable a crash reference ID) so we can troubleshoot. You can review and remove this before sending
• AI interactions — when you use AI-powered features (receipt OCR, spending insights, smart summaries, financial chat), we send aggregated spending data and your conversation history to Google Gemini. We do not send personally identifying details such as your name, email, or full bank account numbers

3. How We Use Your Information

We use the information we collect to:

• Create and manage your account
• Provide bill splitting and expense tracking features
• Scan and process receipts using AI (Google Gemini)
• Connect to your bank accounts and display transactions, balances, and subscription detection (via Plaid)
• Record and calculate mileage for personal or business trips (foreground and optional background GPS)
• Generate personalized spending insights and AI summaries
• Find friends who use Plit via your contacts
• Process and manage your subscription
• Send important notifications about your account via push notifications and email
• Improve app performance, diagnose crashes, and fix issues
• Respond to your support requests

We do not use your data for advertising, sell it to third parties, share it with data brokers, or use it for cross-app or cross-website tracking purposes.

4. Legal Basis for Processing (EU/UK Users)

If you are located in the European Economic Area or the United Kingdom, we process your personal data on the following legal bases:

• Contract performance — to provide the services you sign up for (account creation, expense tracking, bank integration, AI features, mileage tracking)
• Legitimate interests — to keep the App secure, prevent fraud, fix bugs, and improve our services
• Consent — for optional features such as access to your contacts, camera, photo library, location (including background location for mileage tracking), and push notifications. You can withdraw consent at any time in your device settings
• Legal obligation — when required to comply with applicable law

5. Third-Party Services

Plit uses the following third-party services that may process your data:

Plaid is a regulated data processor and additionally subject to its End User Privacy Policy. Location data collected via the mileage tracking feature is processed only by our own infrastructure (Supabase) and is not shared with any of the third parties listed above.

6. Data Storage and Security

Your data is stored securely on Supabase infrastructure. We implement industry-standard security measures including:

• Encryption in transit — all data is transmitted over HTTPS (TLS)
• Encryption at rest — database storage is encrypted
• Row-Level Security (RLS) — Postgres policies enforce that you can only access your own data. In business workspaces, only authorized members (with the appropriate role) can access shared records. Bank account data and mileage trip data are strictly limited to the user who collected them — other workspace members cannot view them
• Vault encryption — bank access tokens are encrypted with pgsodium and never exposed to the client

No method of transmission or storage is 100% secure, but we take all reasonable steps to protect your information.

7. Data Retention

We retain your data for as long as your account is active. When you delete your account:

• Your profile, expenses, receipts, bank connections, mileage trips, location history, and personal data are permanently deleted within 30 days
• Aggregated, anonymized data may be retained for analytics and product improvement
• Backups containing your data are purged within 90 days
• We may retain limited information for legal compliance (e.g., financial records required by tax law) for the period required by applicable regulations

You may delete your account at any time from Account → Delete Account within the App. Individual data — such as a connected bank account or recorded trips — can be deleted independently without removing your account.

8. International Data Transfers

Plit operates globally and your data may be transferred to and processed in countries other than your own, including the United States and the European Union, where our service providers operate. We rely on Standard Contractual Clauses (SCCs) and other lawful transfer mechanisms to ensure your data receives an equivalent level of protection regardless of where it is processed.

9. Your Rights

You have the right to:

• Access — request a copy of your personal data
• Correct — update inaccurate or incomplete information directly in the App or by contacting us
• Delete — delete your account and associated data
• Export — receive your data in a portable format (CSV/PDF)
• Withdraw consent — at any time for processing based on consent (e.g., disable contacts access, photo library access, location, or push notifications in iOS Settings)
• Object — to processing of your personal data based on our legitimate interests
• Lodge a complaint — with your local data protection authority if you believe your rights have been violated

To exercise these rights, contact us at: support@plitapp.com

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• The right to know what personal information we collect, use, and share
• The right to request deletion of your personal information
• The right to opt-out of the sale of personal information (we do not sell personal information)
• The right to non-discrimination for exercising your CCPA rights

To exercise these rights, contact us at support@plitapp.com. We will verify your identity before responding to your request.

11. Children's Privacy

Plit is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we discover that we have collected such information, we will delete it promptly. Parents or guardians who believe their child has provided us with personal information may contact us at support@plitapp.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via the App or by email. Continued use of the App after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

• Email: support@plitapp.com
• Operator: Hlib Martynenko
• Website: plitapp.com