SplitGrub
← Back to home

Privacy Policy

Effective May 26, 2026 (updated)

The short version

SplitGrub helps a group settle a bill at the end of a meal. We built it because we think handling money between friends should be ten seconds of work, not ten minutes of awkward math. Privacy is a first-order concern in how we built it, not a footnote.

  • We collect only the data we need to make the product work: the receipt, who claimed which items, and the host's contact info.
  • We never see your raw phone number. Guests on the receipt are identified by a one-way hash of their phone, never the number itself.
  • We don't process payments. When your friends pay you, the money moves through Venmo, Cash App, Zelle, PayPal, Apple Cash, or cash. We never touch it.
  • We don't sell your data. We don't run ads. We don't share your data with brokers.
  • You can ask us to delete your account at any time by emailing privacy@splitgrub.com.

The longer version below covers the formal details: what specifically we collect, who processes it on our behalf, your rights, and how to exercise them.

1. Who we are

“SplitGrub,” “we,” and “us” refer to the team building SplitGrub. The marketing website lives at splitgrub.app; the host app ships on iOS and Android in 2026.

This policy covers both the marketing site (where you may join the waitlist) and the SplitGrub app and guest-claim web experience (when the product launches).

2. What we collect

Marketing site & waitlist (today)

  • Email address, when you submit the waitlist form. We use it to send product updates, the launch announcement, and a beta invite if you opted in.
  • Beta-tester opt-in, the boolean toggle on the waitlist form.
  • Usage analytics: page views, click events, referrer, device type, country (from IP geolocation only, and we never store your IP after this), and anonymous browsing history. Collected via PostHog with input masking on so what you type into the email field is never captured.
  • Feedback submissions: anything you type into the optional pricing/feedback form, plus the email you provided.

SplitGrub app (post-launch)

  • Account identity: your email, optional display name, and an opaque token from Apple Sign In or Google Sign In if you chose either of those over email-code sign-in.
  • Receipts you scan: the photo plus the machine-extracted line items, prices, taxes, tip, total, and merchant name. Stored as long as the session is active plus a 12-month archival window.
  • Claims: which guest claimed which item, and the resulting amounts owed.
  • Payment metadata: which payment rail (Venmo, Cash App, Zelle, PayPal, Apple Cash, or cash) each guest used, whether the payment was confirmed, and your saved rail handles (so we can deep-link payments correctly). We do not store account credentials, card numbers, or balances for any rail.
  • Hashed guest phone numbers: when a guest visits a SplitGrub claim link, their phone number is one-way hashed so the same person on a future receipt can be recognized without us ever storing the raw number.
  • Device telemetry: crash logs, app version, OS version, and anonymized usage events for product analytics. Sensitive inputs (the email field, payment-rail handles) are masked.

3. How we use it

  • To make the product work: run the OCR, render the live session, route a payment-rail deep-link to the right URL.
  • To send transactional emails (sign-in codes, magic links to guests, waitlist updates).
  • To improve the product. Anonymous usage analytics tell us which features people actually use and where the experience breaks down.
  • To debug and prevent abuse. Server logs and audit-log entries let us trace problems and refuse suspicious requests.

We will not use your data to train large language models or other AI systems for our own purposes, and we will not provide your data to third parties for them to train AI systems on.

4. Who else processes your data

We use third-party services to operate SplitGrub. Each has its own privacy practices. The list below is the complete set of processors that touch any data we collect.

  • Amazon Web Services (AWS): hosts our servers, databases, and storage. Data is held in US data centers, encrypted at rest with AES-256 and in transit with TLS 1.2+.
  • Resend:sends transactional email (sign-in codes, waitlist updates, beta invites). They receive only what's necessary to deliver the email.
  • PostHog (US Cloud):product analytics and session replay. Inputs masked. We don't pipe payment handles or raw email content through events.
  • Azure Document Intelligence: receipt OCR processing. Receives the photo, returns extracted text. They do not retain the image beyond the per-request lifecycle.
  • Anthropic:language model that cleans up OCR output (merging line breaks, normalizing item descriptions). Receives only the OCR'd text. Not the photo, not your email, not anything that ties the receipt to a specific user.
  • Apple & Google:when you sign in with Apple or Google, the platform handles the authentication and hands us a signed token containing your email and an opaque user ID. We don't see anything else from your Apple ID or Google Account.

5. How long we keep it

  • Active session data(receipt, claims, payments): kept while the session is open, plus a 12-month archival window after settlement. That window lets you look back at last month's dinner; everything older gets purged.
  • Guest phone-number hashes:kept for the same duration as the receipt data they're tied to. Deleted when the receipt archive expires.
  • Account data (email, display name, payment rails): kept until you delete your account or stay inactive for 24 months. At that point we send a heads-up and then deactivate.
  • Audit logs: kept for 12 months, then aggregated. The per-request rows are deleted.
  • Waitlist email: kept until you unsubscribe or we delete your account.

6. Your rights

You can email privacy@splitgrub.com to request:

  • A copy of everything we hold about you, in machine-readable form.
  • Correction of anything that's wrong.
  • Deletion of your account and the data tied to it.
  • An opt-out of any future analytics tracking on the marketing site.

California residents have additional rights under the CCPA and CPRA, including the right to know what categories of data we hold, the right to know which third-party processors we share data with, and the right to opt out of any sale or sharing of personal information. We don't sell or share personal information, but the right exists. Residents of other US states with comparable laws (Virginia, Colorado, Connecticut, Utah, and others as those laws come into effect) have parallel rights. Email the same address to exercise any of them.

7. Cookies & similar technologies

The marketing site sets a small number of cookies to support PostHog analytics. The app and guest claim experience use short-lived JSON Web Tokens stored locally on your device to keep you signed in. Neither is shared with any third party beyond the processors listed in section 4.

We respect the “Do Not Track” signal. If your browser sends one, we skip analytics for that visit.

8. Age requirement

SplitGrub is intended for adults. The minimum age to use the app is 18, matching the minimum age of the payment services (Venmo, Cash App, PayPal, Zelle, Apple Cash) the app deep-links to. The bar-tab use case also assumes the legal drinking age in the United States.

If we discover that someone under 18 has created an account, we'll delete it. Please email privacy@splitgrub.com if you believe an underage user has signed up.

The service is not directed to children, and we never knowingly collect personal information from anyone under 13 (the threshold the U.S. Children's Online Privacy Protection Act applies to).

9. Where we operate

SplitGrub is offered in the United States only. Our processors hold data in US data centers; we do not offer the service to users outside the US.

10. Security

We encrypt everything we store at rest and everything we send in transit. Authentication uses signed tokens with limited lifetimes and a rotation chain for refresh. Production system access is gated by AWS Identity Center single sign-on with multi-factor authentication and short-lived session tokens, and every server-side data mutation is recorded in a written audit log.

That said, no security model is perfect. If you discover what looks like a vulnerability or any behavior that suggests a security issue, please email security@splitgrub.com. We'll respond within one business day and we'll treat the report as confidential while we investigate.

11. Changes to this policy

When we change anything material, we'll update the effective date at the top of this page and email everyone on the waitlist or with an active account. The previous version stays available on request.

12. Contact

Privacy questions, requests, or complaints: privacy@splitgrub.com.

Security reports (suspected vulnerabilities or anything that looks like a breach): security@splitgrub.com.

For everything else (product help, billing, feedback), see splitgrub.app/support.