Privacy Policy

1. Who we are

Chopsbill (“we”, “us”, “our”) provides a web application for splitting shared expenses, recording who paid, and calculating settlement suggestions. Depending on how the product is deployed, the legal entity responsible for processing personal data may be the operator hosting this instance (for example, you or your organization). Where this policy refers to obligations we undertake, those obligations apply to the party operating the live deployment you are using.

2. What data we collect

We collect and process categories of information that are typical for an authenticated productivity app:

• Account and authentication data, such as your name, email address, internal user identifier, and—if you use password sign-in—credentials stored using one-way hashing (we do not store your password in plain text). If you use Google sign-in, we receive profile information from Google subject to your Google account settings.
• Bill and expense content you or other participants create, including bill titles, currencies, privacy settings, participant display names, expense descriptions, amounts, dates, share allocations, and related metadata needed to render balances and exports.
• Technical and security data, such as IP addresses, device and browser characteristics, timestamps, and diagnostic logs generated by hosting infrastructure (for example, Cloudflare) to deliver the service, detect abuse, and maintain reliability.
• Support and communications if you contact us, including the content of your message and contact details you provide.

3. Why we use your data (purposes)

We process personal data for the following purposes:

• To create and maintain your account, authenticate you, and enforce access controls (including admin tools where enabled).
• To store, display, and synchronize bill data you choose to save, including sharing features you activate.
• To generate in-app summaries, exports (such as PDF or spreadsheet formats where available), and settlement suggestions.
• To secure the service, prevent fraud and misuse, debug incidents, and comply with lawful requests.
• To communicate operational notices (for example, security alerts) and—where permitted—product updates.
• To meet legal, accounting, or regulatory obligations where applicable.

4. Legal bases (EEA/UK-style framing)

Where laws such as the GDPR apply, we rely on one or more of the following legal bases: performance of a contract (providing the service you requested); legitimate interests (securing and improving the product, fraud prevention, analytics that do not override your rights); consent (where we ask for it, such as certain cookies or marketing, if offered); and legal obligation (where we must retain or disclose data).

5. Sharing and subprocessors

We do not sell your personal information. We share data only as needed to operate the service with trusted service providers (“subprocessors”), such as hosting and database vendors, authentication providers (for example, Google OAuth if enabled), and payment processors if billing features are activated. Subprocessors process data under contractual terms that require appropriate security and confidentiality measures.

We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of users, the public, or Chopsbill.

6. International transfers

Your data may be processed in countries other than where you live, including where our infrastructure or subprocessors operate. Where required, we implement appropriate safeguards (such as standard contractual clauses) for cross-border transfers.

7. Retention

We retain account and bill data for as long as your account is active and as needed to provide the service. After deletion, we may retain certain records for a limited period where required for security, legal compliance, or dispute resolution, after which they are deleted or anonymized where feasible.

8. Security

We implement administrative, technical, and organizational measures designed to protect personal data, including encryption in transit (HTTPS), access controls for privileged operations, and hashed password storage. No method of transmission or storage is completely secure; we work to reduce risk but cannot guarantee absolute security.

9. Your rights and choices

Depending on your location, you may have rights to access, correct, delete, or export your personal data; to restrict or object to certain processing; to withdraw consent where processing is consent-based; and to lodge a complaint with a supervisory authority. You can exercise many controls directly in the app (for example, editing profile fields where enabled, deleting bills you own, or disconnecting linked accounts). For other requests, contact the operator of this deployment using the contact details they publish.

10. Children

Chopsbill is not directed to children under the age where parental consent is required in your jurisdiction. We do not knowingly collect personal information from children. If you believe we have collected such data, contact us so we can delete it promptly.

11. Cookies and local storage

We use cookies and similar technologies that are essential for authentication and session continuity, and—if enabled—preferences such as theme selection. Analytics or advertising cookies may be introduced only with appropriate notice and consent where required by law.

12. Automated decision-making

Settlement suggestions are calculated from arithmetic rules you can inspect in the product. They do not constitute “solely automated” decisions with legal or similarly significant effects in the GDPR sense; they are informational aids for you and your group.

13. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the app or by other reasonable means. Continued use after the effective date constitutes acceptance of the updated policy, except where your consent is required for a new processing activity.

14. Contact

For privacy questions or requests, contact the operator of the Chopsbill instance you use. If you are using a self-hosted deployment, that operator is responsible for responding to requests.