Privacy Policy

Effective date: 2025/08/27 • Last updated: 2025/08/27

Quick Overview

• Private by default: Expenses are visible only to people you share with as friends in the app, in a group or receipt.
• No selling your data: We do not sell your personal information. No ads. No marketing emails (for now).
• What we collect: Name, phone, optional profile photo; expense details; optional location with receipts; receipt images; contacts matched locally; plus the names and contact details of friends you add to help them join later and link history.
• What we don’t collect: Card/bank details (no in-app payments yet). No social logins.
• Receipts & OCR: Processed via Firebase/AWS (including Amazon Textract) to extract items and totals.
• Your control: Delete account any time (we remove data from active systems promptly). Partial deletion supported. Data export available by request (in-app export coming).
• International: Data may be processed in Google Cloud’s NAM5 (primarily U.S.) and AWS; safeguards apply for EU/UK transfers.

This overview is for convenience only. Please read the full policy below.

1) Who we are

Until incorporation, “Shareify” is operated by its founders. For privacy questions or requests, contact: shareify.info@gmail.com. When we register a legal entity and appoint a privacy contact or DPO, we will update this section.

2) Scope

This Policy applies to Shareify’s websites, mobile apps, and online services that link to it. By using Shareify, you agree to this Policy. If you do not agree, please discontinue use of our services.

3) Personal data we collect

3.1 Data you provide

• Account: Name, mobile phone number, and optional profile picture. Email may be added later for recovery/notifications.
• Contacts (optional): If you enable contacts access, we match names/numbers locally on your device to help you find friends. We do not upload your full address book.
• Friends you add: You can manually add a friend’s name and contact details (e.g., phone) to share expenses and send invitations. If that person later creates a Shareify account using the same contact, we will link and migrate the historical groups, receipts, and friendships to their new account so they can access shared history. Invitees can opt out or request deletion at any time (see “Your rights & choices”).
• Expenses & receipts: Amount, currency, description, category, who had what (per-person shares), receipt images/attachments, and optional notes.
• Location (optional): If enabled, we may store the location when you upload a receipt.
• Invitations: If you invite a friend, we process the invitee’s name/phone to deliver the invite.

3.2 Data we generate

• Balances & settlements: Per-user balances based on shared expenses and payments you record.
• Groups & receipts metadata: Group names, membership, and receipt participation.

3.3 Data we collect automatically

Our infrastructure providers may process limited technical data (e.g., IP address, device/app identifiers) for security, fraud prevention, and service reliability. We may use Firebase services that collect basic app diagnostics and anonymized analytics (region-dependent and config-dependent).

3.6 Non-user data (invitees & prospective users)

If a Shareify user adds you as a friend or invites you, we may process your name and contact details to deliver the invitation and to facilitate linking historical activity if you join later. We obtained this information from an existing user who knows you. You can request that we do not use this information, or that we delete it, by emailing shareify.info@gmail.com. If you later sign up with the same contact details, we will connect you to the shared history and you will gain control over the associated data and settings.

4) How we use your data

• Provide the service: Create accounts, manage groups, record/scan receipts, calculate balances, and show who owes whom.
• Invites & onboarding: Send invitations to contacts you add and link/migrate historical groups, receipts, and friendships to a new user when they sign up with a matching contact.
• Communicate: Send SMS verification for login; future push notifications; limited service emails if/when email is added.
• Improve & protect: Diagnostics, performance, fraud prevention, abuse detection, and quality improvements.
• Research & ML (future): We may use de-identified data (e.g., receipt text) to improve OCR/feature accuracy. We won’t use your content to train third-party foundation models without consent.
• Legal compliance: Comply with law and enforce our terms.

5) Legal bases (GDPR/UK GDPR)

• Contractual necessity: To provide expense sharing, groups, and receipts functionality.
• Consent: Contacts access, precise location with receipts, certain analytics/notifications, invitations in some regions, and (future) marketing.
• Legitimate interests: Service improvement, security/fraud prevention, storing invitee contact details to deliver invites and enable linking when they join (balanced against invitee rights and expectations), and aggregated analytics (where consent is not required).
• Legal obligation: Where we must comply with applicable laws.

6) Sharing & processors

We do not sell your personal information. We share data only as needed to run Shareify:

• Within groups/receipts/expenses/recorded payments: Items you share are visible to members of the relevant group/receipt/expense/recorded payment.
• Invitations: If you add a friend or start an invite, we use the friend’s contact to deliver the invitation and show your name/group/receipt/expense/recorded payment context.
• Cloud hosting & services (processors):
  • Firebase (Google Cloud, NAM5 multi-region): hosting, auth, database, storage, basic analytics/diagnostics.
  • AWS (Amazon Web Services): infrastructure supporting features such as OCR.
  • Amazon Textract (OCR): processes receipt images to extract line items, totals, taxes, and merchant info.
• Legal/compliance: To comply with law or protect rights and safety.
• Business transfer: If we undergo an acquisition/merger, data may transfer under this Policy’s protections.

7) International transfers

Data may be processed in Google Cloud’s NAM5 (primarily U.S.) and AWS regions. For EU/UK users, we use appropriate safeguards such as the European Commission’s/UK ICO’s Standard Contractual Clauses (SCCs) or equivalent mechanisms where applicable.

8) Cookies & website tracking

We do not use advertising cookies or third-party trackers (e.g., Meta Pixel) on our marketing site. We may use strictly necessary cookies to make the site work (e.g., session/security). We currently do not respond to “Do Not Track” (DNT) signals.

9) Retention

• Account: Kept until you delete it.
• Groups: All group expenses & recorded payments are deleted immediately when a group is deleted. Group receipts may remain if other members still participate in those receipts.
• Receipts: If you delete a receipt (or you were the only participant when leaving the receipt), we remove it. Receipts may remain if other users still participate when you leave a receipt.
• Invitee contact details (non-users): Retained until they sign up, you request the removal of the friend, or the invitee asks us to delete it. If none of these occur, we periodically review and delete stale invitee records (e.g., after 24 months) to minimize retention.
• Analytics (anonymized/aggregated): Retained as long as useful for service improvements.
• Backups: We remove data from active systems promptly after deletion. Residual copies may remain briefly in system backups and are purged on normal cycles.

10) Security

We use TLS in transit and cloud encryption at rest, provider access controls, and Firebase App Check. No system is 100% secure— please use strong credentials and keep them confidential. We will notify users of data breaches as required by law and are formalizing our incident response plan as we grow.

11) Children

Shareify is intended for users aged 16+. We do not knowingly collect data from children under 16. If you believe a minor has provided data without appropriate consent, contact us to delete it.

12) Your rights & choices

EU/UK (GDPR): access, rectification, erasure, restriction, portability, and objection; withdraw consent any time.

South Africa (POPIA): access and correction; object to processing where applicable.

California (CCPA/CPRA): right to know, delete, correct, and limit use of sensitive data; we do not “sell” or “share” personal info as defined by CPRA.

Invitees/non-users: If your details were added by a Shareify user and you do not use Shareify, you can request that we stop contacting you and delete your details by emailing shareify.info@gmail.com. Please include the phone that received the invite.

To exercise rights, email shareify.info@gmail.com. We may need to verify your identity and request additional details to process your request.

13) Your controls

• Permissions: You can disable contacts and location permissions at any time in your device settings.
• Notifications: You’ll be able to control push/marketing notifications (when available) in settings.
• Data export: While in-app export is coming, you can request an export by emailing us.
• Deletion: You can delete your account in the app. We remove data from active systems promptly.
• Invitees: Request opt-out/deletion of your contact details at any time via email.

14) Payments

Shareify does not currently process in-app payments. You can record manual payments between friends. If we introduce subscriptions or settlement features later, we’ll update this Policy and use reputable payment processors (e.g., Stripe) without storing full card numbers.

15) Changes to this Policy

We may update this Policy. If changes are material, we’ll notify you in-app, by email (if available), or on our website. Continued use after an update constitutes acceptance.

16) Contact

Shareify (pre-incorporation)
Privacy: shareify.info@gmail.com

If/when Shareify incorporates, the Data Controller details (legal entity name, address, DPO/contact) will be updated here.