Privacy Policy

1. INTRODUCTION

Welcome to Eggspence, an expense sharing and bill splitting application. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our mobile application and related services.

We comply with the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Austrian data protection laws.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

• Account Information: Email address, username, profile picture
• Expense Data: Amounts, descriptions, categories, dates, currency, participants, and cost-sharing arrangements
• Receipt Images: Photos of receipts you upload (stored with metadata including potential location data)
• Group Information: Group names, descriptions, member lists, and settings

2.2 Information Collected Automatically

Technical Information:

• Device information (model, OS, version, manufacturer)
• App version and usage statistics
• IP address (may be anonymized)
• Device identifiers (iOS IDFV, Android GAID where applicable)
• Firebase Installation ID (FID)
• Network type, time zone, language settings, screen resolution

Usage Information:

• App interactions and feature usage
• Session duration and frequency
• Crash reports and performance diagnostics

Advertising Information (Free Version):

• Advertising IDs (GAID/IDFA) for personalized ads
• Ad engagement metrics

2.3 Information from Third Parties

• Social Login Data: Email address and basic profile info via Google or Apple sign-in
• Contact Import: Contact info when inviting others (processed locally on your device)

3. HOW WE USE YOUR INFORMATION

3.1 Primary Purposes (Contract Performance — Art. 6(1)(b) GDPR)

• Provide core expense tracking and bill splitting functionality
• Manage user accounts and authentication
• Enable group creation and expense sharing
• Process OCR text recognition on receipts (locally via Google ML Kit)
• Analyze recognized receipt text using the Google Gemini API
• Facilitate expense settlement and record keeping

3.2 Secondary Purposes

Product Improvement (Legitimate Interest — Art. 6(1)(f) GDPR)

• Analyze app usage to improve features and user experience
• Identify and fix technical issues

Advertising (Free Version) (Consent — Art. 6(1)(a) GDPR)

• Display personalized advertisements through Google AdMob

Subscription Management (Contract Performance — Art. 6(1)(b) GDPR)

• Process ad-free subscription payments through RevenueCat

4. INFORMATION SHARING AND DISCLOSURE

4.1 Third-Party Service Providers

Google Firebase / Cloud Services:

• Purpose: App infrastructure, data storage, authentication
• Location: USA (Google LLC, Mountain View, CA)
• Safeguards: EU-US Data Privacy Framework, Standard Contractual Clauses

Google AdMob (Free Version Only):

• Purpose: Serving personalized advertisements
• Data Shared: Advertising IDs, device info, IP address

Firebase Crashlytics:

• Purpose: Crash reporting and app stability monitoring
• Retention: 90 days before automatic deletion

Google Gemini API:

• Purpose: Receipt text analysis (items, prices, structure)
• Data Shared: Recognized receipt text (not the original image)

RevenueCat:

• Purpose: Subscription management and payment processing
• Data Shared: Anonymous user IDs, subscription status, transaction data
• Location: USA — EU Standard Contractual Clauses apply

5. DATA RETENTION

• Account Data: Retained while active plus 30 days after deletion
• Expense Data: Retained while your account exists
• Technical Logs: Maximum 90 days, then anonymized or deleted
• Subscription Data: Retained as legally required for billing/tax compliance

6. DATA SECURITY

• Encryption: Data encrypted in transit (TLS) and at rest
• Access Control: Restricted access for authorized personnel only
• Secure Infrastructure: Hosted on Google Cloud with enterprise-grade security

7. YOUR PRIVACY RIGHTS

7.1 EU/GDPR Rights

• Access: Request copies of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion ("right to be forgotten")
• Portability: Receive your data in a machine-readable format
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for consent-based processing

7.2 California/CCPA Rights

• Know: What personal information we collect, use, share, and sell
• Delete: Request deletion of your personal information
• Opt-Out: Opt out of the "sale" or "sharing" of personal information
• Non-Discrimination: Equal service regardless of privacy choices

7.3 Exercise Your Rights

• Email: support@eggspence.com
• Subject Line: "Privacy Rights Request"
• Response Time: Within 30 days (EU) or 45 days (California)

8. CHILDREN'S PRIVACY

Our app is intended for users 13 years and older. We do not knowingly collect personal information from children under 13. For users aged 13–16 in the EU, we verify parental consent where required by local law.

9. INTERNATIONAL DATA TRANSFERS

Your data may be transferred to and processed in the United States. We ensure appropriate safeguards through the EU-US Data Privacy Framework and Standard Contractual Clauses approved by the European Commission.

10. PRIVACY POLICY UPDATES

Material changes will be communicated through in-app notification, website notice, and email notification for significant changes.

11. CONTACT INFORMATION