Privacy Policy

Effective date: March 1, 2026

1. Introduction

Split Maadi ("we", "our", or "us") is a group expense-splitting application. This Privacy Policy explains how we collect, use, and protect your information when you use our web app at app.splitmaadi.com and our iOS and Android applications (collectively, the "Service").

2. Information We Collect

Account Information

  • Name, email address, and password (stored hashed)
  • Profile photo (if you choose to upload one)
  • Google or Apple account information (name and email) if you sign in with Google or Apple

Usage Data

  • Expenses, settlements, and group membership data you create within the Service
  • Anonymized analytics data such as feature usage and page views
  • Device information and crash reports for troubleshooting

3. How We Use Your Information

  • To provide and maintain the Service — calculating balances, managing groups, and tracking expenses
  • To authenticate your identity and secure your account
  • To send you notifications about activity in your groups (if you opt in to push notifications)
  • To send transactional emails such as email verification and password resets
  • To understand how the Service is used and improve it through anonymized analytics
  • To diagnose and fix technical issues

4. Third-Party Services

We use the following third-party services to operate the Service:

  • Google OAuth — for sign-in with Google. Google's privacy policy applies to data processed by Google.
  • Apple Sign-In — for sign-in with Apple. Apple's privacy policy applies to data processed by Apple.
  • PostHog — for product analytics (feature usage, page views). Analytics events are linked to your account to help us understand how the Service is used and improve it. PostHog does not use this data for advertising.
  • Firebase Cloud Messaging (FCM) — for delivering push notifications on iOS and Android. Google's privacy policy governs FCM data handling.
  • Sentry — for error and crash reporting. Crash reports may include device information but do not include personal data such as names or emails.

We do not sell, rent, or share your personal information with third parties for marketing purposes.

5. Data Storage and Security

Your data is stored in a PostgreSQL database with encryption at rest. Passwords are hashed using industry-standard algorithms and are never stored in plain text. All communication between your device and our servers is encrypted via HTTPS.

6. Data Retention and Deletion

We retain your data for as long as your account is active. You can request deletion of your account and all associated data by contacting us. Upon deletion, your personal information, expenses, and group data will be permanently removed from our systems.

7. Your Rights

You have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your account and data
  • Opt out of push notifications at any time

8. Children's Privacy

The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us so we can delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice within the Service. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at [email protected].