This Privacy Policy explains how CareSplit ("we", "us", "our") collects, uses, and protects information when you use our service at caresplit.biz (the "Service"). By using the Service you agree to this policy.
1. What we collect
- Account identity (from Google). When you sign in with Google we receive your name, email address, profile picture URL, and a stable Google account identifier (
sub). We never see or store your Google password. - Family + expense data you enter. Family name, family members you invite, parent names/scope, expense categories, expense amounts and dates, who paid, how it's split, settlement records, budgets, and any notes you add.
- Receipt images you upload. Stored encrypted at rest. We do not run OCR or share them with third parties in the current version of the Service.
- Operational data. Session cookies, IP address of API requests (kept briefly in server logs for security), and product analytics events when you take actions like creating an expense (event names + family ID only — never the contents).
2. How we use it
- To provide the Service: render your family workspace, compute settlements, send invitations and notifications.
- To secure your account: detect fraudulent or abusive sign-in attempts.
- To send transactional emails: invitations, monthly summaries, budget alerts. We do not send marketing email without explicit opt-in.
- To improve the product in aggregate: counts of features used, anonymised performance metrics.
We do not sell your personal data. We do not use your data to train AI models.
3. Who we share data with
CareSplit relies on a small set of service providers ("processors") to operate. They process data only as needed to deliver the Service and on our instructions.
- Google LLC — OAuth sign-in (we receive the data described in §1). Google's privacy policy.
- Cloudflare, Inc. — hosting (Pages), database (D1), object storage (R2), DNS, and TLS for caresplit.biz. Cloudflare's privacy policy.
- Resend, Inc. — transactional email delivery. Resend's privacy policy.
- Google Analytics (Google LLC) — aggregate product usage analytics (page views, feature engagement). IP addresses are anonymised before storage. We do not use Google Analytics for advertising or remarketing. Google's privacy policy.
We will disclose data if required by law, valid legal process, or to protect the rights or safety of users.
4. Data retention
Your data is kept as long as your account is active. If you delete your account, your personal identifiers (name, email, Google linkage) are removed within 30 days; aggregated, de-identified data may be retained for analytics. Family workspaces you participated in are not automatically deleted — they continue to belong to the remaining members.
5. Your rights
You can at any time:
- Sign out and re-authenticate to refresh permissions.
- Export the full data of any family you belong to (Settings → Export). The export is a ZIP of CSV files plus your uploaded receipts.
- Request deletion of your account by emailing [email protected]. We action requests within 30 days.
- Disconnect Google: revoke CareSplit's access via your Google account permissions.
Depending on your jurisdiction (e.g. EU/EEA, UK, California) you may have additional rights including access, correction, portability, restriction, objection, and the right to lodge a complaint with a supervisory authority.
6. Cookies
CareSplit uses one functional cookie: __Host-cs_sess, which stores an opaque session token so you stay signed in. It is HTTP-only, Secure, SameSite=Lax, and expires after 30 days of inactivity. Google Analytics also sets first-party cookies (_ga, _ga_*) to distinguish unique visitors for the aggregate metrics described in §3. We do not use advertising or cross-site tracking cookies.
7. Children
CareSplit is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If you believe a child has provided personal data, please contact us.
8. Security
We use industry-standard measures including TLS in transit, encrypted storage at rest, and authentication via Google OAuth. No system is perfectly secure; you are responsible for maintaining the security of your Google account.
9. Changes
We may update this policy from time to time. Material changes will be announced in-app or via email at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.
10. Contact
Questions about this policy can be directed to [email protected].