Legal

Privacy Policy

Last updated: April 23, 2026

Summary

SettleEase collects the account, finance, and device data needed to run the app. We do not sell your data. Receipt OCR and voice transcription now run on-device. Optional receipt images and payment proof images are stored in Supabase Storage in the public receipts bucket, so files are accessible to anyone who has the direct URL.

1. Who we are

SettleEase is a personal finance and expense-splitting application published on the Google Play Store. References to "SettleEase", "we", "us", or "our" refer to the SettleEase application and its operators.

For privacy inquiries, contact privacy@settleease.app.

2. Data we collect

2.1 Account information

  • Full name and username
  • Email address
  • Phone number hash used for contact discovery
  • Country code, language, timezone, and display currency preferences
  • Profile photo URL if you upload one

2.2 Financial data

  • Expenses, categories, budgets, goals, subscriptions, wallet records, and reports
  • Group memberships, balances, invitations, and settlement history
  • Receipt OCR extraction records and voice-created extraction records
  • Payment records including optional receipt or proof-of-payment images
  • Support tickets and replies you send to us

2.3 AI and automation data

  • TaxBot and assistant chat messages and responses
  • Usage counters used to enforce free-tier and Pro feature limits
  • Generated spending insights and event reports

2.4 Device and usage data

  • Authentication session data and login timestamps
  • Push notification token (FCM token)
  • Onboarding completion status
  • Subscription tier and billing status

We do not sell your data and we do not use advertising identifiers, behavioral ad profiles, or third-party analytics SDKs for marketing.

2.5 Files

Optional receipt images and payment proof images you upload are stored in Supabase Storage in the public receipts bucket. Those files are used to display attachments inside the app and are accessible to anyone who has the direct URL. Bank statement import is currently unavailable in the active build.

3. How we use your data

  • To create and secure your account
  • To store and display the expenses, groups, balances, goals, and events you create
  • To calculate splits, reminders, payment history, and settlement status
  • To process receipt scans using on-device OCR and optional AI structuring
  • To process locally transcribed voice input when you use voice logging
  • To store and display optional receipt and payment proof images
  • To power the AI assistant, TaxBot, insights, and reports
  • To send push notifications and support updates
  • To enforce plan limits and verify Google Play purchases
  • To discover contacts using privacy-preserving hashing
  • To detect fraud, abuse, and security incidents

4. Legal basis for processing (GDPR)

  • Contract: processing necessary to provide the services you signed up for
  • Legitimate interests: security, fraud prevention, product reliability, and abuse prevention
  • Consent: optional processing you explicitly enable, such as contact discovery
  • Legal obligation: compliance where applicable law requires it

5. Third-party services and integrations

5.1 Supabase (database, auth, storage, edge functions)

SettleEase uses Supabase for authentication, PostgreSQL storage, file storage, and server-side edge functions.

Optional receipt and payment proof images are stored in the public receipts bucket. That means the direct file URLs are public.

Privacy policy: supabase.com/privacy

5.2 On-device OCR and voice input

Receipt scanning uses on-device ML Kit OCR, and voice logging uses on-device speech recognition provided by the device platform. Audio is not uploaded for transcription. Only recognized text and the resulting structured expense data are sent to our backend when you trigger those features.

Bank statement import is currently unavailable because the previous cloud parsing pipeline was removed.

5.3 Google Firebase Cloud Messaging (push notifications)

We use Firebase Cloud Messaging to deliver push notifications. We store your device token only to route notifications to your device.

Privacy policy: firebase.google.com/support/privacy

5.4 Google Gemini AI (assistant, TaxBot, and insights)

We use Google Gemini to generate assistant responses, structure OCR output, and create certain summaries or insights.

  • Your prompt or extracted text
  • Recent conversation context when using the assistant
  • Aggregated finance context needed to answer the request
  • Category names, goal names, and group/member names when relevant to the feature

Privacy policy: ai.google.dev/gemini-api/terms

5.5 Google Play Billing (subscriptions)

Google Play processes SettleEase Pro subscriptions. We receive purchase tokens and subscription state, but not your full payment card details.

Privacy policy: policies.google.com/privacy

5.6 Google Sign-In (OAuth authentication)

If you sign in with Google, we receive your Google account email address, display name, and profile photo so we can create or match your SettleEase account.

6. Contact discovery

  • Phone numbers from your contacts are normalized on-device
  • They are hashed before comparison
  • Only hashed values are sent to the server
  • You can disable contact access at any time in device settings

7. Data sharing

  • With the third-party services listed in Section 5 only to operate app features
  • With other SettleEase users you explicitly add to shared groups or expenses
  • Receipt and payment proof images stored in the public receipts bucket are accessible to anyone who has the direct URL
  • When required by law, court order, or government authority
  • In connection with a merger, acquisition, or similar business transfer if one occurs

8. Data retention

  • Account data is retained while your account remains active
  • You can request deletion at any time from the app settings or through support
  • On account deletion, we remove personal data and app content within our operational retention window unless law requires otherwise
  • Usage counters and feature metadata tied to your account are removed with account deletion
  • Aggregated, anonymized statistics may be retained if they can no longer identify you

9. Data security

  • All traffic is sent over HTTPS/TLS
  • Database access is protected with Row-Level Security where applicable
  • Service-role credentials stay on the server and are not embedded in the app client
  • Passwords are managed by Supabase Auth and are not stored in plaintext by us
  • Phone numbers used for contact discovery are stored as hashes
  • Receipt images and payment proofs are stored in a public Supabase bucket and should be treated as shareable files, not secret documents

10. Your rights

  • Access the personal data we hold about you
  • Correct inaccurate information
  • Delete your account and associated data
  • Request a machine-readable export where available
  • Object to or restrict certain processing where law provides that right

To exercise these rights, contact privacy@settleease.app.

11. Children's privacy

SettleEase is not intended for children under 16. If you believe a child has provided us with personal data, contact us and we will investigate and remove it where appropriate.

12. Changes to this policy

We may update this policy from time to time. Material changes may be communicated through the app, email, or public policy pages. The date at the top of this page reflects the latest revision.

13. Contact

  • Email: privacy@settleease.app
  • Response time: within 30 business days
Privacy PolicyTerms & ConditionsCookie PolicyData UsageContact