ShinySplit ("we", "our", "us") is a web-based tool that helps friends split expenses quickly—no downloads, no forced sign-ups, just a shareable link. We take your privacy seriously and design every feature with true minimalism and invisible quality in mind.
1. Information We Collect
- User-Submitted Data: We collect data you input, such as expense descriptions, amounts, participant names, and other details relevant to your expense groups.
- Optional Account Data: Email/OAuth ID if you choose to save your work, and password hash (never the plain password).
- Wallet & Purchases (Stripe): If you buy ShinyCoins, we store purchase metadata such as the bundle, amount, currency, outcome (success/failed), and Stripe identifiers (e.g., customer ID, payment intent ID). We do not store full card numbers or CVV; those are collected and processed by Stripe.
- Referral Attribution: When someone uses your referral code or link, we record the referral event and link the referrer and referred accounts to allocate rewards and prevent abuse. ShinySplit does not send referral messages on your behalf.
- Usage & Device Data: IP address, browser, device type, pages visited, referrer, and event timestamps to improve performance and detect abuse.
- Support Messages: Email address and content when you contact us.
2. How We Use Your Information
- App Functionality: To provide core features (e.g., expense tracking, calculations, settlement recommendations).
- Personalization: To customize your user experience if you create an account.
- Analytics and Improvement: To analyze usage trends and enhance the App's performance, user interface, and feature set.
- Payments & Wallet: To process ShinyCoin purchases via Stripe, credit your Wallet, issue receipts, and handle refunds/chargebacks where required by law.
- Fraud Prevention & Enforcement: To detect and prevent abuse of Wallet, referrals, or promotions (e.g., fake accounts, scripted sign-ups) and to enforce our Terms.
- Legal Compliance: To comply with tax, accounting, and other legal obligations.
We never sell your personal data. Advertising pixels are not embedded.
3. Data Storage and Security
- Firebase: We store your data securely using Firebase by Google and follow industry best practices, including encryption in transit and at rest.
- Stripe: Payments are processed by Stripe. We receive limited payment metadata; Stripe’s systems handle card/bank data. See Stripe’s Privacy Policy.
- Rate Sources: We fetch currency exchange rates from third-party providers to display conversions. We do not send your personal data to these providers.
- Access Controls: Only vetted and authorized personnel with a need-to-know basis can access your data.
- Security Practices: We implement end-to-end TLS (HTTPS), data encryption at rest (AES-256), principle-of-least-privilege access controls, and regular security updates.
4. Data Sharing
- Service Providers: We use Firebase (Google Cloud) for hosting and database, error-tracking services for crash reports, and Stripe for processing ShinyCoin purchases.
- No Third-Party Sharing: We do not share, sell, rent, or trade your personal data with third parties for their promotional purposes.
- Exchange-Rate Providers: We may request market exchange rates to show indicative conversions. These requests do not include your personal data.
- Legal Obligations: We may share data if required by law, court order, or in connection with a merger, acquisition, or sale of assets.
All vendors are bound by Data-Processing Agreements (DPAs), standard contractual clauses, or equivalent safeguards.
5. Data Retention
| Data | Typical lifespan |
|---|
| Temporary groups (no account) | 90 days after last activity, then auto-deleted |
| Account-linked groups | Until you delete them or your account |
| Wallet & purchase records | While your account is active, and as required by law for tax/audit (then archived) |
| Analytics & logs | 14 months (aggregated thereafter) |
| Support emails | Up to 24 months for audit purposes |
| Referral reward records | 12 months (for fraud-prevention audit) |
You can delete a group or your account any time from Settings › Privacy.
6. International Transfers
Your data may be processed on servers outside Australia. We rely on Google Cloud and Stripe safeguards (including standard contractual clauses and industry certifications such as ISO 27001 and SOC 2) to protect your information during these transfers.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Correct inaccuracies
- Delete data ("right to be forgotten")
- Export data (JSON/CSV)
- Object or restrict processing
To exercise these rights, email Jiemo.ai.apps@gmail.com—we'll respond within 30 days.
8. Cookies & Tracking
We use only:
- Essential cookies – session and CSRF protection
- Stripe checkout cookies – to prevent fraud and complete payments (set by Stripe)
- Analytics cookies – GA4 (gtag), with IP anonymisation and no ad personalisation
You can block cookies in your browser; core splitting still works, but preferences may reset.
9. Children's Privacy
ShinySplit is not directed to children under 13. We do not knowingly collect data from children. If you believe a child has provided personal information, contact us for immediate deletion.
10. Changes to This Privacy Policy
We may update or modify this Privacy Policy at any time without prior notice. Any changes will be effective upon posting the updated version with a revised "Last updated" date. We'll email creators with registered accounts if changes are material.
11. Contact Information
If you have any questions or concerns about this Privacy Policy, please contact us at:
Email: Jiemo.ai.apps@gmail.com
Split money, not love
—and never your privacy.