Back to Home

Privacy Policy

Last updated: March 14, 2026

Your privacy is important to us. This policy explains how we collect, use, and protect your data.

Introduction

PureSplit is committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable privacy laws. This policy describes how we handle your personal information. The data controller under GDPR is Maksymilian Olowski operating as a private individual (see Imprint). No data protection officer has been appointed.

1. Data We Collect

We collect the minimum data necessary to provide our service:

  • Account information (name, email address)
  • Expense data you enter (descriptions, amounts, categories)
  • Group membership and participation data
  • Basic technical data (session information for authentication)

2. How We Use Your Data

Your data is used exclusively to:

  • Provide the expense-splitting service
  • Calculate balances and settlements
  • Authenticate your account
  • Send essential service communications (password resets, verification emails)

Legal Basis

Processing is based on Art. 6(1)(b) GDPR (contract performance) for providing the service, Art. 6(1)(f) GDPR (legitimate interest) for security measures such as Turnstile, and Art. 6(1)(c) GDPR where statutory retention obligations apply.

3. Data Sharing

We do not sell, rent, or trade your personal information. Your expense data is only visible to members of groups you create or join. We only share data with third parties when required by law.

4. Data Storage & Security

The application and database are hosted in Germany (Nuremberg). Your data is stored on secure servers. We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, or destruction.

5. Your GDPR Rights

Under GDPR, you have the following rights:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ('right to be forgotten')
  • Right to data portability
  • Right to restrict processing
  • Right to object to processing

You can exercise these rights through the Settings page in your account.

You have the right to lodge a complaint with a supervisory authority (e.g., your local data protection authority).

6. Data Retention

We retain your data only as long as necessary to provide our services. When you delete your account, all your personal data is permanently removed from our systems.

7. Cookies

We use only essential cookies required for authentication and session management. We do not use tracking cookies, analytics, or advertising cookies.

8. Cloudflare Turnstile

We use Cloudflare Turnstile on our login and registration pages to protect against bots and automated abuse. Turnstile is a privacy-preserving CAPTCHA alternative that may collect minimal client-side signals (such as IP address, TLS fingerprint, and browser data) solely to distinguish human users from bots. This data is processed by Cloudflare, Inc. and is used exclusively for security purposes—not for advertising or profiling. As the website operator, we act as the data controller for this processing. For more information about Turnstile and Cloudflare's data practices, see Cloudflare's Turnstile Privacy Policy: https://www.cloudflare.com/privacypolicy/

9. Google Sign-In (OAuth)

If you choose "Continue with Google" when signing in or registering, Google will process authentication data and provide us with basic profile information (such as your name, email address, and profile image) needed to create or access your account. We do not receive your Google password. This processing only occurs when you actively choose Google Sign-In. For more information, see Google's Privacy Policy: https://policies.google.com/privacy

10. Email Delivery (Resend)

We use Resend (Resend, Inc., USA) to send emails such as verification emails, group invitations, settlement notifications, and payment reminders. Recipient addresses and email content are transmitted to Resend. Resend processes this data solely as a processor on our behalf. When data is transferred to the USA, appropriate safeguards (e.g., Standard Contractual Clauses) apply. For more information: https://resend.com/legal/privacy-policy

11. Subprocessors and International Transfers

We use selected subprocessors to deliver the service: - Cloudflare Turnstile (Cloudflare, Inc., USA) for bot protection - Google OAuth / Sign-In (Google LLC, USA) when you choose Google authentication - Resend (Resend, Inc., USA) for transactional email delivery - Hosting infrastructure operated by us via Coolify on servers in Germany (Nuremberg) Where personal data is transferred to countries outside the EU/EEA (such as the USA), we rely on appropriate safeguards, including Standard Contractual Clauses (SCCs) where required, and additional technical/organizational protections.

12. Policy Changes

We may update this policy from time to time. We will notify you of any significant changes via email or through the application.

13. Contact

For any privacy-related questions or to exercise your GDPR rights, please use the data management tools in your account settings or contact us directly (email: maksolowski@live.de).

Terms of Service