Privacy Policy

Last updated: December 30, 2024

Overview

SplitDumb is designed with privacy in mind. We collect minimal data and give you full control over your information. This policy explains what data we collect, how we use it, and your rights.

SplitDumb is an anonymous expense-splitting tool. You can create and use trips without creating an account or providing any personal information.

Information We Collect

Trip Data (Required)

When you create a trip, we store:

  • Trip name and unique identifier (slug)
  • Trip password (hashed for security)
  • Participant names you provide
  • Expense descriptions, amounts, and split information
  • Payment records between participants
  • Timestamps for activity logging

Email Address (Optional)

You may optionally provide an email address for trip recovery via magic link. If you choose to do so:

  • We store your email address associated with the trip
  • We use it solely to send you access links when requested
  • We never share your email with third parties
  • You can remove your email at any time from trip settings

What We Do Not Collect

  • We do not require account registration
  • We do not use cookies for tracking
  • We do not collect device identifiers
  • We do not use analytics or tracking services
  • We do not display advertisements

How We Store Your Data

All data is stored on Cloudflare D1, a SQLite-based database service. Your data is:

  • Encrypted in transit using HTTPS
  • Stored in Cloudflare's secure data centers
  • Accessible only through your trip's unique URL and password

Data Retention

Trip data persists until you manually delete it. There is no automatic expiration. You maintain full control over when your data is removed.

Your Rights

You have the right to:

  • Access: View all data associated with your trip at any time
  • Export: Download your trip data (feature in development)
  • Delete: Permanently delete your trip and all associated data
  • Portability: Request your data in a machine-readable format

International Users (GDPR/CCPA)

For users in the European Union, United Kingdom, or California:

  • We process data based on your consent when you create a trip
  • You may request deletion of all your data at any time
  • We do not sell personal information to third parties
  • We do not share data with third parties for marketing purposes

Cloudflare, our infrastructure provider, maintains data processing agreements and complies with international data transfer requirements.

Security

We implement reasonable security measures including:

  • Password hashing using industry-standard algorithms
  • HTTPS encryption for all data in transit
  • Secure session management
  • Rate limiting to prevent abuse

Children's Privacy

SplitDumb is not directed at children under 13. We do not knowingly collect information from children. If you believe a child has provided us with personal information, please contact us.

Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of SplitDumb after changes constitutes acceptance of the updated policy.

Contact

For privacy-related questions or requests, contact us at:

email@emilycogsdill.com