Privacy Policy

1. Controller

The controller responsible for data processing in connection with this service is:

If you have questions about data protection, you can contact us using the details above.

2. Categories of data

Depending on how you use spleven, we may process the following categories of personal data:

• account data such as name, email address, password hash, preferred language, and preferred currency
• data received from Google Sign-In if you choose that login method
• guest-account data, especially guest tokens and recovery codes
• content you enter yourself, such as friendships, groups, expenses, comments, split information, categories, and PayPal.me details
• technical data required for login, sessions, security, and abuse prevention
• push subscription data for web push notifications
• receipt images if you use the receipt scanning feature

3. Purposes and legal bases

We process personal data only where permitted under Article 6(1) GDPR.

• To provide the user account, login, group and expense features, and account security under Article 6(1)(b) GDPR.
• To manage guest access, invite links, security measures, and error handling under Article 6(1)(f) GDPR. Our legitimate interest is the secure and reliable operation of the service.
• To send account verification and password emails under Article 6(1)(b) GDPR.
• To provide optional push notifications based on your consent under Article 6(1)(a) GDPR.
• To store or access strictly necessary information on your device under Section 25(2)(2) TDDDG; consent is not required for these technically necessary storage actions.

4. Registration, login, and account management

When you create a regular account, we process the registration data you provide in order to create and operate your account.

If you sign in using Google Sign-In, we receive the profile data needed for authentication, especially your name and email address. We use that data only for account creation and login within spleven.

If you use a guest account, we store the tokens required for session recognition and account recovery. Without these data, guest accounts cannot be provided technically.

5. Receipt scans and AI processing

If you use the receipt scanning feature (OCR capture), the uploaded image is transmitted to an external Large Language Model (LLM) provider to extract the merchant, date, tax, total, and individual line items. Currently, we use Google's Gemini model (Google Cloud Platform / Google Ireland Limited) for this service.

We have concluded a Data Processing Agreement (DPA) with the LLM API provider pursuant to Article 28 GDPR. This contract ensures that your data is processed strictly in accordance with our instructions, confidentially, and under high European data protection standards. Google processes the receipt image solely on a transient basis for text extraction. The provider does not store receipt images permanently, and the data is explicitly not used to train the provider's AI models.

The receipt image is stored securely in our application database and is deleted as soon as you delete the corresponding expense or receipt. The legal basis for this processing is Article 6(1)(b) GDPR (performance of a contract or steps at your request prior to entering into a contract).

6. Push notifications

Push notifications are optional. If you enable them, we store the push endpoint and related keys so we can send notifications about new expenses, group joins, and settlements.

The legal basis is your consent under Article 6(1)(a) GDPR. You can withdraw that consent at any time in your browser or device settings and by removing the subscription in spleven.

7. External recipients and processors

We use external services where required to operate spleven. These include:

• Google LLC (Ireland/USA) for the optional Google Sign-In
• the SMTP email provider used for verification and transaction emails (such as Mailtrap)
• the web push infrastructure of the browser or operating system vendor for push notifications (such as Google, Apple, Mozilla)
• Google Ireland Limited for receipt scanning (Gemini API) under a Data Processing Agreement
• an external exchange-rate service (queried for conversion rates; no personal data is transmitted)
• PayPal (Europe) S.à r.l. et Cie, S.C.A. (Luxembourg) for the optional settlement via PayPal.me links (data transmission occurs only when you actively click on a PayPal.me link)

Where such parties process personal data on our behalf, this is based on Article 28 GDPR. If data are transferred outside the European Union or the European Economic Area, appropriate safeguards such as the European Commission's standard contractual clauses have been concluded or the transfer is strictly required to provide the core service.

8. Cookies, local storage, and server logs

spleven uses technically necessary mechanisms for sessions, login state, language settings, guest access, and security tokens in the form of session cookies and local device storage (Local Storage / Session Storage).

Storing and accessing this information on your end device is based on Section 25(2)(2) TDDDG, since these storage actions are strictly necessary to provide the service explicitly requested by you. No marketing, analytical, or profiling trackers are used, which is why no cookie consent banner is required.

When you access the website, the server processes technically necessary log data to ensure system security and stability (e.g., IP address, access time, requested URL, browser type, and error messages). The legal basis is Article 6(1)(f) GDPR.

9. Storage periods and anonymization upon account closure

We store personal data only for as long as necessary for the relevant purposes or as required by law (e.g., statutory tax preservation duties).

• Account data: These are permanently deleted upon regular closure or deletion of your account. This includes your email, name, password hash, Google ID, and any profile pictures.
• Anonymization of financial records: To protect the integrity and mathematical correctness of balances and splits for other group participants, expense entries, splits, and actions are not deleted when you close your account. Instead, they are permanently anonymized (assigned to a generic "Former Member" name so that no identification of your person is possible). The legal basis for this continued processing in anonymized form is the legitimate interests of other group members under Article 6(1)(f) GDPR.
• Push subscriptions: These are deleted when you disable notifications, remove the subscription, or close your account.
• Receipt images: Receipt images are stored as long as the corresponding expense exists. They are deleted immediately if you remove the image attachment or delete the expense.

10. Your rights

Under the GDPR, users in the European Union and the European Economic Area have in particular the following rights:

• right of access under Article 15 GDPR
• right to rectification under Article 16 GDPR
• right to erasure under Article 17 GDPR
• right to restriction of processing under Article 18 GDPR
• right to data portability under Article 20 GDPR
• right to object under Article 21 GDPR
• right to withdraw consent at any time with effect for the future

To exercise your rights, please contact us by email at the address given in Section 1 above. We will respond to your request within one month.

You also have the right to lodge a complaint with a supervisory authority in the EU or EEA member state of your habitual residence, place of work, or the place of the alleged infringement. Before production launch, please add the authority that is competent for your place of establishment.

11. No automated decision-making

Based on the current implementation, spleven does not use automated decision-making or profiling within the meaning of Article 22 GDPR.