Chopsbill
Privacy|Terms
Sign in

Privacy Policy

Last updated: April 24, 2026

1. Who we are

Chopsbill ("we", "us", "our") provides a web application for splitting shared expenses, recording who paid, and calculating settlement suggestions. Depending on how the product is deployed, the legal entity responsible for processing personal data may be the operator hosting this instance (for example, you or your organization). Where this policy refers to obligations we undertake, those obligations apply to the party operating the live deployment you are using.

2. What data we collect

We collect and process categories of information that are typical for an authenticated productivity app:

  • Account and authentication data, such as your name, email address, internal user identifier, and—if you use password sign-in—credentials stored using one-way hashing (we do not store your password in plain text). If you use Google sign-in, we receive profile information from Google subject to your Google account settings.
  • Plan and billing records when you subscribe or manage billing, such as your subscription tier, Stripe customer and subscription identifiers, renewal timestamps, and high-level payment status. Card numbers and full payment credentials are handled by our payment processor (for example, Stripe); we do not store your full card number on Chopsbill servers.
  • Bill and expense content you or other participants create, including bill titles, currencies, sharing and privacy settings (public, passphrase-protected, or private-to-creator), participant display names, expense descriptions, amounts, dates, share allocations, join-link usage where applicable, and related metadata needed to render balances, duplicate bills, exports, and settlement views.
  • Social and collaboration data such as friend relationships and invitations, group names and members, and participant account links used to show shared bills, linked identities, and group-based participant import flows.
  • Technical and security data, such as IP addresses, device and browser characteristics, timestamps, and diagnostic logs generated by hosting infrastructure (for example, Cloudflare) to deliver the service, detect abuse, and maintain reliability.
  • Support and communications if you contact us, including the content of your message and contact details you provide.
  • Password reset flow — when you request a reset, we create a short-lived token (only a hash is stored), send a link to your email via Resend, and delete other pending reset rows for your account when a reset succeeds.

When a bill is public or shared with a working link or passphrase, people you did not individually invite may still access bill content if they obtain that link or passphrase. Choose stricter modes for sensitive data.

OAuth and connected accounts (Google, GitHub, Apple)

If you use social sign-in, the provider authenticates you and exchanges OAuth tokens or identifiers with our application according to that provider's developer policies. We receive identifiers and profile fields the provider discloses to our app (typically a stable user id, email when you authorize it, display name, and profile image URL if available). We do not receive or store your Google, GitHub, or Apple password. We use this information only to maintain your session, secure access, and show your identity inside Chopsbill. Providers may log their own access and processing—refer to their privacy policies for details on their side.

Revoking Chopsbill in your Google, GitHub, or Apple account security settings may stop future sign-ins but does not automatically erase bills or expenses already stored in Chopsbill; delete those items or delete your Chopsbill account as described below.

3. Why we use your data (purposes)

We process personal data for the following purposes:

  • To create and maintain your account, authenticate you, and enforce access controls (including admin tools where enabled).
  • To store, display, and synchronize bill data you choose to save, including sharing features, join flows, and tier-based capabilities (for example, exports or settlement tools available on your plan).
  • To operate billing and subscriptions: calculating tax or currency display where applicable, recording entitlements (such as Free vs Pro), and providing self-service billing portals through our payment partner.
  • To generate in-app summaries, exports (such as spreadsheet-compatible files broadly available, and PDF or similar summaries where enabled for your plan), and settlement suggestions.
  • To secure the service, prevent fraud and misuse, debug incidents, and comply with lawful requests.
  • To receive and respond to feedback and bug reports submitted from the in-app feedback form.
  • To communicate operational notices (for example, security alerts) and—where permitted—product updates.
  • To meet legal, accounting, or regulatory obligations where applicable.

4. Legal bases (EEA/UK-style framing)

Where laws such as the GDPR apply, we rely on one or more of the following legal bases: performance of a contract (providing the service you requested); legitimate interests (securing and improving the product, fraud prevention, analytics that do not override your rights); consent (where we ask for it, such as certain cookies or marketing, if offered); and legal obligation (where we must retain or disclose data).

5. Sharing and subprocessors

We do not sell your personal information. We share data only as needed to operate the service with trusted service providers ("subprocessors"), such as hosting and database vendors, authentication providers (for example, Google OAuth if enabled), and payment processors (for example, Stripe) when billing features are used. Subprocessors process data under contractual terms that require appropriate security and confidentiality measures.

We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of users, the public, or Chopsbill.

6. International transfers

Your data may be processed in countries other than where you live, including where our infrastructure or subprocessors operate. Where required, we implement appropriate safeguards (such as standard contractual clauses) for cross-border transfers.

7. Retention

We retain account and bill data for as long as your account is active and as needed to provide the service. After deletion, we may retain certain records for a limited period where required for security, legal compliance, or dispute resolution, after which they are deleted or anonymized where feasible.

8. Security

We implement administrative, technical, and organizational measures designed to protect personal data, including encryption in transit (HTTPS), access controls for privileged operations, and hashed password storage. No method of transmission or storage is completely secure; we work to reduce risk but cannot guarantee absolute security.

9. Your rights and choices

Depending on your location, you may have rights to access, correct, delete, or export your personal data; to restrict or object to certain processing; to withdraw consent where processing is consent-based; and to lodge a complaint with a supervisory authority. You can exercise many controls directly in the app (for example, editing profile fields where enabled, deleting bills you own, managing subscription status through the billing portal, or disconnecting linked accounts). For other requests, contact the operator of this deployment using the contact details they publish.

Account deletion: to remove your Chopsbill user account and erase personal data tied to that account (subject to lawful retention, billing, or security requirements), sign in, open Account, scroll to Danger zone, and follow the Delete account flow shown in the product. Export or delete bills you own first if your organization requires a clean handover.

10. Children

Chopsbill is not directed to children under the age where parental consent is required in your jurisdiction. We do not knowingly collect personal information from children. If you believe we have collected such data, contact us so we can delete it promptly.

11. Cookies and local storage

We use cookies and similar technologies that are essential for authentication and session continuity, and—if enabled—preferences such as theme selection. If the app registers a service worker for offline or install behavior, related storage may be used to cache assets or preferences as described in your browser or PWA settings. Analytics or advertising cookies may be introduced only with appropriate notice and consent where required by law.

12. Automated decision-making

Settlement suggestions are calculated from arithmetic rules you can inspect in the product. They do not constitute "solely automated" decisions with legal or similarly significant effects in the GDPR sense; they are informational aids for you and your group.

13. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the app or by other reasonable means. Continued use after the effective date constitutes acceptance of the updated policy, except where your consent is required for a new processing activity.

14. Contact

For privacy questions or requests, contact [email protected] or use the in-app Feedback form (/feedback). If you are using a self-hosted deployment, that operator remains responsible for responding to legal/privacy requests.

Back to home

Privacy Policy|Terms of Service|© 2026 Chopsbill. All rights reserved.