Privacy policy

FlatSplit helps flatmates track shared expenses, chores and shopping. This policy explains what data we process, why, and what rights you have under the GDPR. The data controller is the operator of FlatSplit, reachable at hello@flatsplit.app.

What we collect

• Account: your email address, used for passwordless sign-in links and the weekly household digest email.
• Profile: the display name and color you choose for each household.
• Household content: the expenses, splits, settlements, recurring rules, chores and shopping items your household records.
• Technical: session cookies for authentication and a cookie remembering your language. Security logs (such as rate-limit counters keyed by IP address) are short-lived and used only to protect the service.

What we don't do: no advertising, no selling of data, no tracking cookies, no profiling. Product analytics, when enabled, are aggregate and cookie-free (Plausible).

Why we process it (legal bases)

• To provide the service (contract, art. 6(1)(b)): accounts, household data, digest emails to household members, subscription billing.
• To keep the service secure and working (legitimate interest, art. 6(1)(f)): rate limiting, abuse prevention, error monitoring.

Who can see your household data

Members of your household can see everything the household records — that is the point of the app. Access is enforced at the database level with row-level security. Two sharing features disclose data beyond sign-in: invite linkslet anyone holding the link see your household's name and join it, and the weekly digest linklets anyone holding it view that week's summary, including member names and balances. Share both only with your flatmates; you can regenerate the invite code at any time from the Household tab.

Processors we rely on

• Supabase — database, authentication and email delivery infrastructure (hosted in the EU).
• Resend — sends sign-in and digest emails.
• Stripe — handles FlatSplit Pro payments. Your card details go directly to Stripe and never touch our servers; Stripe acts as an independent controller for payment data.
• Plausible — cookie-free, aggregate analytics (when enabled).
• Sentry — error monitoring (when enabled).

Retention

Data is kept while your household exists. Deleting a household removes its content immediately and permanently for all members. Leaving a household removes your membership. Backups expire on the infrastructure provider's standard schedule.

Your rights

From the Household tab you can export all data linked to you as JSON, leave a household, delete a household entirely, or delete your account — which removes your email and anonymizes your name in any shared history. For rectification or any other GDPR request (access, restriction, portability, objection), email hello@flatsplit.app. You can also lodge a complaint with your supervisory authority (in Spain, the AEPD).

Children

FlatSplit is not directed at children under 16.

Changes

If this policy changes materially, we'll note it here with a new date. Continued use after a change means you accept the updated policy.