Privacy Policy

1. What we collect, and why

1.1 Receipt photos

When you take or upload a photo of a receipt, the image is sent to Google Gemini (Google's vision-AI API) so we can extract the merchant name, line items, tax, tip, and total. We do not store your receipt photo on our servers. The image is held in memory only for the duration of the parse — typically 1–3 seconds — and then discarded. Google may temporarily process the image under its own Generative AI API Terms; we have configured the request so that Google does not use your photo to train their models.

1.2 Parsed receipt data

The structured output of the parse (merchant, items, prices, tax, tip, total) is stored on your device so you can see it in your recent-splits list and revisit it. This data never leaves your phone unless you sign in (see §1.4) or you tap “Share with friends.”

1.3 Anonymous user ID

The first time you open PayMyCut we register an anonymous identity with Firebase Authentication so we can rate-limit receipt parsing per device (to prevent abuse) and attribute crashes and analytics events to the same user across sessions. This anonymous ID is not linked to your name or email unless you sign in.

1.4 Optional: email address and display name (if you sign in)

You may, optionally, sign in with Apple or Google to sync your recent splits across devices. When you do, we receive an email address (you can hide it via Apple's “Hide My Email” relay) and a display name (in the case of Google Sign-In). We use this only to recognize you across devices and to send you transactional emails if you've enabled them — never marketing.

1.5 Purchase state (if you buy Pro)

Pro is a one-time purchase (not a subscription). If you buy it, your purchase/entitlement state is managed via Apple App Store or Google Play Billing, with RevenueCat as our purchase-management vendor. RevenueCat receives your anonymous user ID and whether Pro is active. It does not receive your payment card details — those stay with Apple / Google.

1.6 Crash reports

When the App crashes, we capture a stack trace via Firebase Crashlytics so we can diagnose and fix bugs. The crash report includes the stack trace, device model, OS version, free memory, and your anonymous user ID. Crash reports are retained by Firebase for 90 days then deleted.

1.7 Product analytics

We use Firebase Analytics to understand how the App is used at an aggregate level. The events we record describe user actions inside the app (e.g. home_open, parse_success, share_fire). We do not record receipt photos, parsed receipt data, names of people you split bills with, or contents of any shared breakdown.

1.8 Performance traces

Firebase Performance Monitoring records latency metrics (e.g. how long the Gemini parse took) so we can keep the App fast. These traces do not include personal data.

2. What we do NOT collect

• Your contacts, your photo library beyond the photos you explicitly upload, your location, your microphone audio.
• Names, contact info, or any personal data about the people you split bills with — those stay on your device.
• Your payment card details — payments are routed entirely through Apple / Google / Venmo / Cash App / PayPal.
• Advertising identifiers. We don't run ads and don't sell or share any data with advertisers.

3. Third parties we share data with

• Google Gemini API — receipt photo (transient) for receipt parsing.
• Google Firebase (Auth, Firestore, Functions, Analytics, Crashlytics, Performance) — anonymous user ID, email if signed in, parsed receipts (if signed in), crash reports, analytics events. Backend infrastructure.
• RevenueCat — anonymous user ID and Pro purchase status, for in-app purchase management.

We do not sell your personal information to anyone, and we do not share it with advertisers.

4. Your rights

You can exercise any of these rights from inside the App (Settings → Your Data) without contacting us:

• Access and export. Tap Export my data to copy a JSON snapshot of your recent splits to your clipboard and the system share sheet.
• Deletion. Tap Delete my account & data to permanently delete your account, all your saved splits, your anonymous identity, and your sign-in. Reset is immediate locally and remote deletion completes within 24 hours.

5. Children's privacy

PayMyCut is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we've inadvertently received data from a child under 13, contact [email protected] and we'll delete it.

6. Data security

• Receipt photos are transmitted over HTTPS / TLS 1.2+ to Google Gemini and never persisted at rest.
• Parsed data stored in Firestore is encrypted at rest by Google (AES-256) and in transit (TLS).
• The Gemini API key is stored as an encrypted secret inside our Cloud Function — the App itself does not carry it.
• We rate-limit receipt parsing per user per day to defend against abuse (a generous daily scan limit; higher on Pro).

7. International transfers

PayMyCut's backend runs on Google Cloud's us-central1 region. If you use the App from outside the United States, your data is transferred to and processed there. Google's underlying infrastructure complies with EU Standard Contractual Clauses for transfers from the EEA, UK, and Switzerland.

8. Changes to this policy

We may update this Privacy Policy. Material changes will be announced in-app at least 30 days before they take effect, and we'll update the “Last updated” date at the top. Continued use of the App after a change means you accept the revised policy.

9. Contact

STAIM CORP.

Privacy inquiries: [email protected]

General support: [email protected]