Privacy Policy

What We Collect

TripSplit collects minimal data to provide the service:

• Admin accounts: Email address and password for trip creators
• Participant names: First names only, entered by the trip creator. Participants do not have accounts.
• Expense data: Amounts, descriptions, dates, and how expenses are split
• Payment preferences: Optional Venmo, Zelle, PayPal, or Cash App handles that participants choose to share
• Feedback: Messages and optional names submitted through the chatbot widget

What We Don't Collect

• No tracking cookies
• No analytics or usage tracking
• No third-party advertising networks
• No financial account numbers or bank details

Data Storage & Security

• All data is stored in a PostgreSQL database hosted on AWS via Supabase
• Data is encrypted at rest using AES-256 encryption
• All connections between your browser and TripSplit use HTTPS with TLS encryption in transit
• Admin passwords are hashed using bcrypt and are never stored in plain text
• Database access is protected by Row Level Security (RLS) policies
• Sensitive API keys are stored server-side only and are never exposed to the browser

Data Sharing

Your data is not sold or shared with third parties.

• Trip data is accessible to anyone with the trip link. Only share links with people you trust.
• The AI chatbot is powered by Anthropic's Claude. Messages you send in the "Ask a Question" feature are processed by Anthropic's API and are not stored by TripSplit beyond your current session.

Data Retention

• Trips expire 90 days after creation and become read-only
• Expired trip data is not automatically deleted
• You can request deletion of your data at any time

Contact

For questions about this policy or to request data deletion, email tripsplit@ecommercepartners.net.