← Back to home

Privacy Policy

Last updated: 16 May 2026

1. Data controller

JeySplit (JFDV Labs), reachable at jfdvlabs@gmail.com.

2. Data we collect

When you sign up we collect:

  • Email and password (hashed, never stored in clear text).
  • Name (optional, provided at sign-up or obtained from Google if you use Sign in with Google).
  • Profile picture, if you upload one.

Inside the app you create content (groups, expenses, participants, settlements) tied to your account and visible only to the other members of the groups you belong to.

3. Legal basis

Processing is carried out for the performance of a contract (providing you the JeySplit service, art. 6.1.b GDPR) and, where necessary, for our legitimate interest in keeping the service secure.

4. Purposes

  • Let you sign in and use the app.
  • Send you the welcome email after sign-up.
  • Prevent abuse and keep the service running.

We don't profile, sell data, or run ads.

5. Recipients and providers

  • Supabase (USA / EU) – backend, auth, database, storage. Servers in Ireland (eu-west-1).
  • Resend (USA / EU) – delivery of the welcome email.
  • Vercel (USA) – website hosting.
  • Google – only if you choose "Sign in with Google" as your OAuth provider.

All providers are GDPR-compliant. Personal data is hosted in the EU whenever possible.

6. Retention

Data is kept as long as your account is active. Upon a deletion request (see below) all data associated with your user is removed within 30 days.

7. Your rights (GDPR)

You can always:

  • Access your data.
  • Rectify or update it.
  • Delete your account (and therefore your data).
  • Restrict its processing.
  • Get an exportable copy in CSV.
  • Object to processing.
  • File a complaint with your local data protection authority (in Italy: the Garante per la Protezione dei Dati Personali).

To exercise any of these rights write to jfdvlabs@gmail.com.

8. Cookies

JeySplit uses only essential technical cookies/storage (auth session, local preferences). No trackers. See the dedicated cookie policy.

9. Security

Passwords are hashed (bcrypt), all connections use TLS, and database rows are protected by Row Level Security: no user can read another user's data unless they are a member of the same group.

10. Changes

Updates to this policy are published on this page with the new date at the top. If a change is material we will notify you by email.