Privacy Policy
Last updated: 7 June 2026
SettleUp helps you track shared expenses and see who has to give what. This policy explains what we collect, why, how we store it, and the choices you have. We've tried to write it in plain language.
The short version.
- Your ledgers live on your device first. The app works fully offline.
- We do not show ads and we do not use third-party advertising or tracking/analytics SDKs.
- When you match contacts, we send only one-way scrambled fingerprints (hashes) of phone numbers — your contacts' raw numbers never leave your device.
- You can delete your account and all associated data from inside the app at any time.
- We never sell your personal information.
1. Who we are
SettleUp (“SettleUp”, “we”, “us”) provides the SettleUp mobile app and its supporting cloud services. If you have any questions about this policy or your data, contact us at settleup.help@gmail.com.
2. Information we collect
Information you give us
- Account details. To sign in you provide either an email address (we send a one-time code) or sign in with Google, in which case Google shares your email address, name, and profile photo with us.
- Phone number. After signing in you link a WhatsApp phone number. We use it as a stable key to restore your data on a new device, to let people you know find you, and (in future) to deliver reminders. We store your number and a one-way hash of it.
- Your content. The groups and one-to-one ledgers you create, expenses and payments you record (amounts, descriptions, dates, notes), and any receipts or files you attach (images, PDFs, or voice notes).
Information collected automatically
- Device & app data. A device identifier we generate, your device name and platform (iOS/Android), and app version — used to keep your account secure and your data in sync across your devices.
- Diagnostics. Crash reports and error diagnostics to find and fix problems (see “Service providers” below). These are scrubbed of phone numbers and authentication tokens before they leave your device.
Contacts — matched privately
If you choose to find people you know, the app reads your device contacts on your device and sends us only SHA-256 hashes (irreversible one-way fingerprints) of the phone numbers, to check which of them already use SettleUp. We never receive or store your contacts' raw phone numbers or names from this match. You can decline the contacts permission and still use the app.
3. How we use your information
- To provide the core service — storing, syncing, and showing your ledgers, balances, and history.
- To back up your data so you can restore it on a new device.
- To enable shared ledgers — letting people you add see the expenses in a ledger you share with them.
- To secure your account and prevent abuse.
- To send transactional messages such as sign-in codes and, where you enable them, reminders and notifications.
- To diagnose crashes and improve reliability.
4. Where your data lives & how it's protected
Your data is stored locally on your device and, for signed-in users, backed up to our cloud so it can be restored and synced. Data is encrypted in transit using HTTPS/TLS and encrypted at rest by our infrastructure providers. Authentication tokens are stored in your device's secure keystore (iOS Keychain / Android Keystore), never in plain app storage.
5. Service providers we share data with
We share data only with the providers needed to run SettleUp, each acting on our instructions. We do not sell your data and do not share it with advertisers.
| Provider | Purpose |
|---|---|
| “Sign in with Google” authentication and push-message delivery (Firebase Cloud Messaging). | |
| Cloudflare | Application backend and storage of your attachments. |
| Neon | Cloud database for your synced ledger data. |
| Resend | Delivery of transactional email such as sign-in codes. |
| Sentry | Crash and error diagnostics. |
| Expo | Delivery of push notifications. |
We may also disclose information if required by law, to protect our rights, or in connection with a business transfer — in which case this policy continues to govern your data.
6. Your rights & choices
- Access & correction. Your data is visible and editable inside the app.
- Deletion. You can permanently delete your account and associated data from Account → Delete Account. This is irreversible.
- Permissions. You can grant or revoke contacts, notifications, and other permissions at any time in your device settings.
- Sign out. Signing out pauses cloud sync; your local data remains on the device until you delete it.
Depending on where you live, you may have additional rights (such as under the GDPR or CCPA) to access, port, or restrict processing of your data. To exercise these, contact us at the address above.
7. Data retention
We keep your data for as long as your account is active. Deleted items are tombstoned and removed; deleting your account removes your personal data from our systems. Limited security and audit logs (which never contain ledger amounts or raw phone numbers) are retained for a short period (typically 30–90 days) and then deleted.
8. Children
SettleUp is not directed to children under 13 (or the minimum age required in your country), and we do not knowingly collect their personal information.
9. International transfers
Our providers may process and store data in countries other than yours. Where they do, appropriate safeguards are applied to protect your information consistent with this policy.
10. Changes to this policy
We may update this policy from time to time. When we make material changes, we'll update the “Last updated” date above and, where appropriate, notify you in the app.
11. Contact us
Questions or requests about your privacy? Email settleup.help@gmail.com.