Privacy Policy

Last updated: April 22, 2026

This Privacy Policy describes how Costpot ("we", "us", or "our") handles information when you use our iOS app. Costpot helps you split shared expenses with friends, family, and roommates. By using the app, you agree to the handling of information described in this policy.

1. Information We Collect

We only collect what's needed to run the app:

• Account information: You sign in with Sign in with Apple or Google. We receive your email address and, if you choose to share it, your name from the provider. We never see or store your password — authentication is handled entirely by Apple or Google.
• Profile: An optional display name you can set or change from within the app.
• Content you create: Groups you create or join, expense descriptions and amounts, currency, notes, settlements, and receipt photos you choose to attach to a transaction.
• Invitations: When you invite someone to a group, we store the email address you enter so the invite link can be matched to them when they sign up.

We do not use third-party analytics, advertising, or crash reporting SDKs, and we do not collect device identifiers, location, contacts, or usage tracking.

2. How We Use Your Information

We use the information we collect to:

• Let you sign in and keep you signed in across sessions.
• Store and sync your groups, expenses, and settlements across your devices.
• Show other members of a group the expenses, notes, and receipts shared in that group.
• Send and accept group invitations.
• Respond to your support requests.
• Keep the service secure and prevent abuse.

3. Sharing of Information

We do not sell your personal information and we do not share it for advertising. We share information only in these limited cases:

• With other group members: Content you add to a group — expense descriptions, amounts, notes, receipt photos, and your display name or email — is visible to other members of that group.
• Infrastructure providers: We host the application and its Postgres database on a virtual private server, and store transaction photos on Cloudflare R2. Authentication itself is performed by Apple and Google when you sign in with one of those providers.
• Legal requirements: We may disclose information if required by law or in response to valid requests by public authorities.
• Business transfers: If Costpot is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

4. Data Retention and Deletion

We keep your information for as long as your account is active. You can sign out at any time from Settings. If you'd like your account and the data associated with it deleted, email us at the address below and we will process the request. Content you've shared in a group may remain visible to other group members as part of the group's shared history even after your account is deleted, so that balances and settlements remain consistent for the other members.

5. Security

Data is transmitted over HTTPS and stored by our infrastructure provider with access controls that restrict each user's data to groups they belong to. No system is perfectly secure, but we use commercially reasonable safeguards to protect your information.

6. Children's Privacy

Costpot is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

7. Your Rights

Depending on where you live, you may have the right to access, correct, export, or delete the personal information we hold about you, and to object to or restrict certain processing. You can exercise these rights by emailing us at the address below.

8. International Data Transfers

Your information may be processed and stored in countries other than the one in which you live, where data protection laws may differ from those of your jurisdiction.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date above and, where appropriate, notify you in the app. We encourage you to review this policy periodically.

10. Contact Us

If you have any questions about this Privacy Policy or want to exercise any of your rights, contact us at hello@costpot.app.