Privacy Policy

Last updated: February 2026

Your privacy is important to us. This Privacy Policy explains how BuddyPay ("we", "us", or "our") collects, uses, and protects your information when you use the BuddyPay mobile application and related services (the "Service"). By using the Service, you agree to the practices described in this policy.

1. Information We Collect

We collect the following types of information:

Account information. When you sign in with Google, Apple, or Email, we collect your name, email address, and profile picture (if provided). For Google or Apple sign-in, we receive this information from the sign-in provider and do not receive or store your Google or Apple password. For email sign-in, we collect your email address and store a secure hash of your password (we never store passwords in plain text).

Expense data. Information you enter into the app, including group names, expense descriptions, amounts, splits, and settlement records.

Usage data. We may collect anonymous usage data such as which features you use, crash reports, and general app performance metrics. This helps us improve the Service.

Device information. We may collect basic device information such as device type, operating system version, and app version for troubleshooting and compatibility purposes.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Create and manage your account
  • Track and display shared expenses within your groups
  • Calculate balances and suggested settlements
  • Send important service-related notifications
  • Diagnose technical issues and improve the app
  • Respond to your support requests

We do not sell your personal information. We do not use your data for advertising purposes.

3. Third-Party Services

BuddyPay relies on the following third-party services to operate:

Google Sign-In, Apple Sign-In, and Email Authentication. We offer multiple sign-in options for your convenience. When you use Google or Apple sign-in, the provider shares your basic profile information with us according to their own privacy policies. We do not share your expense data back with Google or Apple. For email authentication, we manage your credentials directly using industry-standard security practices.

Supabase. We use Supabase as our backend infrastructure for data storage and authentication. Your data is stored on Supabase servers. Supabase's privacy practices are governed by their own privacy policy.

Analytics. We may use privacy-friendly analytics tools to collect anonymous usage statistics. These tools do not track you across other websites or apps.

4. Data Storage and Security

Your data is stored securely on Supabase-managed infrastructure. We use industry-standard security practices, including:

  • Encryption of data in transit using TLS/SSL
  • Encryption of data at rest
  • Secure authentication via Google and Apple sign-in protocols, as well as industry-standard password hashing for email accounts
  • Row-level security policies on our database

While we take reasonable measures to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

5. Data Retention and Deletion

We retain your data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete your personal information from our systems within a reasonable timeframe. Some data may be retained in anonymized form for analytics purposes.

Expense records shared with other users may continue to appear in those users' accounts even after your account is deleted, as they are part of shared group history.

6. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate information in your account
  • Delete your account and associated personal data
  • Export your data in a portable format

To exercise any of these rights, please contact us at the address below.

7. Children's Privacy

BuddyPay is rated 4+ on the App Store and Google Play, and is available to users of all ages. If a user is under 18 years old (or the age of majority in their jurisdiction), a parent or legal guardian must consent to the collection and use of their information as described in this policy. If you are a parent or guardian and believe your child is using BuddyPay without your consent, please contact us and we will take appropriate steps to address your concerns.

8. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

9. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at support@buddypay.app.