ChipIn

01 / Privacy

Privacy Policy

Last updated 10 June 2026

1. Who's responsible for your data

ChipIn (chipinpay.app) is the data controller for the personal information described in this policy. Contact us at privacy@chipinpay.app.

2. What we collect

  • Account info: your email address (for sign-in via magic link or Google) and the display name you choose.
  • Bill content: the receipt photo you upload, the extracted line items, totals, currency, and any edits you make.
  • Guest sessions: if you join a ChipIn as a guest, we store your chosen display name and the items you claim. A short guest token lives on your device only.
  • Payment data: when card payments are enabled, our payment processor handles card details directly — we only see the amount, status, and a reference ID.
  • Technical data: basic logs (timestamps, error traces, anonymised request info) used to keep the service running.

3. How we use it

  • To run the service — show your bills, sync diners in realtime, and compute shares.
  • To process OCR on receipts you upload (handled by our AI provider; receipt text is sent for extraction and not used to train their models).
  • To send essential account email (magic links, security notices).
  • To keep ChipIn secure and to investigate abuse.

We don't sell your data and we don't run advertising trackers.

4. Who we share it with

We use a small set of service providers acting on our instructions: hosting and database (Lovable Cloud / Supabase, EU region), OCR (our AI gateway provider), and — when enabled — Stripe or Paddle for card processing. Each is bound by data-processing terms.

5. How long we keep it

  • Open ChipIns: while active, plus 12 months after settlement.
  • Deleted ChipIns: removed within 30 days.
  • Account deletion: erases your account and bills within 30 days; some backups roll off within 90 days.
  • Payment records: retained as required by tax/financial regulations (typically 6–7 years).

6. Your rights

Depending on where you live, you have rights to access, correct, export, or delete your data, and to object to or restrict certain processing. Email privacy@chipinpay.app and we'll respond within 30 days. You can also lodge a complaint with your local data-protection authority.

7. International transfers

Our primary servers are in the EU. Some sub-processors (e.g. payment providers) may process data in the US or UK under approved transfer mechanisms (Standard Contractual Clauses or equivalent).

8. Cookies and storage

ChipIn uses essential storage only — a sign-in session token, and a per-bill guest token kept in your browser's local storage. No third-party advertising or analytics cookies.

9. Children

ChipIn isn't intended for children under 13. We don't knowingly collect data from anyone under 13; contact us if you believe we have.

10. Changes to this policy

We'll post material changes in-app at least 14 days before they take effect. The "Last updated" date above always reflects the current version.