Privacy Policy for Splitrate

Splitrate is published by Marcel Baklouti (individual, email: support@splitrate.app). In accordance with Art. 13 GDPR, the name and contact details of the controller must be provided. Your data is processed exclusively in accordance with this privacy policy and legal requirements.

This policy applies to the "Splitrate" app (iOS), available through the App Store. Splitrate is a local-first expense management app. It works without internet and without a user account. Optional synchronization uses Apple's CloudKit (iCloud). Apple stores and manages your data according to its own privacy policy. The app itself does not collect personal data except for data explicitly requested for its functionality.

Splitrate optionally uses CloudKit to store your app data in iCloud. The data is stored in your private iCloud database. Apple states that CloudKit data is encrypted using a device-specific key hierarchy; all keys are generated on your device before data is uploaded. Many iCloud services are end-to-end encrypted, and the required keys are stored exclusively on your devices – neither Apple nor third parties can access this data. If you don't use iCloud or sign out, your Splitrate data remains locally on your device. The legal basis is your active consent to iCloud use (Art. 6(1)(a) GDPR).

The app can send push notifications, e.g., for reminders. This service uses Apple's Push Notification Service (APNS). This feature is optional – you must consent to receive notifications. Notification content is only transmitted, not analyzed. You can disable notifications at any time in your iOS settings. We do not track this; Apple requires apps to actively ask for permission before tracking users across services or apps.

To scan or attach receipts, Splitrate can access your camera and photo library if you allow it. iOS displays a prompt each time before the app receives this permission. Your photos or camera captures remain on your device (or your iCloud if active). We do not transfer or store any images on our servers. As Apple emphasizes, no app can access the camera or microphone without your permission. Splitrate does not use the microphone – only the camera and photo selection (photos, no video processing).

Splitrate does not request or use any location or audio data. Features like GPS/localization or microphone access are not integrated. No permanent device identifiers (UDID, MAC, IMEI, etc.) are collected.

Splitrate does not use external analytics services or advertising networks. There is no user tracking and no creation of user profiles. We do not collect data about your usage behavior. The app also does not store crash logs or error reports itself. Only Apple can – with your consent in iOS settings – collect anonymous usage and crash statistics. Apple states that this data does not allow personal identification and is only sent with explicit consent. We do not receive any personal crash or usage data.

• Locally Stored Data: Expenses, photos, and notes captured in the app. This data remains on your device (or in your iCloud if enabled). The purpose is to provide app functionality.
• iCloud Data: If you enable iCloud sync, app data is synchronized across your iCloud-connected devices. The purpose is cross-platform data backup and synchronization. Apple is (co-)responsible for this data in iCloud.
• Contact Data: If you contact us (email/support form), we only process the personal contact data you provide (name, email address) to respond to your inquiry (legal basis: legitimate interest, Art. 6(1)(f) GDPR). Data from contact requests is deleted or anonymized afterward.

Splitrate does not share data with third parties. We neither sell data nor use sub-processors other than Apple (as cloud service provider). No advertising or tracking links are included.

Under the GDPR, you have the right to access stored personal data as well as to rectification of inaccurate data, deletion of your data, restriction of processing, data portability, and objection to processing. Your data can be deleted by uninstalling the app and, if iCloud is enabled, removing "Splitrate" from iCloud Drive. You can revoke granted permissions at any time in settings. Additionally, comparable rights apply in California (USA) under the California Privacy Rights Act (CPRA): California residents can request access to their stored data and its deletion.

Please send requests by email to support@splitrate.app. We typically respond to access and deletion requests as well as revocations within one month – if necessary, the deadline can be extended by up to two months. If there are doubts about identity, we may request proof. Of course, we treat your request confidentially and comply with our legal obligations. If Splitrate does not fulfill your request, you can contact the competent data protection supervisory authority.