Last updated: May 9, 2025
This privacy policy explains which personal data we process when you use the mobile app "SplitBuddies", for what purposes, and which rights you have as a data subject. It applies to all versions of the app available in the Apple (iOS) and Google (Android) app stores within the European Union.
1. Controller according to Art. 4 No. 7 GDPR
Name / Provider
Simon Buchholz
Füssener Str. 11
87600 Kaufbeuren
Germany
E-Mail: splitbuddies.appbench@gmail.com
2. Categories of Data, Purposes, and Legal Bases
| Processing Activity | Categories of Data | Purpose | Legal Basis |
|---|---|---|---|
| Account Registration & Login (via Auth0) | Email address; Auth0 user ID; if applicable, social login provider ID; display name; profile picture URL | Provision and management of your user account; authentication (passwords are processed exclusively
by Auth0 and are not stored by SplitBuddies) |
Art. 6(1)(b) GDPR (Contract) |
| App Usage (managing expenses) | Expenses, amounts, group and contact names entered by you | Core function of the app: recording, calculating, and displaying shared expenses | Art. 6(1)(b) GDPR |
| System Logs & Error Reports | Device type, operating system, timestamps, request IDs, error messages | Stability, error analysis, abuse detection | Art. 6(1)(f) GDPR (legitimate interest in app security) |
| Contact via Email | Email address, content of your message | Support, response to inquiries | Art. 6(1)(f) GDPR |
We do not use tracking or analytics SDKs for advertising purposes and do not integrate any advertising networks.
3. Minors
SplitBuddies is not specifically directed at children. Users under the age of 16 may only use the app with the consent of their legal guardians (Art. 8 GDPR). We will request proof of age or consent if we become aware that an account is operated by a minor without the necessary consent.
4. Storage Location and Recipients of Data
| Service | Role | Processing Location | Safeguards |
|---|---|---|---|
| Google Cloud | Hosting of server application and access logs | Data centers in Belgium | Data Processing Agreement (DPA) incl. EU Standard Contractual Clauses, ISO 27001 |
| CockroachDB Cloud | Database for app data | Data centers in Belgium | DPA, encryption at rest/in transit |
| Auth0 (Okta) | Identity provider (login, token management) | EU region | DPA, Standard Contractual Clauses, ISO 27018 |
No data is transferred to third countries outside the European Economic Area.
5. Storage Period and Deletion
Account data is stored as long as your user account exists. You can delete your account at any time via the app settings.
After account deletion, we remove personal data from our active systems within 30 days.
To maintain the integrity of existing group calculations, expense entries remain in anonymized form (without reference to your person).
Server logs and backup copies are automatically deleted after a maximum of 90 days.
6. Security of Processing (Art. 32 GDPR)
We implement appropriate technical and organizational measures, including: TLS encryption of all connections (App ↔ Backend ↔ Database), encryption of stored data ("at rest"), role-based access control for authorized personnel only, and regular security updates.
7. Rights of Data Subjects
You have the right at any time to:
- Obtain information about the data we store about you (Art. 15 GDPR),
- Request rectification of inaccurate data (Art. 16 GDPR),
- Request erasure or exercise the "right to be forgotten" (Art. 17 GDPR),
- Request restriction of processing (Art. 18 GDPR),
- Object to processing for reasons arising from your particular situation (Art. 21 GDPR),
- Request data portability (Art. 20 GDPR),
- Withdraw consent at any time (Art. 7(3) GDPR).
To exercise these rights, please contact splitbuddies.appbench@gcloud.com
8. Right to Lodge a Complaint with a Supervisory Authority
You have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU member state of your habitual residence, place of work, or the place of the alleged infringement. The competent authority for the provider is:
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 27, 91522 Ansbach, Germany
https://www.lda.bayern.de
9. Obligation to Provide Data
Providing an email address is required to create a SplitBuddies account and use the service. Without this information, the app cannot be operated. All other data (e.g., profile picture) is voluntary.
10. Automated Decision-Making / Profiling
We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR.
11. Changes to this Privacy Policy
We reserve the right to amend this privacy policy if the app or the legal situation changes. We will inform
you of any material changes in the app or by email.
Should any provision of this policy be or become invalid, the validity of the remaining provisions shall
remain unaffected.
12. Language
The German version of this privacy policy is legally binding. Translations into other languages are provided solely for convenience. In case of discrepancies, the German version shall prevail.