Privacy Policy

PayTogether helps small groups keep receipts, IOUs, and settle-up plans in one place. This policy explains what we collect, why we collect it, and the simple ways you stay in control.

Effective: November 27, 2025 Applies to: PayTogether website & app

Welcome

PayTogether.io ("PayTogether," "we," "us") operates the expense sharing workspace at https://app.paytogether.io. Questions about this policy? Email us at privacy@paytogether.io.

Information we collect

What you type or upload

  • Account basics: Name, email, and authentication data.
  • Profile settings: Display name, theme preferences, and settle-up payment methods (Venmo, PayPal, Zelle handles, etc.) you choose to save for sharing with others.
  • Group data: Group names, member information, participant profiles, settle-up preferences, and notes.
  • Transactions: Expense descriptions, amounts, categories, splits, attachments, and audit history. Saved favorites carry the same fields until you delete them.
  • Receipt sessions: Uploaded images, extraction results, review edits, charge split configurations (taxes, gratuity, fees, discounts), payer selection, guest claims, settle-up instructions, and finalized transactions.
  • Guest sharing: Display names guests choose, claim history, payment status, and the temporary access tokens you issue. Guests also see any payment methods you explicitly share with them.
  • Notifications: We store notification records (balance changes, group activity) tied to your account so you can review recent alerts.
  • Support messages: Anything you send to support, beta questionnaires, or feedback prompts.

Billing & subscription information

Stripe collects your payment method, billing name, and billing email when you subscribe to PayTogether Plus. We receive subscription status, the last four digits of your card, plan tier, and invoices—never full card numbers.

Device and safety signals

  • Basic device details (browser, OS, screen size) and app version to debug issues.
  • Authentication, database, and rate-limit logs that capture user ID, request metadata, and timestamps to prevent abuse.
  • Error and performance traces (no keystrokes or browsing history).

Receipt extraction

When you scan a receipt, we temporarily store the file and send the image (or text copy) to third-party services to transform it into structured line items. We only send the content you provide for this purpose, never your full account history.

Currency conversion

When a receipt is in a different currency than your group's home currency, we fetch exchange rates from third-party providers to display converted amounts. We do not share your financial data with these providers—only the currency pair is queried.

What we don't collect

No contact lists, GPS data, advertising identifiers, biometric data, or third-party bank credentials. Payment method handles you save (Venmo usernames, etc.) are stored only for display purposes and are never used to initiate transactions.

How we use information

  • Provide core features: Keep groups in sync, calculate balances, power favorites, and surface settle-up suggestions.
  • Receipt scanning: Validate files, run extraction, let you configure charge splits, and convert approved claims into a single transaction.
  • Guest participation: Generate invite links, show guest claims, display your shared payment methods to guests, and keep a short activity log so you can revoke access with confidence.
  • Notifications: Alert you to balance changes and group activity so you stay informed without checking the app constantly.
  • Support & communication: Reply to questions, send essential service emails, and notify you about balance changes in your groups.
  • Security: Detect fraud, enforce rate limits, and block abusive accounts.
  • Product health: Measure aggregate usage (e.g., how many receipts finish extraction) to decide what to build next. We don't run ads or sell your data.

How we share information

Vendors that keep PayTogether running

  • Cloud infrastructure providers: Authentication, database, file storage, and backend services.
  • Hosting services: Web application and marketing site delivery.
  • Stripe: Subscription billing and invoice emails.
  • AI/ML services: Receipt image processing and data extraction. These services process the images you submit and return structured data that the app can use.
  • Exchange rate providers: Currency conversion lookups (no personal data shared, only currency pairs).

Each provider only accesses data that is necessary for their job and must safeguard it per their own contracts.

People you invite

Group members can see expenses, comments, settle-up instructions, and receipt claims inside that group. Guest links expose just the receipt session you explicitly share and can be revoked anytime. If you share payment methods with guests, those handles are visible until you disable them or revoke the link.

Legal requirements

We may disclose data if required by law, court order, or to protect someone from imminent harm.

Never for ads

We don't sell, rent, or trade your data with advertisers or data brokers. There is no third-party marketing inside the app.

Storage, retention, and deletion

  • Application data: All data is stored with encryption at rest and HTTPS in transit. Access is controlled through authentication and admin tooling with audit logs.
  • Receipt uploads: Stored in a private bucket while the session is active. Sessions expire automatically after roughly 30 days of inactivity. We keep minimal backups for disaster recovery.
  • Guest participation: Guest names and claim totals stick around while the receipt is open and up to 30 days after everyone is marked paid, then they age out.
  • Favorites: Saved until you delete them or remove your account.
  • Notifications: Stored for a limited time to power the notification history view, then automatically purged.
  • Subscription records: Stripe keeps legally required billing history even after you cancel; we store plan status and receipts for bookkeeping.

You can request full account deletion by emailing privacy@paytogether.io. We remove active data promptly and clear cached/backed-up copies during the next scheduled purge window.

Your choices & rights

  • Access & edit: Update your name, profile, payment methods, groups, and favorites directly in the app.
  • Payment method sharing: Control which of your saved payment methods are shared with guests on a per-receipt basis.
  • Guest links: Disable or regenerate any guest receipt link in one tap.
  • Notifications: Manage notification preferences in your account settings.
  • Deletion: You may request deletion of your account and associated data by contacting us at privacy@paytogether.io. We'll remove your information from active systems, subject to any legal retention requirements.

Cookies & local storage

We use essential cookies to keep you signed in and store lightweight preferences (theme, dismissed tips) in local storage. There are no advertising cookies or cross-site trackers.

Age Requirements

PayTogether is for users 13 and older. If you're under 18, you need permission from a parent or guardian.

Changes to this policy

When we make material updates, we'll update the date above, email active account owners, or show an in-app notice. Using PayTogether after the update goes live means you agree to the new terms.

Contact

Have a privacy question, want to exercise a right, or spotted something unclear? Email privacy@paytogether.io.