1. Data Controller
The controller of your personal data is the creator and operator of the "Let's Settle Up!" application (hereinafter: the "App"). For data protection inquiries, contact: michal.salwin@gmail.com.
2. Data We Collect
- First and last name (provided during registration or from your Google account)
- Email address
- Profile photo (if you sign in with Google)
- Expense and settlement data within the groups you belong to
3. Purpose and Legal Basis for Processing
We process your data for the following purposes:
- Service provision — enabling expense tracking within groups (Art. 6(1)(b) GDPR — performance of a contract / provision of a service under the Terms of Service)
- User identification — login and account management (Art. 6(1)(b) GDPR)
4. Data Recipients
- Google LLC (Firebase) — as a data processor. Google processes data in accordance with its Data Processing Addendum.
- Other members of your group — they can see your name, email, and expenses and settlements within the shared group.
5. Data Storage
- Data is stored in Cloud Firestore in the europe-central2 (Warsaw, Poland) region.
- Some Google services may process data in the USA — Google participates in the EU-U.S. Data Privacy Framework (DPF), which is recognized by the European Commission as a valid basis for data transfers.
6. Data Retention and Account Deletion
We retain your data until you delete your account. You can delete your account in the app settings (Profile → Delete Account). Upon account deletion:
- Personal data (first name, last name, email, profile photo) is permanently deleted.
- Authentication account (Firebase Authentication) is permanently deleted.
- Expense and settlement records in groups are anonymized — attributed to a "Deleted User" label — to preserve the integrity of settlements for remaining group members (Art. 17(3)(b) GDPR — legitimate interest of third parties).
- Anonymized data does not constitute personal data within the meaning of the GDPR (Recital 26), as it does not allow identification of a natural person.
7. Your Rights
Under the GDPR, you have the following rights:
- Right of access to your data (Art. 15 GDPR)
- Right to rectification of your data (Art. 16 GDPR)
- Right to erasure — "right to be forgotten" (Art. 17 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object to processing (Art. 21 GDPR)
- Right to lodge a complaint with the supervisory authority — the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, Poland
To exercise any of these rights, contact us at: michal.salwin@gmail.com.
8. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- Data transmission encryption (TLS/HTTPS)
- Firebase Security Rules (Firestore Security Rules)
- User authentication (Firebase Authentication)
9. Cookies and Analytics
The App uses only technical cookies necessary for the service to function (authentication session). We do not use marketing or tracking cookies.
10. Changes to This Privacy Policy
We reserve the right to update this Privacy Policy. Users will be notified of significant changes via an in-app notification.
Last updated: March 26, 2026