Back to Home

Privacy Policy

Last Updated: August 7, 2024

Introduction

Welcome to ShareBill. We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR) and Germany’s Telecommunications-Telemedia Data Protection Act (TTDSG). This Privacy Policy explains what data we collect, how we use it, and your rights as a user of our service.

This application is designed to be simple: no user registration or login is required.

Disclaimer: Use At Your Own Risk

Please be aware that this is a demonstration or "toy" project. While we strive to maintain data integrity, it is provided "as is" without any warranties. There is a possibility that data could be lost or inadvertently deleted. Please use this application at your own risk and do not store critical information here.

Data Controller

The responsible entity (data controller) for data processing is:

Email: schadeapps@gmail.com

What Data We Collect and Why

1. Group and Expense Data (Stored in Firebase)

When you create or join a group, we collect the following information:

  • Group Name: The name you give your group (e.g., "Vacation with Friends").
  • Member Names: The names of group participants you manually enter.
  • Expenses: Expense details you provide (e.g., amount, description, category, payer, and how the cost is split).

Purpose: This data is used solely to enable the bill-splitting functionality.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in providing core app functionality.

Where it’s stored: Data is stored in Google Firebase Firestore (see “Third-Country Transfers” below). Each group is assigned a unique, non-guessable ID. Group data can only be accessed by someone who knows this specific ID.

2. Data Stored in Your Browser (LocalStorage)

To provide a seamless, login-free experience, we use your browser's localStorage. The following data is stored exclusively on your device:

  • Group IDs: A list of groups you’ve created or visited, stored under the key `sharebill-groups`.
  • Privacy Consent: A flag stored under the key `sharebill-privacy-consent` to remember that you've accepted our privacy notice.

Purpose: To improve usability and remember your groups.

Legal basis: Art. 6(1)(a) GDPR — your consent (obtained via our privacy banner).

Where it’s stored: This data is never sent to our servers. It remains entirely on your device unless you clear your browser data.

Cookies and LocalStorage Notice (TTDSG Compliance)

We use your browser’s localStorage and essential cookies to ensure the functionality and security of our service.

LocalStorage

We use your browser’s localStorage only to store essential functionality data (such as your group history and privacy preferences). We ask for your consent before storing this data, as required under §25(1) TTDSG.

Cookies

Our application is served through Cloudflare, which sets a cookie named __cfuvid. This cookie is strictly necessary for Cloudflare's security features, such as rate limiting and bot detection, which help protect our service from malicious traffic.

Data Security

We rely on Google Firebase Firestore, which uses industry-standard encryption and security protocols. Access to group data is protected by Firestore Security Rules that allow access only if the group’s unique ID is known. We do not track, analyze, or monetize your data.

Third-Country Data Transfers

Data you enter into ShareBill is stored and processed using Google Firebase, a service provided by Google LLC, based in the United States.

Although your data may be stored in EU data centers, Google is a US company, so international data transfers may occur. These are protected by Standard Contractual Clauses (SCCs) approved by the European Commission under Art. 46 GDPR.

How Long We Store Your Data

Group and expense data: Stored in Firebase indefinitely or until deleted by the user. We may delete unused or inactive groups after a long period (e.g., 12+ months of inactivity).

Browser data (localStorage): Stored until you manually clear your browser data.

Your Rights Under the GDPR

As an EU-based user, you have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct any inaccurate or incomplete data.
  • Deletion: Ask us to delete your group or expense data.
  • Objection: Object to data processing where applicable.
  • Complaint: Lodge a complaint with your local data protection authority (e.g., the Bundesbeauftragte für den Datenschutz und die Informationsfreiheit in Germany).

To exercise these rights, please contact us at schadeapps@gmail.com.

Changes to This Privacy Policy

We may update this policy from time to time. If we make significant changes, we will inform users via the app interface. Please check this page periodically.

Contact

If you have any questions about this policy or how we handle your data, please contact:

Email: schadeapps@gmail.com