Privacy Policy

This policy explains how Tipso ("we", "us") — operated by NWARE S.R.L., str. Teilor no. 10, Craiova, Romania — collects, uses, and protects your personal data when you use the Tipso mobile app and website. We are the data controller under the EU General Data Protection Regulation (GDPR) and Romanian data-protection law.

Tipso helps you split restaurant checks. No money ever flows through the app — we only do the math.

1. What data we collect

• Account data — your name and email address, obtained when you sign in with Google, Apple, or email & password.
• Receipt images — photos of receipts you scan or upload.
• Receipt content — items, prices, and amounts extracted from those images, plus the claims and splits you and your group create.
• Contacts you add — the email addresses of friends you invite to a receipt.
• Diagnostics — error reports and basic device/app information, used to keep the app working.

We do not collect payment or banking details, because no payments are processed.

2. How we use your data and our legal basis

• To provide the service (sign-in, scanning, extraction, splitting, real-time collaboration) — legal basis: performance of a contract.
• To secure the service and prevent abuse, and to monitor errors — legal basis: our legitimate interest in a safe, reliable product.
• To contact you about your account or service changes — legal basis: performance of a contract / legitimate interest.

3. Who we share it with (processors)

We never sell your data. We share it only with service providers who process it on our behalf, under contract:

• Clerk — authentication.
• Google and Apple — sign-in providers you choose.
• Cloudflare R2 — storage of receipt images.
• OpenRouter / Azure Document Intelligence — optical character recognition on receipt images.
• Neon — our database.
• Upstash — real-time collaboration.
• Sentry — error monitoring.

4. International transfers

Some providers process data outside the European Economic Area (e.g. in the United States). Where they do, transfers are protected by the European Commission's Standard Contractual Clauses or an equivalent safeguard.

5. How long we keep it

We keep your account and receipt data for as long as your account is active. When you delete your account, we delete or anonymise your personal data within 30 days, except where we must retain it to meet a legal obligation. Diagnostic logs are kept for a limited period and then deleted.

6. Your rights

Under the GDPR you have the right to: access your data; correct it; delete it; restrict or object to its processing; receive it in a portable format; and withdraw consent at any time. To exercise any of these, email privacy@tipso.app.

You also have the right to lodge a complaint with the Romanian supervisory authority, ANSPDCP (dataprotection.ro).

7. Security

Data is encrypted in transit. We restrict access to personal data to what is necessary to run the service.

8. Children

Tipso is not directed at children under 16, and we do not knowingly collect their data.

9. Changes

We may update this policy. We will post the new version here and update the date above; material changes will be communicated in the app.

10. Contact

Questions or requests: privacy@tipso.app.