Privacy Policy

1. Who We Are

SettleUp is operated by TruelyTech ("we", "us", "our"). If you have any questions about this Privacy Policy, contact us at mail@truelytech.com.

2. Information We Collect

Account Information

When you register, we collect:

• Name — displayed to your group members
• Email address — used for login, invitations, and transactional emails
• Phone number — collected optionally for OTP-based login verification
• Password — stored as a one-way bcrypt hash; we never store or see your plaintext password

Financial and Group Data

When you use the app we store:

• Groups you create or join, and their member lists
• Expenses you log (description, amount, split method, category, date, payer)
• Settlement records (who paid whom and when)
• Group invitations sent and received (including invitee email addresses)

Technical Data

Our server logs may contain your IP address and HTTP request metadata (path, timestamp, user-agent) for rate-limiting and error diagnosis. These logs are not linked to your user identity and are rotated regularly.

3. How We Use Your Information

• To create and manage your account and provide the SettleUp service
• To send transactional emails (group invitations, welcome emails, acceptance notifications)
• To compute and display accurate balances within your groups
• To detect abuse and enforce rate limits

We do not use your data for advertising, behavioural profiling, or any purpose beyond operating the service.

4. Information Sharing

We do not sell, rent, or share your personal data with third parties, except in these limited cases:

• Group members: your display name is visible to other members of groups you join
• Email delivery: transactional emails are sent via Gmail SMTP (Google). No other data is shared with Google
• Legal requirements: we may disclose data if required by applicable law or court order, or to protect the rights and safety of our users

5. Data Storage and Security

All data is stored on a private VPS (Hostinger, EU infrastructure). We use:

• HTTPS/TLS for all data in transit between the app and our servers
• bcrypt hashing for password storage
• Short-lived JWT tokens (15-minute access tokens, 7-day refresh tokens)
• MongoDB with network access restricted to the application server

No payment card information is ever collected or stored — SettleUp is a ledger tracker, not a payment processor.

6. Data Retention

We retain your data for as long as your account is active. When you delete your account, your personal information (name, email, phone number) and all associated data (expenses, groups, settlements, invitations) are permanently deleted from our systems within 30 days of the deletion request.

7. Your Rights

You have the right to:

• Access — request a copy of your personal data by emailing us
• Correction — update your name and email from the Account screen in the app
• Deletion — permanently delete your account and all associated data by emailing mail@truelytech.com with the subject line "Delete My SettleUp Account"
• Portability — request an export of your expense data by emailing us

See our Account Deletion guide for step-by-step instructions.

8. Children's Privacy

SettleUp is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with personal information, contact us immediately and we will delete it.

9. Cookies and Tracking

The SettleUp app does not use advertising cookies or tracking SDKs. The server uses standard HTTP access logs only. No third-party analytics are embedded in the app.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or via an in-app notice. Continued use of the app after the effective date constitutes acceptance of the revised policy.

11. Contact

For any privacy-related questions, rights requests, or data concerns, email mail@truelytech.com. We aim to respond within 5 business days.