Privacy Policy

1. Information We Collect

1.1 Information You Provide Directly

Account Information.When you create an account, we collect your name, email address, username, and profile photo. If you sign in with Apple or Google, we receive your name and email address (or a relay email address if you use Apple's "Hide My Email" feature) from those services. We also store your preferred payment method handles (e.g., Venmo username, Cash App $cashtag, Zelle phone number) that you voluntarily provide for expense settlement purposes.

Trip Information.When you create or join a trip, we collect trip names, destinations, dates, cover images, itinerary details (places, times, notes, links), and any content you post to the trip's notice board.

Expense and Payment Information. We collect expense titles, amounts, categories, merchant names, split details, and payment status information that you enter. We do not process payments directly — we generate deep links to third-party payment apps (Venmo, Cash App, Zelle). We do not collect or store bank account numbers, credit card numbers, or financial login credentials.

Receipt Images. When you use our receipt scanning feature, we collect the receipt images you upload. These images are processed by OpenAI's GPT-4o mini API to extract line items, totals, tax, and tip information. Receipt images are transmitted to OpenAI for processing and are subject to OpenAI's usage policies. We do not retain receipt images after processing is complete.

Chat Messages and Content. We collect messages, reactions, polls, GIFs, and other content you share in trip group chats and direct messages.

Social Information. If you use our social features, we collect your follow/follower relationships, direct messages, and any trip visibility preferences you set (private, followers-only, or public).

User-Generated Content. We collect photos, images, and other media you upload to trips, your profile, the notice board, or chat.

1.2 Information Collected Automatically

Device Information. We automatically collect device type, operating system and version, unique device identifiers, app version, and language settings.

Usage Data. We collect information about how you interact with the App, including screens viewed, features used, actions taken (such as creating trips, adding expenses, sending messages), timestamps, and session duration.

Location Data.If you enable location sharing for the Live Map feature, we collect your real-time geographic location. This data is shared only with members of your active trip. Location data is automatically deleted 24 hours after a trip ends. You can disable location sharing at any time through the App's settings or your device's system settings. You may also use "Ghost Mode" for temporary location privacy during a trip without fully disabling the feature.

Push Notification Tokens.If you enable push notifications, we collect your device's push notification token to deliver notifications about trip activity, payment requests, chat messages, and other relevant updates.

Log and Crash Data. We collect error logs, crash reports, and performance diagnostics to maintain and improve the App. This data may include device state information, stack traces, and the sequence of actions leading to an error.

1.3 Information from Third-Party Sources

Sign-In Services. If you authenticate using Apple or Google, we receive limited profile information as permitted by those services and your privacy settings.

GIF Service. When you search for and send GIFs through our chat feature, your search queries are sent to our GIF provider (Klipy) to retrieve results.

2. How We Use Your Information

We use the information we collect to:

• Create, maintain, and secure your account
• Enable trip planning, itinerary building, and group coordination
• Process and split expenses among trip members
• Facilitate group chat, direct messaging, polls, and reactions
• Display your location to trip members on the Live Map (when enabled)
• Scan and extract data from receipt images using AI
• Send push notifications about trip activity, payment requests, and messages
• Generate invite links so you can add members to trips
• Enable social features such as following, public profiles, and trip discovery
• Personalize your experience and suggest relevant content
• Analyze usage patterns to improve features and fix bugs
• Monitor App performance, diagnose technical issues, and prevent abuse
• Communicate with you about updates, new features, and support
• Comply with legal obligations

3. How We Share Your Information

We do not sell your personal information.

We share your information in the following circumstances:

With Other Users.Trip information, expenses, chat messages, itinerary items, and notice board posts are visible to other members of your trips. Your profile name, username, and avatar are visible to other users. If you enable location sharing, your real-time location is visible to your trip members. If you set trips to "followers" or "public" visibility, trip details become visible to your followers or all users, respectively.

With Service Providers. We share information with third-party service providers that perform services on our behalf:

Analytics and Performance Providers. We use analytics tools to understand how the App is used and to improve our services. These tools may collect device identifiers, usage patterns, and performance metrics. Our current and planned analytics providers include PostHog (product analytics and event tracking) and Sentry or Bugsnag (crash reporting and error monitoring).

Affiliate and Booking Partners. If you use in-app booking features (such as searching for hotels, flights, or activities), we may share your search queries (destination, dates, number of guests) with affiliate partners to display results. We currently integrate or plan to integrate with partners such as Booking.com, Viator, Skyscanner, and Travelpayouts. Transactions you complete through these partners are governed by their respective privacy policies.

Advertising. We do not currently display third-party advertisements. If we introduce advertising in the future, we will update this Privacy Policy. You will always be able to manage your advertising preferences through your device settings.

Legal Requirements. We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend our rights or property, prevent fraud, or protect the personal safety of users or the public.

Business Transfers. If we are involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

4. Third-Party SDKs and Integrations

Our App may include software development kits (SDKs) from third parties. The following is a list of categories of SDKs we currently use or may integrate in the future, along with the types of data they may collect:

• Authentication SDKs (Apple Sign-In, Google Sign-In): Collect authentication tokens and basic profile information.
• Analytics SDKs (PostHog, and in the future potentially Google Analytics for Firebase, Meta App Events, Mixpanel, Amplitude): May collect device identifiers, app usage events, screen views, feature engagement, session data, and in some cases IP addresses for geolocation.
• Crash Reporting SDKs (Sentry, Bugsnag): Collect crash logs, stack traces, device information, and app state at time of error.
• Push Notification SDKs (Expo Notifications, and in the future potentially Firebase Cloud Messaging, Apple Push Notification service): Collect device push tokens and notification interaction data.
• Advertising and Attribution SDKs (in the future potentially Meta Ads SDK, Google Ads SDK, Apple Search Ads Attribution, AppsFlyer, Adjust, or Branch): May collect device advertising identifiers (IDFA on iOS, GAID on Android), IP addresses, app install and event data, and attribution information.
• Payment Deep-Link SDKs (Venmo, Cash App, Zelle URL schemes): We generate deep links to these apps. We do not embed their SDKs or share data with these providers beyond the payment amount and a note string included in the URL.
• Subscription Management (RevenueCat, planned): May collect purchase history, subscription status, device identifiers, and transaction information.
• Mapping and Location SDKs (Google Maps, Google Places, and in the future potentially Mapbox or Apple MapKit): Collect location data, search queries, and map interaction data.

5. Your Privacy Choices and Rights

Account Information. You can update your name, username, avatar, and payment method handles at any time through the Profile screen in the App.

Location Sharing.You can enable or disable location sharing at any time through the App's Live Map settings or your device's system settings. You can also activate Ghost Mode for temporary privacy during a trip.

Push Notifications.You can manage push notification preferences through your device's system settings.

Data Deletion. You can request deletion of your account and associated data by visiting our Account Deletion page or by contacting us at privacy@getoutthechat.com. Upon receiving a verified deletion request, we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes. When your account is deleted, your messages in group chats may be retained in anonymized form so that trip chat history remains coherent for other members.

Data Portability. You may request a copy of your personal data in a structured, machine-readable format by contacting us at privacy@getoutthechat.com.

Opt-Out of Analytics. You can limit analytics collection by disabling the advertising identifier on your device (Settings → Privacy → Tracking on iOS; Settings → Google → Ads on Android).

Apple App Tracking Transparency.On iOS 14.5 and later, we will request your permission through Apple's App Tracking Transparency framework before tracking your activity across other companies' apps and websites. You can change this permission at any time in your device settings.

Do Not Track.Some browsers transmit "Do Not Track" signals. Because there is no common industry standard for interpreting these signals, the App does not currently respond to them.

For California Residents (CCPA / CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and disclose about you
• Request deletion of your personal information
• Opt out of the "sale" or "sharing" of your personal information (we do not sell personal information)
• Non-discrimination for exercising your privacy rights

To exercise these rights, contact us at privacy@getoutthechat.com or use the in-app privacy controls.

For European Economic Area, UK, and Swiss Residents (GDPR)

If you are located in the EEA, UK, or Switzerland, our legal bases for processing your personal data are:

• Performance of a contract — to provide and maintain the App's core features
• Legitimate interests — to improve the App, ensure security, and prevent fraud
• Consent — for location sharing, push notifications, analytics tracking, and marketing communications (where applicable)

You have the right to access, rectify, erase, restrict processing, object to processing, and port your data. You also have the right to withdraw consent at any time and to lodge a complaint with your local data protection authority. Contact us at privacy@getoutthechat.com to exercise any of these rights.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with the App's services. Specifically:

• Account data is retained until you delete your account
• Trip data (itineraries, expenses, chat messages) is retained for the duration of the trip and as long as any trip member maintains an active account
• Location data is automatically deleted 24 hours after a trip ends
• Receipt images are not retained after processing — only the extracted text data is stored
• Crash logs and error reports are retained for up to 90 days
• Analytics data is retained in aggregated or anonymized form and may be kept indefinitely

After account deletion, we may retain certain data in anonymized or aggregated form for analytics purposes, or as required by law.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• All data in transit is encrypted using TLS/SSL
• Database access is controlled by Row Level Security (RLS) policies ensuring users can only access trips and data they are authorized to view
• Authentication is managed through industry-standard providers (Supabase Auth with Apple and Google OAuth)
• Passwords are hashed and never stored in plain text
• File storage uses signed URLs with expiration for access control
• We conduct periodic security reviews of our infrastructure

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

8. Children's Privacy

The App is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@getoutthechat.com. If we become aware that we have collected personal information from a child under 13 without verification of parental consent, we will take steps to delete that information.

For users between 13 and 17, a parent or guardian must review and agree to this Privacy Policy on their behalf.

9. International Data Transfers

Your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction. By using the App, you consent to such transfers. Where required by applicable law (such as GDPR), we ensure appropriate safeguards are in place for international transfers, such as standard contractual clauses.

Our primary data infrastructure is hosted by Supabase in the United States (AWS US East region).

10. Third-Party Links and Services

The App may contain links to third-party websites, services, or applications that are not operated by us, including payment apps (Venmo, Cash App), booking platforms, and GIF services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before interacting with them.

11. Apple App Store and Google Play Compliance

Apple App Privacy Labels

In accordance with Apple's App Store requirements, the following data types may be collected by the App:

Data Used to Track You: Advertising identifier (IDFA) — only if you grant permission through App Tracking Transparency, and only when advertising or attribution SDKs are active.

Data Linked to You: Name, email address, username, profile photo, payment method handles, location (when sharing is enabled), user content (messages, photos, trip data), usage data, device identifiers, push notification tokens.

Data Not Linked to You: Crash data, performance data, anonymized analytics data.

Google Play Data Safety

In accordance with Google Play requirements: We collect and share data as described in this policy. All data in transit is encrypted. You can request data deletion by contacting privacy@getoutthechat.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the App (via an in-app notification or banner) and update the "Last Updated" date at the top of this page. Your continued use of the App after such modifications constitutes your acknowledgment of the modified Privacy Policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy, or if you wish to exercise your privacy rights, please contact us: