Halvz ("we," "our," or "us") operates the Halvz mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App. Please read this policy carefully. By using Halvz, you agree to the practices described herein.
1. Information We Collect
1.1 Information You Provide
- Phone Number — Used for account creation and authentication via one-time passcode (OTP).
- Display Name & Profile Photo — Your chosen name and optional avatar for identification within the App.
- Expense Data — Details of expenses you create, including descriptions, amounts, categories, split configurations, and associated receipts.
- Group Information — Names, members, and settings for expense-sharing groups you create or join.
- Payment Records — Records of settlements made between you and other users (we do not process actual payments).
1.2 Information Collected Automatically
- Device Information — Device type, operating system version, and unique device identifiers for push notification delivery.
- Push Notification Tokens — Expo Push tokens stored to deliver real-time notifications about expenses, payments, and reminders.
- Usage Analytics — Anonymized data about app usage patterns to improve our service.
- Advertising Identifiers — Identifiers used by Google AdMob to serve relevant advertisements.
1.3 Information Accessed with Permission
- Contacts — With your explicit permission, we access your device contacts to help you find and add friends to groups. Contact data is used only for matching and is not stored on our servers.
- Camera & Photo Library — With your permission, used for receipt scanning and profile photo uploads.
2. How We Use Your Information
We use the information we collect to:
- Provide Core Services — Create and manage your account, track shared expenses, calculate balances, and facilitate settlements.
- Send Notifications — Deliver push notifications about new expenses, payment requests, reminders, and group activity.
- Enable Social Features — Allow you to find friends via phone number, create groups, and collaborate on shared expenses.
- Process Receipts — Use optical character recognition (OCR) to extract item and total data from receipt images you upload.
- Display Advertisements — Serve ads through Google AdMob to support the free version of the App.
- Improve the App — Analyze usage patterns to fix bugs, improve performance, and develop new features.
3. Third-Party Services
Halvz relies on the following third-party services, each governed by their own privacy policies:
3.1 Firebase (Google)
We use Firebase for authentication (phone OTP), database (Cloud Firestore), file storage (Cloud Storage), and serverless functions (Cloud Functions). Data is stored on Google Cloud infrastructure.
Authentication Database Storage Functions
3.2 Google AdMob
We use Google AdMob to display advertisements. AdMob may collect device identifiers, advertising IDs, and usage data to serve personalized or contextual ads. You can opt out of personalized advertising through your device settings.
Advertising
3.3 Google Cloud Vision API
Receipt images you upload for scanning are processed via the Google Cloud Vision API for text extraction. Images are transmitted securely and are not retained by Google after processing.
OCR / Receipt Scanning
3.4 Expo Push Notification Service
We use the Expo push notification service to deliver notifications to your device. Expo processes push tokens and notification payloads to route messages.
Push Notifications
4. Data Sharing & Disclosure
We do not sell your personal information. We may share data in these limited circumstances:
- With Other Users — Your display name, profile photo, and expense activity are visible to members of groups you belong to.
- Service Providers — With the third-party services listed above, solely to operate the App.
- Legal Requirements — When required by law, regulation, legal process, or governmental request.
- Safety — To protect the rights, property, or safety of Halvz, our users, or the public.
5. Data Retention & Deletion
We retain your data for as long as your account is active or as needed to provide our services. Specifically:
- Account Data — Retained until you delete your account.
- Expense Records — Retained as long as the associated group or relationship is active.
- Receipt Images — Stored in Firebase Cloud Storage until you or a group admin deletes the associated expense.
- Push Tokens — Automatically invalidated when you log out or uninstall the App.
Deleting Your Account
You can request deletion of your account and all associated data by contacting us at support@halvz.app. Upon request, we will delete your personal data within 30 days, except where retention is required by law. Shared expense records visible to other group members may be anonymized rather than deleted to preserve group integrity.
6. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption in transit (TLS/SSL) for all API communications.
- Firebase Security Rules restricting database access to authorized users only.
- Server-side validation of all data operations via Cloud Functions.
- No storage of passwords — authentication is handled entirely via phone OTP through Firebase Auth.
No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
7. Your Rights
7.1 General Rights
Regardless of where you reside, you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your data.
- Opt out of push notifications via your device settings.
- Opt out of personalized advertising via your device settings.
7.2 European Economic Area (GDPR)
If you are in the EEA, you have additional rights under the General Data Protection Regulation, including the right to data portability, the right to restrict processing, and the right to lodge a complaint with a supervisory authority. Our legal basis for processing is your consent (for contacts access and notifications) and legitimate interest (for providing the service).
7.3 California Residents (CCPA)
If you are a California resident, you have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us at support@halvz.app.
8. Children's Privacy
Halvz is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy within the App and updating the "Last updated" date above. Your continued use of the App after changes are posted constitutes acceptance of the revised policy.
10. Contact Us