Privacy Policy
Last updated: May 28, 2026
fygit is a bill-splitter. You scan a receipt; your friends claim their items in a browser; everyone pays their share. This page explains what data we collect to make that work, what we do with it, and how to get rid of it.
We try to keep this short and in plain English. If anything here is unclear, email hello@fygit.app and we'll rewrite it.
Who runs fygit
fygit is built and operated by an independent developer based in Canada. For the purposes of GDPR / UK GDPR / CCPA, the data controller is the operator of fygit reachable at hello@fygit.app.
What we collect
1. Account data (host)
When you install the iOS app and sign in, we create an account tied to either:
- an anonymous user ID generated on first launch, or
- an email + name if you sign in with Apple, Google, or email.
We use this to remember your bill history, your preferred tip rate, and (if you upgrade) your Pro entitlement. Nothing here is shared with anyone outside our infrastructure providers.
2. Bill data
When you scan a receipt, fygit sends the photo to Anthropic's Claude API to extract line items. The parsed result - items, taxes, tips, modifiers - is stored in our database so you can re-open the bill, share it via a link, and (eventually) get smart pre-splits the next time you visit the same merchant. We do not retain the receipt image after parsing; it is sent to Claude, the structured result comes back, and the image is discarded.
3. Guest claim data
When a friend opens a fygit link and claims items, we store their display name (whatever they typed) and which items they claimed. We do not require them to sign in, set a password, or install anything. We do not collect their email or device identifiers.
4. Device + app diagnostics
We collect basic device info (OS version, app version, device model, country) and anonymous crash reports. We do this so we can fix bugs and prioritize what's broken. We use:
- Sentry for crash and error reports (no PII; we strip user identifiers and bill content before sending).
- PostHog for anonymous product analytics — high-level funnel milestones such as "a scan started," "a split finished," or "the paywall appeared," tied only to your anonymous user ID.
Our product analytics are deliberately content-free: we never send item names, merchant names, amounts, or receipt images to PostHog, and we never use them to build an advertising profile, track you across other apps, or sell your data. You can ask us to turn analytics off for your account at any time — see Your rights below.
5. Subscription data
Pro purchases are processed by Apple (App Store) and managed via RevenueCat. We never see your credit card or Apple ID. We receive an entitlement flag ("Pro: yes/no") and a transaction ID for support.
6. Trial eligibility (device-bound)
fygit's 7-day free trial is limited to one trial per
device. To enforce this without forcing you to sign up,
we read your device's vendor identifier (Apple's
identifierForVendor, an iOS-only value that is
unique to this app on this device and resets when you uninstall
all apps from the same publisher or restore your iPhone).
We hash this identifier with SHA-256 and a private salt before it ever leaves the device. The hash is stored in our database alongside your trial start date so a second sign-up on the same device can't reset the trial. The hash cannot be reversed to recover the original identifier, and it cannot be used to track you across other apps — Apple's vendor identifier is intentionally scoped to fygit.
We use this hash only for trial-abuse prevention. It is never shared with advertisers, analytics providers, or other third parties.
What we don't collect
- We don't read your contacts, calendar, photos library, or location.
- We don't track you across other apps or websites.
- We don't sell, rent, or license your data to advertisers. There are no ads in fygit.
- We don't keep receipt images after parsing.
Who we share data with
We share data only with the infrastructure providers that make the app work:
| Provider | Purpose | Data shared |
|---|---|---|
| Supabase | Database, auth, realtime sync | Account, bill data, claims |
| Anthropic (Claude) | Receipt OCR + parsing | Receipt image (transient, not retained by us) |
| Apple (App Store) | Subscription billing | Apple-managed; we don't see your payment info |
| RevenueCat | Subscription state | Anonymous user ID, entitlement, transaction ID |
| Sentry | Crash reporting | Stack traces, OS version (no PII) |
| PostHog | Anonymous product analytics | Anonymous user ID, funnel event names (no bill content) |
| Supabase (trial ledger) | Trial-eligibility check (one trial per device) | Salted SHA-256 hash of the device's vendor identifier (cannot be reversed) |
| AWS (S3, CloudFront) | Static landing page hosting (no user data) | None — fygit.app/privacy, /eula, etc. are static pages with no per-user data |
| AWS (EC2) | Guest Live Claim web (fygit.app/s/<slug>) | HTTP request logs (IP, user agent — 30-day retention) |
We will never sell your data, and we will only disclose it to third parties outside the list above if we are legally compelled to do so by a valid court order. If that happens, we will attempt to notify you unless prohibited by law.
Where data is stored
Our database and file storage live in Supabase's US-East region. Static assets and CloudFront edge caches are global. If you are in the EU/UK, your data will be transferred to the United States; the providers above use Standard Contractual Clauses for this transfer.
How long we keep data
- Bill history: retained until you delete the bill or the account.
- Receipt images: not retained after parsing (held in memory only during the API round-trip).
- Account: retained until you request deletion (see below).
- Crash events: 90 days, then deleted by Sentry.
- Product-analytics events: anonymous and not linked to bill content; retained for product analysis and deleted when you delete your account.
- HTTP access logs: 30 days at AWS, then deleted.
- API usage logs: when you scan a receipt, we log your anonymous user ID, the model name, and the token count for billing reconciliation and abuse detection. We do not log the receipt image, the parsed bill, or any item names. Retained 30 days, then deleted.
Your rights
Wherever you are, you can ask us to:
- Send you a copy of your data.
- Delete your account and all bills associated with it.
- Correct anything we have on file.
- Stop using your data for analytics.
Email hello@fygit.app from the address on the account, or from the device's anonymous account screen, and we'll handle it within 30 days.
If you live in California (CCPA) or the EU/UK (GDPR), you also have the right to withdraw consent and to lodge a complaint with your local data protection authority.
Children
fygit is not directed to children under 13. We do not knowingly collect data from anyone under 13. If you believe we have, email us and we'll delete it.
Security
All traffic to and from fygit is HTTPS-encrypted. Database access is restricted by row-level security (you can only read rows tied to your own user). Production secrets are stored in AWS / Supabase managed secret stores, not in source.
No system is bulletproof. If we ever discover a breach that affects you, we'll notify you within 72 hours of confirming it, per GDPR.
Changes to this policy
If we change anything material, we'll update the "Last updated" date at the top and (for material changes) notify you in the app. Continued use after a change means you accept the new policy.
Contact
Questions, requests, or anything else: hello@fygit.app.