Privacy Policy
This Privacy Policy describes how TabTap ("we", "us", "our", or the "App") handles information when you use the TabTap mobile application on iOS or Android.
Plain-language summary
- No accounts, no sign-up. Your owner profile — your name and the payment handles you choose to save — lives on your device.
- Reading the receipt uses the cloud. When you scan a receipt, the photo is sent securely to our server and to Anthropic (the company behind Claude) to read the items and prices. We don't keep the photo after reading it, and Anthropic does not use it to train its models.
- Sharing a link stores a little more, briefly. If you choose "send a link" instead of passing the phone, your receipt photo and the split details are stored in our cloud so guests can open the link. The photo is private and shown only through temporary links that expire.
- We delete it quickly. The receipt photo is deleted about an hour after you finish the split (within 24 hours no matter what). The entire split record is deleted 48 hours after it's created.
- Payments happen in other apps (Venmo, PayPal, Zelle, Cash App). TabTap never sees, holds, or moves money.
- Crash reports (via Sentry, when configured) and the $0.50 in-app purchase (via Apple or Google) are the other things that leave your device.
- We do not sell your information. Ever.
1. Information we handle
1.1. Your owner profile (stays on your device)
When you set up your owner profile in TabTap, you may enter:
- Your name
- One or more payment handles you choose to save (Venmo username, PayPal email or PayPal.me link, Zelle phone or email, Cash App handle)
Your profile is stored on your device using the operating system's standard application storage. There is no TabTap account or login. Your profile is only transmitted off your device if and when you choose to create a share link (see 1.3) — at which point the name and handles you include travel with that split so guests can pay you.
1.2. Reading your receipt (camera, photo library, and cloud parsing)
When you scan a receipt, TabTap requests permission to take a photo or choose one from your photo library. To turn that photo into a list of items and prices:
- The photo is sent securely (over HTTPS) to our server, which forwards it to Anthropic (the maker of Claude) to read the items, prices, and totals.
- Your device also runs on-device text recognition (Google ML Kit) to position the items on the photo so you can tap them.
We do not store the photo on our server as part of this reading step — it is used to extract the items and then discarded from the request. Anthropic processes the image to return the items and does not use it to train its models. This cloud reading happens for every scan, whether you pass the phone or send a link.
1.3. Share-link splits (only if you choose to send a link)
Instead of passing the phone around, you can send a link so friends can claim their items in a web browser. If you do, the following is stored in our cloud database and storage (provided by Supabase) so the link works:
- The receipt photo — stored in a private storage area. It is never publicly accessible; guest pages display it only through a temporary link that expires.
- The split details: the parsed items and amounts, your name, the payment handles you chose to include, and — as guests participate — each guest's chosen display name and which items they claimed.
This information exists only to make the shared split work, and it is deleted automatically on the schedule in Section 6. We never sell or share it for advertising or any unrelated purpose.
1.4. Pass-the-phone splits and tap data
If you split by passing the phone around the table, the tap data (which person claimed which items) and the calculated shares live in temporary in-memory state on your device for that one session and are discarded when you finish or leave the flow. Nothing about a pass-the-phone split is stored in our cloud (the receipt is still read as described in 1.2).
1.5. Crash reports
TabTap includes the Sentry SDK to help us find and fix bugs. When the app hits an unexpected error and Sentry has been configured, Sentry collects a stack trace, the app version, generic device information (model, OS version), and a short trail of session events (screen transitions, button taps) leading up to the error.
Sentry is configured to not capture screenshots, and we do not log the contents of your owner profile, payment handles, receipt photos, parsed item text, guest names, or split calculations in crash reports. If Sentry has not been configured, no crash data is collected at all.
1.6. In-app purchase information
TabTap charges a $0.50 fee per bill split via Apple In-App Purchase (iOS) or Google Play Billing (Android). Apple or Google processes your payment; TabTap receives only confirmation that a purchase succeeded and never sees your payment method, card number, or billing address. Apple and Google retain transaction records under their own policies.
2. Information we do NOT collect
TabTap does not collect:
- Email addresses or phone numbers, except where you voluntarily enter one as your own payment handle
- Location data
- Advertising identifiers (IDFA, Advertising ID)
- Usage analytics or behavioral profiles (beyond the crash reports described above)
- Contacts, calendar, microphone audio, or other phone data
- Your payment card or bank details (Apple and Google handle the purchase)
We do not sell your information to anyone, ever.
3. How we use information
| Data | Purpose |
|---|---|
| Owner profile (name, payment handles) | Pre-fill your details in payment requests and, in a shared split, show guests how to pay you |
| Receipt photo (parsing) | Read the items, prices, and totals so they can be tapped and split |
| Share-link photo + split details | Let invited guests open the link, see the receipt, and claim their items |
| Tap data | Calculate each person's share with proportional tax + tip |
| Crash reports (Sentry, if configured) | Diagnose and fix bugs |
| In-app purchase confirmation | Verify a $0.50 split-pass purchase completed |
We do not use any of this data for advertising or profiling.
4. Third-party services
TabTap relies on the services below. When you interact with them, their privacy policies apply in addition to ours. Anthropic, Supabase, and Vercel act as our service providers, processing data on our behalf to operate the App.
| Service | What it does | Privacy policy |
|---|---|---|
| Anthropic (Claude) | Reads your receipt photo to extract items and prices. Does not train on the image. | Link |
| Supabase | Cloud database + private storage that holds share-link photos and split data (United States). | Link |
| Vercel | Hosts our backend and the guest claim web pages. | Link |
| Google ML Kit | On-device text recognition to position items on the receipt. Runs locally. | Link |
| Sentry | Receives anonymized crash reports when configured. | Link |
| Apple In-App Purchase | Processes the $0.50 split-pass purchase on iOS. | Link |
| Google Play Billing | Processes the $0.50 split-pass purchase on Android. | Link |
| Venmo | Opened via deep link to send a payment. We pass a handle, amount, and note. | Link |
| PayPal / PayPal.me | Opened via a web link to send a payment. | Link |
| Cash App | Opened via deep link to send a payment. | Link |
| Zelle | Recipient information is shown in-app; Zelle has no deep-link integration. | Link |
5. Where your data lives
| Data | Location |
|---|---|
| Owner profile (name, payment handles) | Your device's app storage |
| Receipt photo during parsing | Transiently processed on our server (Vercel) and by Anthropic; not retained afterward |
| Share-link receipt photo | Private cloud storage (Supabase, United States); shown only via temporary expiring links |
| Share-link split record (name, items, handles, guest claims) | Cloud database (Supabase, United States) |
| Pass-the-phone tap data and calculated shares | In memory on your device, during a single session |
| Crash reports | Sentry servers (United States or EU), if configured |
| Purchase records | Apple servers (iOS) or Google servers (Android) |
6. Data retention
- Owner profile: stays on your device until you delete it in the app or uninstall TabTap
- Share-link receipt photo: deleted about one hour after you finalize the split, and within 24 hours in all cases
- Share-link split record (name, payment handles, items, guest claims): deleted 48 hours after the split is created
- Parsing copy of the photo: not retained after the items are read
- Pass-the-phone tap data: discarded at the end of each session
- Crash reports: retained for 90 days by Sentry
- Apple / Google purchase records: retained per Apple's and Google's policies
7. Your rights and choices
7.1. Access and deletion
- On-device data: clear your profile in the app, or uninstall TabTap to remove all on-device data
- Share-link data: it deletes itself automatically on the schedule above; to have a specific shared split deleted sooner, email us with the share link and we'll remove it
- Camera or photo-library permission: revoke it anytime in your device's system settings under "TabTap"
- Crash reports: email us with the subject line "Privacy — Crash Report Deletion" and we'll request deletion from Sentry
- Purchase records: contact Apple or Google directly
7.2. California residents (CCPA / CPRA)
If you are a California resident, you have the right to know what personal information we collect, to delete it, to opt out of any sale or sharing of personal information, and to non-discrimination for exercising your rights. TabTap does not sell or share your personal information. To exercise other rights, contact us at the email below.
7.3. Other U.S. state privacy laws
Residents of states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others) have similar rights. Contact us to exercise them.
7.4. European, UK, and Swiss residents (GDPR / UK GDPR)
If you are in the European Economic Area, the United Kingdom, or Switzerland, you have the right to access, rectify, port, or delete your personal data, and to object to or restrict our processing. The legal basis for reading your receipt and operating a share link is performing the service you request; the basis for crash reports is our legitimate interest in app stability. To exercise these rights, contact us at the email below.
8. Children's privacy
TabTap is not directed to children under 13 (or under 16 in the European Economic Area, the United Kingdom, and Switzerland). We do not knowingly collect personal information from children. If you believe a child has provided information through TabTap, please contact us and we will take reasonable steps to remove it.
9. Security
All data transmitted between the App, our server, and our service providers is encrypted in transit (HTTPS). Share-link receipt photos are kept in a private storage bucket with no public access; they are served only through short-lived signed links generated by our server. Our database uses row-level security, and privileged operations run server-side with credentials that are never shipped in the app. Because share-link data is deleted automatically within hours, very little is ever retained to begin with.
No system is perfectly secure; if you discover a vulnerability, please report it to the email below.
10. International users
TabTap is operated from the United States. If you use TabTap from outside the United States, your information (including share-link data, receipt parsing, crash reports, and purchase records) may be transferred to and processed in the United States or other countries. By using TabTap, you consent to this transfer.
11. Changes to this policy
We may update this privacy policy as TabTap evolves. The "Last updated" date at the top reflects the most recent change, and material changes will be announced in the app's release notes. A version history is maintained in the public repository where this policy is hosted, so you can see exactly what changed and when.
12. Contact
For privacy questions, data deletion requests, or to report a vulnerability:
Email: tabtapap@gmail.com
Subject line: "TabTap Privacy"
We aim to respond within 7 business days.