Privacy Policy

Last updated: 22 February 2026

1. Introduction

555 Notebook ("we", "our", "us") is a travel expense splitting application. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the 555 Notebook mobile application and related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you register, we collect:

• Email address — used for account authentication and password reset
• Display name — shown to other trip members
• Profile avatar (optional) — uploaded image stored securely

If you sign in with Google, we receive your name, email address, and profile picture from Google. We do not receive or store your Google password.

2.2 Trip and Financial Data

When you use the Service, we collect:

• Trip names, currencies, and member lists
• Receipt images and extracted data (merchant name, items, prices)
• Expense descriptions and split amounts
• Settlement records between trip members
• Activity logs within trips

2.3 Device Information

We collect device tokens for push notifications (Firebase Cloud Messaging). We do not collect device identifiers, location data, or usage analytics beyond what is necessary for the Service to function.

2.4 Purchase Information

Credit purchases are processed through Google Play Billing. We receive a purchase token to verify the transaction but do not store your payment method details. All payment processing is handled by Google.

3. How We Use Your Information

We use your information to:

• Provide and maintain the Service — creating trips, processing receipts, calculating balances
• Send push notifications — settlement updates, nudge reminders, member join events
• Process receipt images — AI-powered extraction of merchant names, items, and prices
• Verify in-app purchases and manage credit balances
• Send password reset emails when requested
• Improve the Service through aggregated, anonymized usage patterns

4. Receipt Image Processing

When you upload a receipt image, it is:

1. Compressed and stored in our cloud storage (Cloudflare R2)
2. Processed by an AI vision model to extract text, items, and prices
3. Optionally translated to English if the receipt is in another language

Receipt images are accessible only to members of the trip they belong to, via time-limited signed URLs. Images are permanently deleted when the associated trip is deleted.

5. Data Storage and Security

We take the security of your data seriously:

• Encryption in transit: All data is transmitted over HTTPS (TLS)
• Password hashing: Passwords are hashed using bcrypt and never stored in plain text
• Secure token storage: Authentication tokens are stored in your device's secure storage
• Access control: Trip data is only accessible to approved trip members
• Receipt image access: Images are served via time-limited signed URLs

Your data is stored on servers that employ industry-standard security practices.

6. Data Sharing

We do not sell, rent, or trade your personal information to third parties.

Your trip data (receipts, expenses, balances) is shared only with other approved members of the same trip. We may share data with:

• AI processing services — receipt images are sent to AI models for text extraction (processed data only, not stored by the AI provider)
• Email service — your email address is used to send password reset codes via our email provider
• Push notification service — device tokens are used with Firebase Cloud Messaging
• Payment processing — purchase verification with Google Play

7. Data Retention

• Active trips: Data is retained as long as the trip exists
• Inactive trips: Trips with no activity for 90 days may be automatically deleted
• Settled/archived trips: Automatically deleted 30 days after settlement or archival
• Demo trips: Automatically deleted after 90 days of inactivity
• Notifications: Automatically deleted after 90 days
• Failed receipts: Automatically deleted after 7 days
• Rejected settlements: Automatically deleted after 90 days
• Device tokens: Stale push notification tokens removed after 90 days of inactivity

8. Your Rights

You have the right to:

• Access your data — view all your trip data, receipts, and expenses within the app
• Export your data — download trip data as CSV files
• Delete your account — permanently remove your account and personal information from the app settings. Financial records in shared trips are preserved in anonymized form to maintain balance integrity for other members.
• Update your information — change your display name and avatar at any time

9. Children's Privacy

The Service is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us so we can delete it.

10. Offline Data

The app caches trip data locally on your device for offline access. This cached data is cleared when you log out. No offline data is sent to external parties.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or your personal data, please contact us at:

Email: support@notebook555.com