Privacy Policy

Effective Date: March 2026

1. Introduction

At SetAll ("Company", "we", "our", "us"), we respect your privacy and are strongly committed to keeping your personal data secure. This Privacy Policy describes how we collect, use, process, and disclose your information across our website, mobile applications, and desktop applications (collectively, the "Service").

SetAll operates a non-custodial ledger system. We do not ask for, process, or store your bank account details, credit card numbers, or social security numbers.

2. Information We Collect

We only collect the information absolutely necessary to provide the Service to you and your groups. This includes:

  • Account Information: When you register, we collect your email address, a chosen display name, and an optional profile picture. If you use Single Sign-On (e.g., Google or Apple), we collect your email and public profile data authorized by those providers.
  • Ledger & Transaction Data: To calculate debts, we store the metadata of expenses you input, including descriptions, amounts, currencies, dates, and the internal user IDs of the group members involved.
  • Device & Usage Information: We collect non-personally identifiable technical information, such as device type, operating system version, app version, IP addresses, and crash logs to improve the stability of our multi-platform syncing engine.

3. How We Use Your Information

We use your data strictly to operate, maintain, and improve the SetAll Service. Specifically, we use your information to:

  • Sync your ledger across your personal devices via our cloud infrastructure.
  • Calculate optimized debt settlements (using the "Greedy Flow" algorithm) and securely display these balances to other authenticated members of your groups.
  • Send you critical transactional emails, such as password resets, login links, and group invitations.
  • Diagnose app crashes, monitor server load, and perform security audits.

4. How We Share Your Information

We do not sell, rent, or trade your personal data to data brokers, marketing agencies, or any other third party. We only share information in the following limited circumstances:

  • With Other Users: When you join a shared group, your display name, avatar, and the expense records you participate in are visible to other members of that specific group.
  • With Service Providers (Sub-processors): We share encrypted data with trusted cloud infrastructure providers strictly to operate the app. This includes Supabase (database and authentication hosting), Google/Firebase (crashlytics and app hosting), and Resend (transactional email delivery).
  • For Legal Reasons: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

5. Data Security

We take security seriously. SetAll employs industry-standard measures to protect your data, including:

  • Encryption: All data is encrypted in transit (using TLS/SSL) and at rest on our database servers.
  • Row Level Security (RLS): Database policies are strictly enforced so that a user can only query and retrieve expenses and group data they are explicitly authorized to view.

However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

6. Data Retention and Deletion

We retain your personal data only for as long as your account is active or as needed to provide you the Service. You have the right to delete your data at any time.

Account Deletion: You can initiate a permanent deletion of your account and all associated personal data directly within the SetAll application under Settings > Delete Account. This process triggers a cascading wipe of your records from our active servers.

7. Your Privacy Rights (GDPR & CCPA)

Depending on your location, you may have specific rights regarding your personal information, including:

  • The right to access the personal data we hold about you.
  • The right to request the correction of inaccurate personal data.
  • The right to request the erasure of your personal data ("Right to be Forgotten").
  • The right to object to or restrict our processing of your data.
  • The right to request a digital export of your data (Data Portability).

To exercise any of these rights, please contact us using the email provided below. We will respond to your request within the timeframe required by applicable law.

8. Children's Privacy

Our Service is not directed to anyone under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal identifiable information from children. If we discover that a child has provided us with personal data, we will immediately delete that information from our servers.

9. Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. You are advised to review this Privacy Policy periodically for any changes.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact our Data Protection Officer at:

[email protected]