Effective Date: March 16, 2026 · Last Updated: March 16, 2026
Receipt OCR and SMS parsing run entirely on your iPhone. No images or messages are uploaded.
Your data is encrypted in transit and at rest. Passwords are never stored in plaintext.
ExpenSync contains no ad networks, no analytics SDKs, and your data is never sold.
Expenses and sessions sync securely to the cloud so you never lose your data if you reinstall.
ExpenSync ("we," "our," or "us") is an independent iOS application that helps individuals track personal expenses and split shared costs with friends via TapSplit sessions. This Privacy Policy explains how we collect, use, store, and protect information when you use the ExpenSync iOS application ("App").
By using the App, you agree to the practices described herein. If you do not agree, please discontinue use of the App.
| Data Type | Purpose | Cloud Stored |
|---|---|---|
| Name | Display in app and TapSplit sessions | Yes |
| Email address | Authentication, password reset | Yes |
| Password | Authentication — securely hashed, never plaintext | Hashed only |
| Expense records | Core functionality — amounts, vendors, categories, XP | Yes |
| TapSplit sessions | Group expense sessions, balances, settlements | Yes |
| Data Type | How It's Used | Uploaded |
|---|---|---|
| SMS / banking alerts | Locally parsed to detect transaction amount, vendor, and date. Raw SMS content stays on device. | Never |
| Camera / receipt images | Analyzed on-device by Apple Vision & Apple Intelligence OCR. Images never transmitted. | Never |
| Multipeer session data | Sent directly device-to-device over Bluetooth/Wi-Fi. Does not route through servers. | Never |
When you use 'Scan Receipt', ExpenSync uses Apple's Vision framework and Apple Intelligence (Foundation Models) to recognize text and extract expense data on your device. Receipt images are deleted immediately after processing. No images or raw OCR text are ever sent to ExpenSync servers.
When you use 'Log SMS', ExpenSync reads your banking SMS messages on-device using pattern matching. It extracts the transaction amount, debit/credit direction, vendor, date, and masked account number. No raw SMS content is ever transmitted — only the extracted structured data (amount, vendor, date) which you review before saving.
Session data shared between nearby participants is transmitted directly device-to-device using Apple's Multipeer Connectivity framework over Bluetooth and Wi-Fi Direct. This traffic does not route through ExpenSync servers. Changes are queued locally and synced to the cloud when internet is available.
We do not sell, rent, or trade your personal information. Data may be shared only in these limited circumstances:
We retain your account and expense data for as long as your account is active. If you request account deletion, we will permanently delete your personal data within 30 days, except where retention is required by applicable law.
On-device data (SMS parsing cache, offline expense queue) is cleared when you delete the app from your device.
No method of internet transmission is 100% secure. While we take all reasonable steps, we cannot guarantee absolute security.
Email aniket.bhatia0329@gmail.com to exercise any of these rights. We respond within 30 days.
We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date. If changes are material, you will be notified via email or an in-app notice. Continued use of the App after changes constitutes acceptance of the updated policy.
For any questions, requests, or concerns about this Privacy Policy: