Privacy Policy

Last updated: February 8, 2026

deves.me ("we", "our", or "the Service") is an expense splitting application operated by Luis Goncalves. This Privacy Policy explains how we collect, use, and protect your information when you use our web application at deves.me and our mobile application (collectively, the "Service").

1. Information We Collect

1.1 Account Information

When you create an account, we may collect:

• Wallet address — Your blockchain wallet address, optionally connected for crypto settlements
• Email address — Optionally provided during onboarding or captured from social login (Google, Apple)
• Display name — Optionally provided to identify you within groups

1.2 Expense Data

When you use the Service, we store:

• Group names and descriptions
• Expense details (amount, description, date, currency)
• Expense splits (how costs are divided among group members)
• Settlement records (who paid whom and when)
• Group membership and invitation status

1.3 Technical Data

We automatically collect:

• Log data — Error logs, feature usage events, and performance metrics via Axiom
• Analytics data — Anonymous usage patterns via PostHog (feature usage counts, not personal data)
• Device information — Device type, operating system version, and app version (for debugging)

1.4 Information We Do NOT Collect

• Private keys or seed phrases — We never have access to your wallet's private keys
• Financial account details — No bank accounts, credit card numbers, or financial credentials
• Location data — We do not track your location
• Contacts — We do not access your phone's contact list
• Photos or media — Unless you explicitly upload expense receipts (future feature)

2. How We Use Your Information

We use the information we collect to:

• Provide the expense splitting service (creating groups, tracking expenses, calculating balances)
• Authenticate your identity and protect your account
• Send email notifications about group invitations (if you provide an email)
• Improve the Service through anonymous usage analytics
• Debug issues and maintain service reliability
• Communicate important service updates

3. Data Storage and Security

3.1 Where We Store Data

Your data is stored in Supabase (hosted on AWS), which provides PostgreSQL databases with Row Level Security (RLS). All database operations use SECURITY DEFINER functions that enforce authorization checks server-side.

3.2 Security Measures

• All data is transmitted over HTTPS/TLS encryption
• Database access is controlled by Row Level Security policies
• All database operations go through authorized RPC functions
• Authentication is managed by Supabase Auth with JWT-based sessions
• Mobile app session data is stored in device-encrypted storage
• Passwords are securely hashed by Supabase Auth — we never store them in plaintext

4. Data Sharing

We do not sell your data. We share data only in these limited circumstances:

• With group members — Other members of your expense groups can see your display name (or wallet address), expenses you create, and balance information within that group
• Service providers — We use the following third-party services:
  • Supabase — Database hosting and authentication
  • Vercel — Web application hosting
  • Expo/EAS — Mobile app build and distribution
  • Axiom — Error logging and monitoring (no PII)
  • PostHog — Anonymous product analytics (opt-out available)
  • Resend — Email delivery for notifications
  • Reown (WalletConnect) — Optional wallet connection for crypto settlements
• Legal requirements — If required by law, court order, or governmental authority

5. Your Rights and Choices

5.1 Analytics Opt-Out

You can opt out of analytics tracking at any time through the Settings page. When opted out, no analytics events are sent to PostHog.

5.2 Data Access

You can view all your data through the app (groups, expenses, settlements, profile information).

5.3 Data Deletion

You can delete individual groups and expenses through the app. To request complete account deletion, contact us at the email address listed below. We will delete all your personal data within 30 days, except where retention is required by law.

5.4 Data Portability

You can request an export of your data by contacting us. We will provide your data in a machine-readable format (JSON or CSV).

6. Children's Privacy

The Service is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal data from a child under 13, we will delete it promptly.

7. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. By using the Service, you consent to the transfer of your data to these jurisdictions.

8. Cookie Policy

The web application uses minimal cookies and local storage for:

• Authentication session management (wallet connection state)
• Theme preferences (light/dark mode)
• Analytics opt-out preference

We do not use advertising cookies or tracking cookies from third parties.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at:

• Email: privacy@deves.me
• Website: https://deves.me

This privacy policy is effective as of February 8, 2026.