Privacy Policy

ZapSplit is a decentralized bill-splitting application built on Starknet. We provide tools for splitting shared expenses privately using zero-knowledge proof technology. We are not a financial institution, bank, or payment processor. We do not hold or custody your funds.

2.1 Information You Provide

• Email address — used for authentication via Privy. We do not store your email on our servers; it is processed by Privy (see Section 5).
• Group names and expense descriptions — stored locally in your browser (localStorage) during the beta. Not transmitted to our servers.
• Member handles (emails) — you enter these to identify group members. Stored locally in your browser.

2.2 Information Collected Automatically

• Starknet wallet address — derived from your Privy embedded wallet. Visible on the public blockchain for any transactions you make.
• Transaction hashes — public blockchain records of on-chain activity. We do not control what is visible on Starknet.
• Basic usage analytics — page views and interaction events via Vercel Analytics. No personally identifiable information is attached.

2.3 What We Do NOT Collect

• Your private keys or seed phrases (managed entirely by Privy)
• Your transaction amounts (encrypted on-chain via Tongo ZK proofs)
• Payment history beyond what you store locally
• Biometric data, government IDs, or financial records

• To provide the service — routing claim links, displaying group data, and facilitating on-chain transactions.
• To improve the product — aggregated usage analytics help us identify bugs and improve UX. No individual data is analysed.
• To communicate with you — if you contact us directly, we may respond using the email you provide.
• To comply with law — we will disclose information if required by a valid legal process, to the extent we hold it.

We do not sell, rent, or trade your personal information to third parties. Ever.

Starknet is a public blockchain. Any transaction you submit is permanently and publicly recorded. ZapSplit mitigates this through Tongo confidential transfers — your payment amounts and counterparties are ZK-encrypted on-chain. However:

• The existence of a transaction (that something happened) is public
• Your Starknet wallet address may be visible in transaction metadata
• On-chain data is immutable — we cannot delete it

We strongly recommend you understand the public nature of blockchain before using ZapSplit for sensitive transactions.

• Privy — handles authentication and embedded wallet key management. See Privy's Privacy Policy.
• AVNU — processes gasless transaction sponsorship. Sees transaction calldata, not your identity.
• Starknet RPC providers (Cartridge) — serve blockchain data. They see your wallet address and queries.
• Vercel — hosts the application. May process IP addresses and request metadata per their policy.

During beta, all group and expense data is stored in your browser's localStorage. Clearing your browser data deletes it. We do not maintain server-side records of your groups or expenses. On-chain data is permanent.

• Access — you can view all your data by inspecting your browser's localStorage.
• Deletion — clear your browser's localStorage to delete all off-chain ZapSplit data. On-chain data cannot be deleted.
• Portability — your data is stored as plain JSON in localStorage and can be exported at any time.
• GDPR / CCPA — if you are a resident of the EU or California, you have additional rights. Contact us at privacy@zapsplit.app.

We take security seriously. Private keys are never accessible to ZapSplit — they are managed exclusively by Privy's secure enclave infrastructure. The AVNU API key used for gasless transactions is stored server-side and never exposed to the client. All connections use HTTPS/TLS. We recommend using a unique email for your ZapSplit account and enabling 2FA on your email provider.

ZapSplit is not intended for users under 18 years of age. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, contact us immediately at privacy@zapsplit.app.

We may update this Privacy Policy from time to time. We will notify users of material changes by updating the "Last updated" date at the top of this page. Continued use of ZapSplit after changes constitutes acceptance of the updated policy.

Questions or concerns about this policy? Reach us at:

• Email: privacy@zapsplit.app
• Twitter/X: @zapsplit