bill-splitter.com The easiest way to split a bill!

Privacy Policy

Last updated: 20 May 2026

Bill-splitter helps a group divide a restaurant bill from a single receipt photo. This page describes exactly what we collect, what stays on your device, how long we keep anything, and how to reach us.

The short version. Your receipt photo never leaves your phone. The parsed items and total briefly reach our server so everyone can pick their share in real time, and the whole session is automatically deleted within 30 minutes. We don't have user accounts, we don't keep history, and we don't sell or share data.

What stays in your browser

The receipt photo (or PDF) you upload. Image processing and OCR run inside a Web Worker on your device.
The raw OCR text Tesseract produces from that image.
EXIF metadata, GPS coordinates, capture device — none of it is read or sent.
Your display name and your per-session user ID are saved to localStorage on your device so you don't retype your name and so a brief disconnect doesn't lose your picks. You can clear them at any time via your browser's site-data controls.

What reaches our server

Once the scanner taps Share with friends, the structured Receipt object is uploaded so other participants can see the items they're splitting. That object contains:

Item names, quantities, and prices.
The receipt total, and (when present) tax and tip amounts.
The vendor / merchant name as it appears on the receipt.
The currency and the date printed on the receipt.

While the session is live, the server also tracks each participant's display name, the items they have claimed, and a server-assigned anonymous user ID. No email, phone number, or payment information is ever requested or stored.

How long we keep it

Every session expires 30 minutes after creation. Whatever was uploaded is then permanently deleted from disk.
If everyone disconnects, the session also evicts itself 5 minutes after the last participant leaves, whichever comes first.
The host can also tap Scan new receipt at any moment, which deletes the current session immediately and disconnects everyone.

There is no archive, no backup, and no log of past receipts.

Logs

Server logs are restricted to non-sensitive operational metadata: session ID, participant count, claim event count, request timing, and error traces. Receipt content — vendor names, item names, and prices — is never written to any log file. This is enforced both by code (every log line goes through a scrubber) and by an automated test in our backend test suite.

Cookies and analytics

We don't set any third-party cookies until you tap Accept on the cookie banner. Until you choose, no analytics or advertising scripts load at all — the site works fine with the banner ignored.

If you accept, the following load:

Google Analytics 4 — anonymized pageview and event telemetry (file uploaded, session created, user joined, session settled). No receipt content is ever sent.
Google AdSense — a single banner shown on the landing page, before any session is created. AdSense places its own cookies for frequency capping and personalization; refer to Google's policy for what those entail.

You can revisit your choice at any time via the Cookie preferences link in the footer. Rejecting (or clearing your decision) prevents both scripts from loading on subsequent visits.

Donations

If you want to support the site, the donation link opens a hosted Stripe Checkout page in a new tab. Stripe handles payment data directly — we never see your card details, and Stripe's own privacy policy applies to that flow.

Security

All traffic between your browser and the server is encrypted with TLS (HTTPS).
Session URLs are 256-bit random tokens generated by a cryptographic PRNG. They cannot be guessed.
The server validates every claim and rejects messages that would let a participant claim more units of an item than the receipt actually had.

Children

Bill-splitter is intended for general adult use. It does not knowingly process data from children under 13 (or the equivalent age in your jurisdiction). If you believe a minor has used the site, contact us and we will delete any active session associated with the report.

Changes

If this policy materially changes, we'll update the Last updated date at the top of this page. Because no accounts exist, we have no way to notify users individually — checking this page is the only authoritative record.

Contact

Questions, reports, or deletion requests: [email protected].