This Privacy Policy explains how Britsolar ("we", "us", "our") collects, uses, and protects your personal data when you use the PATE bill-splitting application ("the Service"). We are committed to handling your data transparently and in accordance with the UK GDPR and EU GDPR.
1. Who we are
The data controller is Britsolar, registered at 124 City Road, London EC1V 2NX. You can contact us about privacy at contact@uxcharlie.com.
2. What data we collect
- Account details: name, username, email address, profile photo (optional).
- Bill data: photos of receipts, merchant names, dates, line items, totals, and how you assign costs between participants.
- Payment information: payment handles you choose to share (e.g. PayPal email, Revolut/Bizum phone, sort code & account number, Venmo username) so others can pay you. We do not process card payments ourselves.
- Subscription data: if you subscribe to Premium, Stripe processes your card details on our behalf and shares status (active, cancelled) with us.
- Technical data: authentication tokens, basic device/browser info, and error logs needed to keep the Service running.
3. Why we collect it
- To provide the core bill-splitting features you asked for (legal basis: contract).
- To authenticate you and keep your account secure (legal basis: contract & legitimate interest).
- To process Premium subscriptions (legal basis: contract).
- To improve the Service and prevent abuse (legal basis: legitimate interest).
4. How long we keep it
- Account and bill data: for as long as your account is active.
- After account deletion: data is removed within 30 days, except where we must retain records for legal or tax reasons (e.g. payment records held by Stripe).
- Error logs: typically up to 90 days.
5. Third parties we use
Supabase
Hosts our database, authentication, and file storage. Data is processed in Supabase's data centres under their data processing terms.
Stripe
Processes Premium subscription payments. Stripe is a PCI-DSS compliant payment processor.
Microsoft Azure
Receipt photos are sent to Microsoft Azure Document Intelligence to extract line items. Images are processed in accordance with Microsoft's data protection terms and are not used to train AI models.
Google
If you choose Sign in with Google, Google handles authentication.
6. Your rights
Under GDPR / UK GDPR you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data (you can edit most fields in Settings).
- Delete your account and associated data (Settings → Danger Zone).
- Export your data on request.
- Object to or restrict certain types of processing.
- Lodge a complaint with your data protection authority (e.g. the ICO in the UK).
To exercise these rights, contact contact@uxcharlie.com.
7. Cookies
We use only essential cookies and local storage required to keep you signed in. We do not use advertising or tracking cookies.
8. Changes to this policy
We may update this policy. Material changes will be communicated via the app or by email.