Privacy Policy
Effective Date: June 29, 2026 | Last Updated: June 2026
1. Introduction
Welcome to Pool EZ (the "Application" or "Platform"). This Privacy Policy explains how Pool EZ collects, stores, shares, and processes your personal information when you install, create an account, or interact with our mobile application and related web services (collectively, the "Services").
By using Pool EZ, you acknowledge that you have read, understood, and agreed to the practices outlined in this policy. We take your privacy seriously and commit to protecting your data utilizing industry-standard encryption, local secure sandbox boundaries, and robust access rules.
2. Information We Collect
To deliver our collaborative ledger-sharing and expense-pooling services, we collect several categories of information, both directly from you and automatically via your device.
A. Personal Information You Provide
- Account Profile Data: When you register, we collect your name, email address, profile picture (avatar), and secure authentication credentials.
- Settlement Instructions: To facilitate direct repayments between group members, you may voluntarily save preferred settlement instructions (such as Venmo usernames, Cash App handles, Apple Pay tags, or routing and account numbers).
- Group & Ledger Input: We collect details of the payment pools you create or join, including group names, expense values, custom descriptions, target budget amounts, splits, and contribution pledges.
B. Device and Technical Information (Collected Automatically)
- Operating System & Hardware: We collect device-specific info (e.g., Apple iOS or Android OS version, screen size) to optimize visual presentation.
- Identifiers & Connection Data: IP addresses, unique device identifiers, and Firebase Cloud Messaging (FCM) tokens necessary to route instant notifications and verify your authentication sessions.
- Local Application Preference Flags: States stored locally on your device, such as your preference for light or dark mode and whether biometric login is activated.
C. Integrations & Device Access (Requires Explicit Permission)
- Contact Book Access: If enabled, the Platform reads your device's contacts solely to let you choose and invite friends to your expense pools. Contact information remains on your device and is never harvested, stored on our servers, or sold.
- Device Camera & Storage: Access is requested only when uploading receipt attachments for expense tracking, scanning QR codes, or updating your profile avatar.
- Local OCR Text Recognition: When you scan a receipt, the optical character recognition (OCR) occurs locally on your device to parse dates, vendors, and amounts. Original source documents are processed in memory locally.
3. How We Use Your Information
We process your data strictly to perform our contractual obligations, comply with local laws, and maintain secure and robust operations:
- Expense Pooling Coordination: We calculate shared ledger balances, update splits in real-time, and display pending repayments to other members of your active groups.
- Transaction & Settlement Alerts: We send notifications regarding pool creation, ledger updates, comments, and payment settle-up actions.
- Service Quality & Security: To detect, debug, and prevent system errors, fraud, money laundering, or terms-of-service violations.
- Regulatory Compliance: To archive and protect financial ledger logs, satisfying legal auditability and record-keeping mandates.
4. Sharing and Disclosure of Information
We adhere to strict data-sharing policies designed to prevent unwanted exposure or monetization of your personal records.
IMPORTANT: DATA MONETIZATION NOTICE
We do NOT sell, trade, rent, or distribute your personal, transaction, or contact information to advertising networks, third-party brokers, or external marketers.
A. Sharing With Other Users
To facilitate collaborative tracking, your profile name, avatar, and saved settlement instructions are shared exclusively with other verified members of groups or payment pools that you explicitly choose to join.
B. Trusted Service Providers
We utilize secure third-party infrastructure to perform essential services, bound by confidentiality agreements:
- Firebase Infrastructure: To handle secure user authentication, hold cloud database storage (Firestore), track media files (Firebase Storage), and dispatch push alerts.
- Google Sign-In / Apple Sign-In: To authenticate credentials securely without storing external passwords.
C. Peer-to-Peer Repayments
Pool EZ facilitates split tracking but does not process money. Settle-ups occur on third-party payment platforms (e.g. Venmo, Cash App, Apple Pay). Activating these payment rails directs you to their respective services, governed by their own privacy policies.
5. Data Retention and Account Deactivation
You can manage your account and data settings directly within the app under the "Privacy & Security" section.
- Account Deactivation: Once you request account deactivation, your profile is immediately flagged as inactive. It is removed from active search bars, contact suggestions, and group invite lists.
REGULATORY COMPLIANCE ARCHIVING
Because expense ledger balances are shared historical logs between multiple users, individual transaction history and split calculations cannot be deleted in isolation. To comply with international anti-money laundering (AML) laws, tax compliance, and legal auditability, Pool EZ retains historical ledger transaction logs securely on our servers for a statutory compliance period. Once this compliance window expires, all personal metadata is fully purged.
6. Security Measures
We employ multi-layered security protocols to ensure your data remains secure:
- Transport Security: All communications between the app and backend services are encrypted in transit using industry-standard TLS protocols.
- Database Rules: Access controls are implemented at the database layer (Firebase Security Rules) to prevent unauthorized users from viewing or altering your private group data.
- Device Security: Passwords are never stored on your device. Session tokens and biometric preferences are locked in the operating system's secure keychain.
7. Local Storage and Push Tokens
The Platform uses local database variables and storage components (such as SharedPreferences) to persist active sessions, dark theme toggle preferences, and local settings. We also request a Firebase Cloud Messaging (FCM) token to send transaction status updates and reminders. You can opt-out of notifications in your system settings.
8. Children's Privacy
Our Services are strictly designed for and directed to individuals who are at least 18 years of age. We do not knowingly collect or solicit personal information from children under the age of 13 (or under 16 in certain jurisdictions). If we discover that we have collected information from a child in violation of this guideline, we will delete that data immediately.
For more details on our standards and protections for minors, please review our Standards Against Child Sexual Abuse and Exploitation (CSAE).
9. Your Privacy Rights
Depending on your physical location (such as the EEA, UK, or California under CCPA/CPRA), you may hold specific statutory rights regarding your personal data:
- Right of Access & Portability: You may request a breakdown of your personal data stored on our servers.
- Right to Rectification: You can edit your profile avatar, contact details, and settlement parameters at any time inside the app.
- Right to Restrict or Delete: You can deactivate your account. Note that retention requirements apply to historical financial logs.
10. Policy Updates
We reserve the right to revise this Privacy Policy periodically. When updates occur, we will post the revised terms, update the "Effective Date" at the top, and issue an in-app prompt if there are material changes to how your data is collected or handled.
11. Contact Support
If you have questions, security concerns, or wish to invoke your data rights, please open a support ticket via the Help & Support screen or reach out to us at:
Email: info@chipinglobal.com