Zplity
← Back to home

Privacy Policy

Effective May 19, 2026

This Privacy Policy explains what information Nth Cube LLC (“Nth Cube,” “we,” “us”) collects when you use the Zplity iOS app (“Zplity” or the “App”) and the marketing site at zplity.nthcube.com (the “Site”), why we collect it, who else sees it, and the choices you have. We built Zplity to handle the minimum data needed to make shared-expense math work; nothing more.

1. Information we collect

1.1 Information you give us directly

  • Sign in with Apple identifier. When you sign in we receive an opaque user identifier from Apple plus, if you choose to share them, your name and (a real or relay) email address.
  • Group and expense content. The groups you create, the members you add (including shadow members entered as a name only), expenses, item-level splits, settlements, notes, and timestamps.
  • Receipt images you scan. When you tap “Scan receipt,” the image is uploaded to our server, forwarded to OpenAI for parsing, and the parsed JSON is returned to your device. The image is not stored on our servers.
  • Purchase records. If you subscribe to Zplity Pro, we receive the subscription status from RevenueCat (linked to your Sign-in-with- Apple identifier). Apple processes the payment; we never see your card details.
  • Support correspondence. If you email us, we keep the message and any attachments long enough to resolve the issue.

1.2 Information collected automatically

  • Push tokens. If you grant notification permission, iOS issues an APNs device token that we store so we can notify other group members when you log an expense or settle up.
  • Basic request metadata. Standard web-server logs (IP address, user-agent, timestamps) are written by Cloudflare and retained for a short window for security and abuse detection. We do not link these logs to your account.

1.3 What we do not collect

  • No advertising identifiers (no IDFA), no third-party SDKs for analytics or ads.
  • No location data.
  • No contact-book data — adding members is fully manual.
  • No tracking across other apps or websites.

2. How we use information

  • To provide the App’s core function: storing groups, computing balances, sending push notifications.
  • To authenticate you (verifying Apple identity tokens, issuing our own session JWTs).
  • To enforce fair-use limits on the free tier.
  • To respond to support requests.
  • To comply with legal obligations.

We do not use your data to train machine-learning models, sell it, or share it for advertising.

3. Service providers we share data with

We use a small set of vendors that act as data processors on our behalf:

  • Apple Inc. — Sign in with Apple, App Store payments, APNs push delivery. Governed by Apple’s privacy policy.
  • Cloudflare, Inc. — hosts the Worker, D1 database, KV store and the marketing site. Data is stored in Cloudflare’s global edge infrastructure.
  • OpenAI, L.L.C. — receives receipt images you submit for parsing. OpenAI processes the image to extract line items and totals, and per its API terms does not use API inputs to train its models. The image is not retained server-side after parsing.
  • RevenueCat, Inc. — manages subscription entitlements (linked to your user id, with subscription status only — no personal data beyond that).

We do not sell personal information, and we do not share it with third parties for their own marketing.

4. Data retention and account deletion

Group and expense data is kept while your account is active so other group members can continue to see shared history. When you tap Settings → Delete account in the App, the following happens atomically in a single server-side transaction:

  • Apple token revocation. We ask Apple to revoke the Sign-in-with-Apple refresh token tied to your account. If Apple is temporarily unreachable, the App surfaces a one-step instruction for you to finish the revoke from iPhone Settings → your name → Sign in with Apple → Zplity → Stop Using Apple ID.
  • Permanent deletion of personal identifiers. Your users record, push tokens, rate-limit counters, and all personal identifiers (email, display name, Apple subject) are deleted from our database immediately — not soft-deleted, not queued for later, no recovery window.
  • Group ownership transfer. For each group where you were the owner and at least one other linked member remains, ownership transfers to the longest-joined remaining member.
  • Anonymization in shared groups. For each group where other members remain, your membership row is anonymized: the link to your account, your email, and your phone number are cleared. The display name you typed when joining each group is preserved so historical expenses you paid for or participated in remain attributable for the surviving members — Bob still needs to know that the dinner ledger says "Alice paid $90." From their view you appear as a former member with no contact info.
  • Cascade deletion of solo groups. If a group has no other linked members after your deletion, the entire group is deleted, along with its expenses, items, settlements, and any receipt photos in R2 storage.
  • Session revocation. Any session token issued to your account is added to a revocation list for the remainder of its natural 30-day lifetime, so a token that may have leaked from your device cannot be replayed after deletion.
  • Audit row. A single row is written to an internal deletion_audit table holding a salted, irreversible hash of your Apple identifier and the deletion timestamp — used only to demonstrate, if asked by a regulator, that your request was honored. The row contains no reversible personal data.

After deletion you may sign in again with the same Apple ID to create a fresh account, but historical balances on past shared expenses stay attributed to the anonymized membership — they are not re-linked to your new account. This is intentional: re-linking would partially undo the deletion you asked us to perform.

Backup snapshots may persist for up to 35 days before being overwritten in the normal course of database backup rotation.

5. International transfers

Cloudflare and OpenAI may process data in the United States and other countries. Where required, we rely on standard contractual clauses and equivalent safeguards to lawfully transfer personal data outside your country of residence.

6. Your rights

Depending on where you live (GDPR, UK GDPR, CCPA/CPRA, and similar regimes), you may have the right to access, correct, port, restrict, or delete the personal data we hold about you, and to object to certain processing. To exercise any of these rights, email [email protected]. You can also delete your account in one tap from Settings → Delete account in the App.

California residents: in the prior 12 months we collected the categories of personal information listed in Section 1 for the purposes listed in Section 2. We do not sell or “share” personal information as those terms are defined under the CCPA/CPRA.

7. Security

Traffic to our servers is encrypted with TLS. Session tokens are signed HS256 JWTs with a 30-day lifetime, rotated on request. Receipt images are kept in memory during the parsing round-trip and not written to disk. No system is perfectly secure; if we ever learn of a breach affecting you, we will notify you in line with applicable law.

8. Children

Zplity is not directed to children under 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, contact us and we will delete it.

9. Changes

We may update this policy from time to time. If the changes are material, we will notify you in-app or by email before they take effect. The “Effective” date above always reflects the current version.

10. Contact

Nth Cube LLC
[email protected]