Try it now Just snap a receipt and go. No account. No cost. No storage. Try it
← Back to homepage

Privacy Policy

Last updated: 17 May 2026  ·  Version: 1.0

This English version is a translation of the legally authoritative German Privacy Policy (bonsplit.de/legal/datenschutz). BonSplit is operated from Germany and is offered to consumers in the European Union and the European Economic Area under the EU General Data Protection Regulation (GDPR). In case of any interpretation conflict, the German version prevails.

Protecting your data is important to us. BonSplit processes shopping, receipt and household data so that you can better understand your spending, manage receipts and fairly split shared costs. We rely on data minimisation, transparent processing and a privacy-friendly product design.

This Privacy Policy informs you about which personal data we process when you use our website bonsplit.de / bonsplit.de and our web app app.bonsplit.de, for what purposes, and what rights you have.

1. Controller

The controller within the meaning of the GDPR is:

Decode GmbH
represented by managing director Martin Prell
Bachstr. 20
85414 Kirchdorf a. d. Amper
Germany

Email: hello@bonsplit.de

2. Scope

This Privacy Policy applies to:

3. Principles of processing

We only process personal data to the extent necessary to provide, operate, improve BonSplit, to comply with legal obligations or to safeguard legitimate interests.

BonSplit is designed so that use within a household is generally possible without real names. Household members can use freely chosen display names or nicknames. Cards, household roles and cost centres can also be freely named.

Processing within the app is therefore as data-minimised and, as far as possible, pseudonymised as practical. However, full anonymity is not given, since certain personal data must be processed for account, login, billing, payment and technical operation.

4. Hosting and technical provision

We host our website and application with:

STRATO AG
Otto-Ostrowski-Straße 7
10249 Berlin
Germany

When you visit our website or app, technically necessary data is processed, in particular IP address, time of access, URL requested, browser information and server log data.

Hosting of our own website and application takes place on servers in Germany. Where external service providers are used for individual functions, in particular for AI-supported receipt recognition, this is separately described in the relevant sections of this Privacy Policy.

Legal basis: Art. 6 (1) (f) GDPR. Our legitimate interest lies in the secure, stable and efficient provision of our service.

We have a data processing agreement (DPA) with STRATO pursuant to Art. 28 GDPR.

5. Server log files

When you visit bonsplit.de, bonsplit.de and app.bonsplit.de, information is automatically processed that your browser transmits to our server. This may include:

This data serves secure operation, error analysis and protection against misuse.

Legal basis: Art. 6 (1) (f) GDPR. Storage period: Server log files are generally deleted or anonymised after no more than 7 days, unless longer storage is required to investigate security incidents.

6. Registration and account

When you create a BonSplit account, we process the data required for registration, login and account management.

This includes in particular:

Optional details may be:

Purpose: Account provision, authentication, account management and use of BonSplit functions. Legal basis: Art. 6 (1) (b) GDPR, where the processing is necessary for the performance of the contract.

7. Sign in with Google

You can optionally register or log in to BonSplit with your Google account. The provider of this feature is:

Google Ireland Limited
Gordon House, Barrow Street
Dublin 4
Ireland

If you use this feature, we receive the data required for sign-in from Google, in particular:

This data is used exclusively for registration, login and management of your BonSplit account — not for advertising, tracking or other purposes.

Use of Google Sign-In is voluntary. You can also use BonSplit without a Google account and instead create a classic account with email address and password.

Legal basis: Art. 6 (1) (b) GDPR where sign-in is necessary to provide your account; otherwise Art. 6 (1) (f) GDPR. Our legitimate interest lies in user-friendly sign-in. For processing by Google, the Google privacy notice additionally applies: https://policies.google.com/privacy

8. Households, nicknames and invited members

BonSplit is designed for shared households. You can invite household members and use freely chosen display names, nicknames, roles or card labels within the household.

When you invite household members, we process the data you enter, in particular:

This data is used to send the invitation and assign the invited person to the household.

Please only invite people you are entitled to invite. Invited people receive information about the invitation and can decide for themselves whether they want to use BonSplit.

Legal basis: Art. 6 (1) (b) GDPR where the invitation is necessary for the use of shared household functions; otherwise Art. 6 (1) (f) GDPR. Our legitimate interest lies in providing collaborative household functions.

Storage period: Unaccepted invitations are deleted or deactivated after 30 days, unless a renewed invitation is sent.

9. Processing of receipts, shopping data and household data

When you upload or enter receipts, photos, PDFs, screenshots or manual entries into BonSplit, we process the data they contain to provide the app's functions.

This may include:

Purpose: Receipt recognition, receipt archive, household overview, categorisation, splitting of shared expenses, monthly analysis, export and further app functions used by you.

Legal basis: Art. 6 (1) (b) GDPR, since this processing is required to provide the core functions of BonSplit.

Sensitive content on receipts

Receipts may contain personal data or sensitive inferences, for example names, addresses, customer numbers, delivery addresses, payment information, pharmacy or health-related items, baby or children's products, dietary habits or other personal purchase patterns.

Please do not upload receipts whose processing you do not wish or to which you are not entitled. In particular, please do not upload receipts containing special categories of personal data within the meaning of Art. 9 GDPR unless this is necessary for your use of BonSplit. This may include health data on pharmacy or medical supply receipts.

If you upload receipts of third parties, you are responsible for ensuring that you are entitled to do so and that the persons concerned have been informed accordingly.

10. AI-supported receipt recognition with Anthropic Claude

To automatically recognise and structure receipt content, we use the AI service Claude by:

Anthropic PBC
548 Market Street
San Francisco, CA 94104
USA

What is transmitted to Anthropic

Only the uploaded receipt image or PDF — and any notes about the receipt that you voluntarily add.

What Anthropic does not receive

Anthropic does not receive any data from your BonSplit account context. In particular not:

The API call to Anthropic contains no BonSplit account context such as email address, display name, household members or payment and billing data. Anthropic cannot match the API call to your BonSplit account. Please note, however, that a receipt itself may contain personal information printed on it by the merchant (see below).

What happens with your receipt

Claude reads the receipt, recognises merchant, date, product positions, prices and categories — and sends this structured result back to BonSplit. Processing takes place exclusively for this one purpose.

What does not happen with your data

Data retention at Anthropic

Under the terms applicable to commercial API use, Anthropic stores API requests only for a limited period for abuse detection — currently up to 30 days. After that, requests are automatically deleted. No longer storage or use for other purposes takes place. We regularly review the applicable statements from Anthropic.

Third-country transfer to the USA

Since Anthropic is based in the USA, the transmission takes place to a third country outside the European Union. We have concluded a data processing agreement (DPA) with Anthropic including EU Standard Contractual Clauses (SCCs) pursuant to Art. 46 GDPR.

Note on sensitive receipts

Receipts may contain personal data printed by the merchant — such as delivery addresses on online order confirmations or patient names on pharmacy bills. Please check your receipt for such information before uploading. Where possible, you can redact sensitive areas before taking the photo.

Legal basis: Art. 6 (1) (b) GDPR. AI-supported receipt recognition is a component of the BonSplit function used by you and is therefore required for contract performance.

Further information on data processing at Anthropic: https://www.anthropic.com/legal/privacy

11. Payment processing via PayPal

For paid subscriptions, we use the payment service provider:

PayPal (Europe) S.à r.l. et Cie, S.C.A.
22-24 Boulevard Royal
L-2449 Luxembourg

When you book a paid plan, the following data in particular may be transmitted to PayPal:

Entry of payment data, PayPal login, bank or card information takes place directly with PayPal. We receive information from PayPal about successful, failed, cancelled or recurring payments.

PayPal processes payment data partly under its own data protection responsibility. PayPal's privacy notice additionally applies to processing by PayPal.

Legal basis: Art. 6 (1) (b) GDPR for contract performance; Art. 6 (1) (c) GDPR insofar as tax or commercial obligations are affected.

Further information: https://www.paypal.com/en/webapps/mpp/ua/privacy-full

12. Invoicing and accounting

For paid subscriptions we process invoicing and accounting data.

This may include:

Purpose: Contract performance, invoicing, accounting, record-keeping and compliance with statutory retention obligations.

Legal basis: Art. 6 (1) (b) GDPR for contract performance and Art. 6 (1) (c) GDPR for legal obligations, in particular tax and commercial retention obligations.

Storage period: Invoicing and accounting data is stored in accordance with statutory retention periods — generally 10 years for tax-relevant documents pursuant to § 147 German Fiscal Code (AO) and § 257 German Commercial Code (HGB).

13. Support, contact enquiries and email communication

When you contact us by email or other means, we process the data you transmit.

This may include:

Purpose: Processing of your enquiry, support, error analysis, contract communication.

Legal basis: Art. 6 (1) (b) GDPR if your enquiry relates to your account or contract; otherwise Art. 6 (1) (f) GDPR. Our legitimate interest lies in answering enquiries and improving our service.

14. Cookies and similar technologies

On the website bonsplit.de / bonsplit.de

On most pages of bonsplit.de and bonsplit.de we use no cookies and no tracking or analytics technologies. The site works fully without cookies.

On the registration page (/register)

If you wish to use the PayPal Express Checkout, a script by PayPal (Europe) S.à r.l. et Cie, S.C.A. is loaded which stores cookies and similar technologies on paypal.com. These are necessary for the PayPal payment to work.

We do not load this script automatically. When you open the registration page, a notice banner with three options appears:

Your decision is stored locally in your browser (LocalStorage) and applies for 12 months. You can change it at any time by clearing the LocalStorage of your browser for bonsplit.de or by contacting us.

On the app platform app.bonsplit.de

Within the logged-in BonSplit app we use technically necessary cookies required for login, session management and security. Example:

PHPSESSID — functional cookie to maintain your session while using the app. This cookie is technically necessary.

Legal bases

For technically necessary cookies: Art. 6 (1) (f) GDPR or Art. 6 (1) (b) GDPR (contract performance), and § 25 (2) no. 2 TDDDG (German Telecommunications Telemedia Data Protection Act) for storage on the end device.

For the PayPal script (Express Checkout): Art. 6 (1) (a) GDPR (consent) or Art. 6 (1) (b) GDPR (contract performance), and § 25 (1) TDDDG. Consent is given actively by your click in the notice banner.

Future extensions

Should we use analytics, marketing or other tracking technologies in the future, we will update this Privacy Policy accordingly and, where required, obtain your consent via the cookie banner.

15. Fonts and icons

Fonts (Geist, Instrument Serif) and icons (Font Awesome Free) are embedded locally from our own servers in Germany. No transmission of your IP address to Google Fonts, Cloudflare or other external font or icon providers takes place.

16. Data export, account deletion and retention periods

You can export your receipt and household data stored in BonSplit at any time within the app — as a CSV file and, in future, as a PDF report. You can also delete your account in the account settings.

After account deletion, account, household and receipt data no longer required is generally deleted or anonymised within 30 days, unless statutory retention obligations or legitimate reasons require further storage.

Invoicing, payment and accounting data may be stored for longer due to statutory retention obligations.

In backup copies, deleted data may technically persist for a limited period. Backups are overwritten on a rotational basis and only used in the event of recovery. The retention period in backups is generally 30 days.

17. Data security

We take technical and organisational measures to protect your data against unintended or unlawful processing, loss, alteration or unauthorised access.

These include in particular:

Access to personal data is only granted to authorised persons insofar as this is necessary for operation, support, security, troubleshooting or statutory obligations.

18. Automated processing and profiling

BonSplit uses automated procedures for receipt recognition, categorisation, household analysis and calculation of cost splits.

These automated functions serve to display your receipts and spending clearly and to facilitate use of the app.

No automated decision-making within the meaning of Art. 22 GDPR that has legal effect on you or similarly significantly affects you takes place.

19. Anonymised and aggregated price statistics

In the future, BonSplit may offer functions that make price developments, basket changes or personal shopping inflation visible from receipt data.

Where such analyses take place within your account, they serve to provide the app functions you use.

We do not pass on individual receipts, individual baskets, account data, billing data or individual household profiles to third parties.

If we create anonymised and aggregated price or basket statistics in the future, this will only be done in a way that does not allow any conclusions to be drawn about individual users, households or specific shopping profiles. Such analyses would take place exclusively at an aggregated level.

Where separate consent or additional information is required for such functions, we will obtain or provide this before implementation. Personal shopping data will not be used for external data products without prior legal review and, where required, separate consent.

20. Recipients and categories of recipients

Personal data may, where required, be transferred to the following recipients or categories of recipients:

Personal data is not passed on for advertising purposes, nor are personal shopping profiles sold.

21. Third-country transfers

Processing of personal data outside the European Union or the European Economic Area may occur in particular when using Anthropic Claude or external resources.

Where personal data is transferred to a third country and no adequacy decision of the EU Commission exists, the transfer takes place on the basis of appropriate safeguards under Art. 46 GDPR, in particular EU Standard Contractual Clauses, where required.

22. Provision of data

The provision of certain personal data is required to use BonSplit.

Without email address, password and account data, we cannot provide an account. Without receipt or expense data, receipt recognition, spending overview and cost splitting cannot be used. Without payment data, paid subscriptions cannot be concluded.

Optional details, such as avatar, notes or freely chosen display names, are voluntary.

23. Your rights

Under the GDPR you have the following rights:

Where processing is based on your consent, you can withdraw it at any time with effect for the future.

To exercise your rights, you can contact us at: hello@bonsplit.de

Account deletion and data export can additionally be made available directly in the app.

24. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data.

The competent authority for Decode GmbH is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Bavarian State Office for Data Protection Supervision
Promenade 18
91522 Ansbach
Germany

Website: https://www.lda.bayern.de

You may also lodge a complaint with the supervisory authority of your EU/EEA Member State of habitual residence.

25. Changes to this Privacy Policy

We may adapt this Privacy Policy if legal requirements, our services or the service providers used change.

In the case of significant changes, we will inform you by email or by a clear notice within the app.

Last updated: 17 May 2026 · Legal Notice · Terms & Conditions

Try it now
QR code: app.bonsplit.de/demo?lang=en
Scan the QR code, snap your receipt and watch it live.