← Back to Grouplit

Privacy Policy

Last updated: May 26, 2026

This Privacy Policy explains what data we collect, how we use it, and your rights.

What we collect

  • Account info — email, password (hashed), display name.
  • Profile data — optional avatar photo, Interac email/phone/name if you choose to add them.
  • Event content — events you create, RSVPs, chat messages, photos, expense entries.
  • Friend connections — accepted friend lists.
  • Usage data — IP address, browser type, pages visited (server logs only; we don't use third-party analytics).
  • Device push tokens — only if you enable notifications.

How we use it

  • To operate the service (your events, friends, balances need to be persisted).
  • To send transactional emails (invites, updates, bill reminders).
  • To enforce security and detect abuse.

We do not sell or share your personal information for cross-context behavioral advertising.We do not show ads. California residents have the right under the CCPA to opt out of the sale or sharing of personal information; since we don't engage in either, no opt-out is needed — but you can still email us with any privacy request.

Who can see your data

  • Other members of your events / groups see what you post there (messages, photos, RSVPs, expenses).
  • Friends you've added can see your display name and avatar.
  • Your Interac info is only shown to people who share a group or event with you, so they can pay you.
  • Grouplit staff may access data when required to operate or troubleshoot the service.

Third-party services we rely on

  • Supabase — hosting, database, authentication, storage. Data resides in their managed infrastructure.
  • Resend — email delivery.
  • Vercel — web hosting.
  • OpenStreetMap (Nominatim) — location autocomplete (we don't share your account data).
  • Tenor — GIF search (search queries only, no personal info).

Your rights

  • Access / export — request a copy of your data by emailing support@grouplit.app.
  • Correct — edit your profile and content directly in-app.
  • Delete — request account deletion (we'll remove your personal data within 30 days; content you posted in shared groups may remain visible to other members as part of the group's history).
  • Unsubscribe from email — every email has a one-click link.

Children

Grouplit is not for children under 13. We don't knowingly collect data from anyone under 13. If you believe a child has signed up, email us and we'll delete the account.

Security

We use industry-standard practices (HTTPS, encrypted databases, scoped access policies). No system is 100% secure — if we discover a breach affecting your data, we'll notify you and any required regulators.

Changes

Material changes will be announced 14 days in advance via email and in-app.

Contact

Privacy questions: support@grouplit.app.

TermsPrivacyAcceptable Use