Privacy Policy
Effective date: July 4, 2026
WeEven (“WeEven”, “we”, “us”) is a household app for splitting expenses and sharing lists, chores, bills and goals. This policy explains what information we collect, why, who helps us process it, and the choices you have. The short version: we collect only what the app needs to work, we don't run ads or trackers, and we never sell your data.
Information we collect
- Account information. Your email address and the name you choose to display. If you sign in with Apple or Google, we receive your email (or Apple's private relay address) and name from that provider.
- Household content you create. Expenses and their amounts, settlements, shopping list items, chores, bills, calendar events, goals, and receipt photos you attach. This content is shared with the members of the household you put it in — that's the point of the app.
- Contact details you choose to share. If you invite someone from your device's contacts, we use the contact information you select to create that invite. We do not upload or scan your address book.
- Device information for notifications. A push notification token and platform (iOS/Android) so we can deliver notifications you've enabled.
We do not collect your location, browsing history, advertising identifiers, or analytics profiles, and the app contains no advertising or third-party analytics SDKs.
How we use information
- To provide the service: syncing your household's shared content between members' devices.
- To sign you in: sending one-time sign-in codes to your email, or verifying your Apple/Google sign-in.
- To send transactional email (sign-in codes, account confirmations) — never marketing email.
- To deliver push notifications you've enabled (for example, when someone records a payment to you).
- To keep the service secure and prevent abuse.
- To diagnose and fix problems: when the app hits an error, it records a technical error report (a description of what failed, your platform, and app version) to our own systems. For sign-in errors, the report also includes the email address you entered, so we can investigate why sign-in failed. These reports never include your household content (your expenses, lists, or messages).
Who can see your content
Content you add to a household (your display name, expenses, lists, and so on) is visible to the other members of that household. Access is enforced server-side: members of one household cannot see another household's data, and we use database row-level security to enforce this.
Service providers
We use a small number of processors to run WeEven. Each receives only what it needs:
- Supabase — hosts our database and authentication. Your account and household data are stored on Supabase infrastructure in the United States.
- Amazon Web Services (SES) — delivers our transactional email, such as sign-in codes.
- Expo — delivers push notifications to your device.
- Apple / Google — if you choose to sign in with them.
We do not sell or rent personal information to anyone, and we do not share it with third parties for their own marketing.
Data retention and deletion
We keep your information while your account is active. You can delete your account at any time in the app: Settings → Delete account. Deletion is immediate and permanent: your personal details are erased, your login is revoked, receipt images and device tokens are deleted, and your name on shared household records is replaced with “Former member” so other members' expense history still adds up. See deleting your account for details, including what to do if you can no longer sign in.
Security
Data is encrypted in transit (TLS). Access to household data is restricted by row-level security policies so users can only read and write what their membership allows. No system is perfectly secure, but we design so that a mistake in one layer is caught by another.
Legal bases for processing
Where the law (such as the UK GDPR) requires a legal basis, we process your information: to perform our contract with you (providing the household features you signed up for); with your consent (for example, when you choose to share a contact to send an invite, attach a photo, or enable notifications — you can withdraw consent at any time); and for our legitimate interests in keeping the Service secure and preventing abuse. We don't use your data for marketing or profiling, so no processing relies on those purposes.
Where data is processed & international transfers
WeEven is operated from Canada, and data is stored and processed in the United States by the providers listed above. Where your local law regulates international transfers (for example the UK, Australia, New Zealand, or India), we rely on our processors' recognized transfer safeguards — including standard contractual clauses and applicable data-privacy frameworks — and the disclosures in this policy. By using WeEven you acknowledge this transfer and processing.
Children
WeEven is not directed to children under 13, and we do not knowingly collect personal information from them. If the law where you live sets a higher age of digital consent (for example, India's DPDP Act treats persons under 18 as children), you must meet that age or use WeEven with the verifiable consent of a parent or guardian. If you believe a child has provided us personal information contrary to this, contact us and we will delete it.
Your rights
Wherever you live, the basics are the same: you can access and correct your information in the app, delete it via Settings → Delete account, and email us about anything else. Depending on your region, the law also gives you specific rights:
- Canada (PIPEDA): the right to access and correct your personal information and to withdraw consent, and to complain to the Office of the Privacy Commissioner of Canada.
- United States (state privacy laws, incl. California): the right to know what we collect, to delete it, to correct it, and to not be discriminated against for exercising those rights. We do not sell your personal information, and we do not share it for cross-context behavioral advertising — so there is nothing to opt out of.
- United Kingdom (UK GDPR): the rights of access, rectification, erasure, restriction, data portability, and objection, and the right to withdraw consent. WeEven is the data controller. You may also complain to the Information Commissioner's Office (ico.org.uk).
- Australia (Privacy Act 1988 / APPs): the right to access and correct your personal information. This policy is our notice of overseas disclosure (to processors in the United States). Complaints can be made to us first, then to the OAIC (oaic.gov.au).
- New Zealand (Privacy Act 2020): the right to access and correct your personal information, and to complain to the Office of the Privacy Commissioner (privacy.org.nz).
- India (Digital Personal Data Protection Act 2023): the right to access a summary of your personal data and its processing, to correct and erase it, to nominate a person to exercise your rights if you are unable to, and to grievance redressal. We process your data on the basis of the consent you give at sign-up, which you may withdraw by deleting your account.
To exercise any of these rights, email support@we-even.com. We respond to all requests within 30 days. For India's DPDP Act, this address is also our grievance redressal contact.
Changes to this policy
If we make material changes, we'll update this page and the effective date above, and for significant changes we'll notify you in the app.
Contact
Questions about privacy? Email support@we-even.com.