Privacy Policy
Latest updated: April 21, 2026
Content
1. Introduction
This Privacy Policy explains how MVM Solutions ("Tabsnap", "we", "us", "our") collects, uses, and protects your personal data when you use the Tabsnap iOS app and the tabsnap.app website. MVM Solutions is a sole trader based in Amsterdam, the Netherlands, and acts as the Data Controller for the personal data described here.
Tabsnap is a bill-splitting app for iOS. You scan a restaurant receipt, split the items between participants, and each participant pays the host through their own bank app. Tabsnap does not handle money itself.
If you have questions about this policy, email contact@tabsnap.app
1. Introduction
This Privacy Policy explains how MVM Solutions ("Tabsnap", "we", "us", "our") collects, uses, and protects your personal data when you use the Tabsnap iOS app and the tabsnap.app website. MVM Solutions is a sole trader based in Amsterdam, the Netherlands, and acts as the Data Controller for the personal data described here.
Tabsnap is a bill-splitting app for iOS. You scan a restaurant receipt, split the items between participants, and each participant pays the host through their own bank app. Tabsnap does not handle money itself.
If you have questions about this policy, email contact@tabsnap.app
2. Data we collect
We collect only the data we need to run the app. We do not sell data. We do not use advertising SDKs. We do not track you for marketing.
Account data
A user ID
An email address (this may be an Apple private relay email if you use Sign in with Apple)
A display name
An avatar URL and avatar colour
Bill data
Venue name, date, and items with prices
Participants you add (name, optional email)
Who owes what on each bill
Payment URLs you paste as the host (for example a Tikkie or iDEAL link)
Payment-status markers (paid, unpaid)
Receipt images
The photo you take of the receipt
Stored in a private Supabase Storage bucket, readable only by the bill host and the bill's participants
Audit log
Every change made to a bill, with timestamp (edit, add participant, mark paid)
Usage counters
Your daily scan count and an estimated Anthropic token cost, used internally for rate limiting
Crash telemetry
Stack traces, iOS version, device model
Anonymised by default (no user content is captured)
What we do not collect
Phone number
Location
Contacts on our server (the iOS Contacts API runs on-device only, if you grant permission, and we never upload your contacts)
Credit card numbers (there are none, Tabsnap does not process cards)
IBAN numbers as separate fields (the host pastes a payment URL, we do not store bank account numbers)
Marketing preferences
Advertising identifiers, IDFA, or ad IDs
2. Data we collect
We collect only the data we need to run the app. We do not sell data. We do not use advertising SDKs. We do not track you for marketing.
Account data
A user ID
An email address (this may be an Apple private relay email if you use Sign in with Apple)
A display name
An avatar URL and avatar colour
Bill data
Venue name, date, and items with prices
Participants you add (name, optional email)
Who owes what on each bill
Payment URLs you paste as the host (for example a Tikkie or iDEAL link)
Payment-status markers (paid, unpaid)
Receipt images
The photo you take of the receipt
Stored in a private Supabase Storage bucket, readable only by the bill host and the bill's participants
Audit log
Every change made to a bill, with timestamp (edit, add participant, mark paid)
Usage counters
Your daily scan count and an estimated Anthropic token cost, used internally for rate limiting
Crash telemetry
Stack traces, iOS version, device model
Anonymised by default (no user content is captured)
What we do not collect
Phone number
Location
Contacts on our server (the iOS Contacts API runs on-device only, if you grant permission, and we never upload your contacts)
Credit card numbers (there are none, Tabsnap does not process cards)
IBAN numbers as separate fields (the host pastes a payment URL, we do not store bank account numbers)
Marketing preferences
Advertising identifiers, IDFA, or ad IDs
3. How we use your data
Each type of processing has a clear legal basis under the GDPR.
Creating and running your account, storing your bills, and showing bills to participants: performance of a contract (Art. 6(1)(b) GDPR).
Crash reporting via Sentry: our legitimate interest in keeping the app stable (Art. 6(1)(f) GDPR).
Rate limiting and fraud prevention (the usage counters): our legitimate interest in protecting the service and controlling costs (Art. 6(1)(f) GDPR).
Parsing receipt text with Anthropic's Claude Haiku model to turn it into structured items: performance of a contract (Art. 6(1)(b) GDPR).
Future marketing emails (none today): your consent, which you can withdraw at any time (Art. 6(1)(a) GDPR).
3. How we use your data
Each type of processing has a clear legal basis under the GDPR.
Creating and running your account, storing your bills, and showing bills to participants: performance of a contract (Art. 6(1)(b) GDPR).
Crash reporting via Sentry: our legitimate interest in keeping the app stable (Art. 6(1)(f) GDPR).
Rate limiting and fraud prevention (the usage counters): our legitimate interest in protecting the service and controlling costs (Art. 6(1)(f) GDPR).
Parsing receipt text with Anthropic's Claude Haiku model to turn it into structured items: performance of a contract (Art. 6(1)(b) GDPR).
Future marketing emails (none today): your consent, which you can withdraw at any time (Art. 6(1)(a) GDPR).
4. Who we share data with
We use a small number of third-party processors. Each one has a written data-processing agreement with us.
Supabase Inc. (data processor). Hosts our Postgres database, object storage, auth, and edge functions. Primary region: EU (Frankfurt, eu-central-2). Purpose: backend for the app. Contract: Supabase standard DPA.
Anthropic PBC (data processor). Provides the Claude Haiku language model we use to parse OCR-extracted receipt text into structured items. Only the text extracted from your receipt is sent, never the image itself. Location: United States. Transfer mechanism: Standard Contractual Clauses (SCCs) included in Anthropic's Commercial Terms of Service, available at https://www.anthropic.com/legal/commercial-terms.
Sentry GmbH (data processor). Crash reporting for the app. Our Sentry account is hosted in the DE region. Purpose: detect and fix crashes. Crash data is anonymised by default.
Apple Inc. (authentication provider, not a data processor for us). Sign in with Apple is the only auth method we support. Apple may share a relay email with us if you choose not to share your real email.
Resend Inc. (data processor, not live yet). When enabled, Resend will send transactional emails such as account confirmations. No marketing use.
We do not share your data with any other third parties. We do not sell your data. We do not share your data for advertising purposes.
4. Who we share data with
We use a small number of third-party processors. Each one has a written data-processing agreement with us.
Supabase Inc. (data processor). Hosts our Postgres database, object storage, auth, and edge functions. Primary region: EU (Frankfurt, eu-central-2). Purpose: backend for the app. Contract: Supabase standard DPA.
Anthropic PBC (data processor). Provides the Claude Haiku language model we use to parse OCR-extracted receipt text into structured items. Only the text extracted from your receipt is sent, never the image itself. Location: United States. Transfer mechanism: Standard Contractual Clauses (SCCs) included in Anthropic's Commercial Terms of Service, available at https://www.anthropic.com/legal/commercial-terms.
Sentry GmbH (data processor). Crash reporting for the app. Our Sentry account is hosted in the DE region. Purpose: detect and fix crashes. Crash data is anonymised by default.
Apple Inc. (authentication provider, not a data processor for us). Sign in with Apple is the only auth method we support. Apple may share a relay email with us if you choose not to share your real email.
Resend Inc. (data processor, not live yet). When enabled, Resend will send transactional emails such as account confirmations. No marketing use.
We do not share your data with any other third parties. We do not sell your data. We do not share your data for advertising purposes.
5. How long we keep data
We keep data only for as long as we need it.
Bills, items, and participants: until you delete the bill or your account.
Receipt images: until you delete the bill, or the account, whichever comes first.
Audit log (bill events): 12 months, then pruned automatically.
Sentry crash events: 30 to 90 days (Sentry default retention).
Account profile: deleted immediately when you delete your account, except for a pseudonymous user ID that stays in the audit log for 12 months so we can resolve disputes between participants.
Usage counters: sliding 90-day window.
Encrypted backups via Supabase: rolling 30 days.
When you use the in-app Delete Account button, we run a cascade delete across the database and storage, with a 30-day grace period during which you can ask us to restore the account. After 30 days your name, email, bills, and receipt images are permanently deleted. We retain only a pseudonymous transaction ID (for example, "user-a4f2b91c") in the audit log for 12 months to resolve disputes between participants. This pseudonymous ID on its own cannot identify you and is kept under a separate retention schedule from your profile.
5. How long we keep data
We keep data only for as long as we need it.
Bills, items, and participants: until you delete the bill or your account.
Receipt images: until you delete the bill, or the account, whichever comes first.
Audit log (bill events): 12 months, then pruned automatically.
Sentry crash events: 30 to 90 days (Sentry default retention).
Account profile: deleted immediately when you delete your account, except for a pseudonymous user ID that stays in the audit log for 12 months so we can resolve disputes between participants.
Usage counters: sliding 90-day window.
Encrypted backups via Supabase: rolling 30 days.
When you use the in-app Delete Account button, we run a cascade delete across the database and storage, with a 30-day grace period during which you can ask us to restore the account. After 30 days your name, email, bills, and receipt images are permanently deleted. We retain only a pseudonymous transaction ID (for example, "user-a4f2b91c") in the audit log for 12 months to resolve disputes between participants. This pseudonymous ID on its own cannot identify you and is kept under a separate retention schedule from your profile.
6. Your rights
Under the GDPR you have the following rights.
Right of access (Art. 15): ask for a copy of the personal data we hold about you.
Right to rectification (Art. 16): correct data that is wrong or incomplete.
Right to erasure (Art. 17): ask us to delete your data.
Right to restriction (Art. 18): ask us to pause processing in specific cases.
Right to object (Art. 21): object to processing based on legitimate interest.
Right to data portability (Art. 20): receive your data in a structured, machine-readable format (JSON).
Right to withdraw consent (Art. 7): withdraw consent at any time where consent is the legal basis.
How to use these rights
To exercise any of the rights above, contact us at contact@tabsnap.app. We respond within 30 days (one calendar month, extendable by up to two further months for complex requests, per Art. 12(3) GDPR, in which case we will tell you why). No fee applies to reasonable requests.
In addition, some rights can be exercised directly in the app:
To delete your account and all associated data, open the app, go to Settings, and tap Delete Account.
To export your data as JSON, use the in-app "Export my data" button in Settings once it is available. Until then, email us as above.
6. Your rights
Under the GDPR you have the following rights.
Right of access (Art. 15): ask for a copy of the personal data we hold about you.
Right to rectification (Art. 16): correct data that is wrong or incomplete.
Right to erasure (Art. 17): ask us to delete your data.
Right to restriction (Art. 18): ask us to pause processing in specific cases.
Right to object (Art. 21): object to processing based on legitimate interest.
Right to data portability (Art. 20): receive your data in a structured, machine-readable format (JSON).
Right to withdraw consent (Art. 7): withdraw consent at any time where consent is the legal basis.
How to use these rights
To exercise any of the rights above, contact us at contact@tabsnap.app. We respond within 30 days (one calendar month, extendable by up to two further months for complex requests, per Art. 12(3) GDPR, in which case we will tell you why). No fee applies to reasonable requests.
In addition, some rights can be exercised directly in the app:
To delete your account and all associated data, open the app, go to Settings, and tap Delete Account.
To export your data as JSON, use the in-app "Export my data" button in Settings once it is available. Until then, email us as above.
7. Data security
We take reasonable technical and organisational measures to protect your data.
Data in transit is encrypted using TLS.
Data at rest is encrypted by Supabase on the Postgres database and on object storage.
Access to bills and receipt images is enforced by Supabase Row Level Security (RLS), so only the host and the bill's participants can read them.
Backups are encrypted.
We do not hold ISO 27001, SOC 2, or similar certifications. We rely on the security posture of Supabase, Sentry, Anthropic, and Apple for the parts of the stack they operate.
7. Data security
We take reasonable technical and organisational measures to protect your data.
Data in transit is encrypted using TLS.
Data at rest is encrypted by Supabase on the Postgres database and on object storage.
Access to bills and receipt images is enforced by Supabase Row Level Security (RLS), so only the host and the bill's participants can read them.
Backups are encrypted.
We do not hold ISO 27001, SOC 2, or similar certifications. We rely on the security posture of Supabase, Sentry, Anthropic, and Apple for the parts of the stack they operate.
8. International data transfers
Your data is stored primarily in the EU (Supabase Frankfurt region) and in Germany (Sentry DE region).
Some processing involves transfers outside the EU:
Anthropic PBC processes receipt text in the United States. The transfer is covered by Standard Contractual Clauses (SCCs) included in Anthropic's Commercial Terms of Service.
Apple Inc. handles Sign in with Apple. Apple's own terms and safeguards apply.
8. International data transfers
Your data is stored primarily in the EU (Supabase Frankfurt region) and in Germany (Sentry DE region).
Some processing involves transfers outside the EU:
Anthropic PBC processes receipt text in the United States. The transfer is covered by Standard Contractual Clauses (SCCs) included in Anthropic's Commercial Terms of Service.
Apple Inc. handles Sign in with Apple. Apple's own terms and safeguards apply.
9. Children's privacy
Tabsnap is rated 4+ on the App Store and available worldwide. However, our digital-consent threshold for creating an account is 16, aligned with the default age under the GDPR and the age set by Dutch law (our primary market). If you are under 16, you need permission from a parent or legal guardian to use Tabsnap and to agree to this Privacy Policy. This applies whether you are in the Netherlands, another EU country, or outside the EU. If we learn that we hold data for a user under 16 without parental consent, we will delete that data.
9. Children's privacy
Tabsnap is rated 4+ on the App Store and available worldwide. However, our digital-consent threshold for creating an account is 16, aligned with the default age under the GDPR and the age set by Dutch law (our primary market). If you are under 16, you need permission from a parent or legal guardian to use Tabsnap and to agree to this Privacy Policy. This applies whether you are in the Netherlands, another EU country, or outside the EU. If we learn that we hold data for a user under 16 without parental consent, we will delete that data.
10. Changes to this policy
We may update this policy as the app and the law evolve. When we make a material change we will:
Update the "Last updated" date at the top.
Notify you inside the app or by email before the change takes effect.
Continued use of Tabsnap after the change means you accept the new policy.
10. Changes to this policy
We may update this policy as the app and the law evolve. When we make a material change we will:
Update the "Last updated" date at the top.
Notify you inside the app or by email before the change takes effect.
Continued use of Tabsnap after the change means you accept the new policy.
11. Contact
For any privacy question, data request, or complaint, contact us first.
Email: contact@tabsnap.app
Controller: MVM Solutions, Amsterdam, the Netherlands
11. Contact
For any privacy question, data request, or complaint, contact us first.
Email: contact@tabsnap.app
Controller: MVM Solutions, Amsterdam, the Netherlands
12. Supervisory authority
If you feel we have not handled your data properly, you have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or with the supervisory authority in your EU country of residence.
12. Supervisory authority
If you feel we have not handled your data properly, you have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or with the supervisory authority in your EU country of residence.