Last Updated: November 20, 2025
This Privacy Policy explains how personal data is processed when using the mobile application “BillPalls” (iOS/Android) and its web version. It clarifies what information we collect, why we collect it, how it is used, and which rights users hold under the GDPR.
Slin App Agentur
Owner: Nils Jerschke
Margeritenweg 16
04179 Leipzig
Germany
Phone: +49 157 5045 7093
Email: n.jerschke@slinapp.com
A Data Protection Officer has not been appointed, as this is not legally required.
BillPalls provides tools to create, split and manage shared expenses. Users can create bills, assign items to participants, record payments and optionally extract data from images using optical text recognition.
A user account is required to use the service.
Email address
Display name
Optional: first and last name
Profile image URL (if provided)
Firebase User ID (UID)
Authentication provider data (Google/Apple Sign-In)
Apple Sign-In is used without “Hide My Email”.
Bill title, amount, date
Line items (name, quantity, price, VAT if applicable)
Assignment of participants and payment status
Visibility only within shared bill groups
Uploaded or captured bill images
Local compression to reduce data volume
Transmitted to OpenAI solely for text extraction
Images are not permanently stored by us or in Firebase
Firebase Analytics events
Interaction patterns
Crash reports via Firebase Crashlytics
IP address (transmitted automatically when connecting)
Device and OS information
Firebase Cloud Messaging token
Advertising ID (only when ads are enabled)
Product ID and transaction reference (for premium access)
Payments are processed exclusively by Apple or Google
Language, currency, theme
Notification and privacy settings
Consent choices for analytics/advertising
Processing of account and billing data is necessary to provide the app.
Legal Basis: Art. 6(1)(b) GDPR — performance of a contract
Data is visible only to participants of the respective bill.
Legal Basis: Art. 6(1)(b) GDPR
Images are processed by OpenAI solely to extract text and then discarded.
Legal Basis: Art. 6(1)(b) GDPR
Functional system messages or optional alerts.
Legal Basis: Art. 6(1)(b) and/or Art. 6(1)(a) GDPR
Required to enable premium features.
Legal Basis: Art. 6(1)(b) GDPR
We use Google AdMob to display advertisements.
No advertising identifiers, cookies or similar technologies are activated until users have made a choice in the Google Consent Dialog, in compliance with EU user consent requirements.
If consent is granted, the following data may be processed:
Advertising ID (AAID / IDFA)
Device information
Cookies or similar identifiers
IP address and technical ad delivery metrics
Users may choose between personalized or non-personalized advertising. If personalized ads are refused, only non-personalized ads will be shown, or ads may be disabled entirely where required.
Consent can be withdrawn at any time inside the application’s privacy settings.
The Consent Dialog includes a full list of advertising technology partners involved in ad delivery.
Legal Basis: Art. 6(1)(a) GDPR — voluntary consent
Personal data may be shared with the following categories of recipients, only to the extent necessary:
Google Firebase — authentication, database, push delivery, optional analytics and crash reporting
Google AdMob — ad delivery subject to prior consent
OpenAI — OCR processing of images without storage
Apple App Store / Google Play — processing of payments
Other Bill Participants — visibility only within shared bills
Data is not sold or shared with third parties outside the scope of this policy.
Data may be transferred to service providers in the United States (Google, OpenAI).
Such transfers rely on:
The EU-US Data Privacy Framework where applicable
Standard Contractual Clauses (SCC)
Additional technical and organizational safeguards
Despite these protections, residual risk from governmental access cannot be fully eliminated.
Account and billing data are retained until the user deletes their account.
Images used for OCR are processed in real time and not stored.
Analytics and crash data are retained only while consent remains active.
Purchase-related data may be stored as required by commercial law.
Deleting the user account removes all associated personal data.
Camera · Photo library · Push notifications · Face ID / Touch ID
Camera · Media access · Internet · Biometric authentication · Notifications
Some functions are unavailable if permissions are denied.
We implement multiple protective measures including:
TLS encryption for all data transmission
Firebase Authentication
Strict Firestore security rules
Limited access rights & data minimization
No retention of images processed through OCR
Users have the right to:
Access their data
Request correction or deletion
Restrict or object to processing
Obtain a copy of their data (portability)
Withdraw consent at any time
Data export and account deletion are available directly within the app.
EU platform for online dispute resolution:
https://consumer-redress.ec.europa.eu
We are not obliged nor willing to participate in a consumer arbitration procedure.
We may update this Privacy Policy as our services evolve.
The latest version is always accessible within the app and on our website.