← AccueilSplitMyTicket

Privacy Policy

Version du 25 May 2026SullyAndCie, Belgium

↓ Télécharger en PDF

This policy explains what data SplitMyTicket collects, why, how it is protected, and your rights. It applies in accordance with the General Data Protection Regulation (GDPR — EU 2016/679).

1. Data Controller

Company name: SullyAndCie

Country: Belgium

Application: SplitMyTicket — https://splitmyticket.com

Data protection contact: [to be completed upon launch]

2. Data Collected and Purposes

We collect only the data strictly necessary for the operation of the service. SplitMyTicket does not collect sensitive data within the meaning of Article 9 of the GDPR.

Data collectedRequired?Retention periodLegal basis
Email (organiser)YesDuration of accountContract performance
Participant first nameNo (optional)48 hoursConsent
Participant token (technical)Yes48 hoursLegitimate interest
Receipt photoYes (OCR scan)48h then automatic deletionLegitimate interest
Items and prices extractedYes48 hoursLegitimate interest
Organiser IBANNo (optional)Duration of sessionConsent
Analytical data (see §3)No24 months (aggregated)Consent
Technical logs (IP, errors)Automatic30 daysLegitimate interest

2.1 Receipt Photo Processing

Photos submitted for OCR analysis are sent to Anthropic Inc.'s Claude Vision API (sub-processor). They are used solely to extract items and prices. They are not retained by Anthropic beyond processing and are automatically deleted from our servers within 48 hours of the session closing.

2.2 What We Do NOT Do

3. Analytical Data and Consumption Insights (opt-in)

This feature is subject to your explicit consent. No analytical data is collected without your prior agreement.

SplitMyTicket may, with your consent, collect aggregated and anonymised data on consumption habits. This data allows the production of anonymous statistics on restaurant consumption trends (popular dish types, average basket, number of guests, etc.).

3.1 Nature of Data Collected (with consent)

3.2 What This Data NEVER Contains

3.3 Use of This Data

This aggregated data may be used to:

You may withdraw your consent at any time from your account settings. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

4. Cookies and Trackers

4.1 Strictly Necessary Cookies (no consent required)

4.2 Analytical Cookies (consent required)

SplitMyTicket may use traffic analysis tools (e.g. Google Analytics, PostHog or equivalent) to understand how users navigate the application. These tools place tracking cookies.

If analytical tools are enabled, a GDPR-compliant consent banner will be presented on your first visit. You may refuse without any impact on your use of the service.

Data collected via these tools includes: pages visited, session duration, device type, country (never a full IP if Google Analytics 4 is configured with anonymisation). They are never cross-referenced with your personal account data.

5. Sub-processors

Sub-processorRoleLocation & guarantees
Supabase Inc.Database, authentication, file storageUSA — EU Standard Contractual Clauses
Vercel Inc.Frontend hosting, CDN, deploymentUSA — EU Standard Contractual Clauses
Anthropic Inc.OCR / AI analysis of receipt photosUSA — EU Standard Contractual Clauses
Upstash Inc.Redis rate limitingUSA — EU Standard Contractual Clauses
Google LLCAnalytics (if enabled, with consent)USA — EU Standard Contractual Clauses + Google DPA

6. Transfers Outside the EU

All our sub-processors are established in the United States. These transfers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission, in accordance with Article 46 of the GDPR. Data processing agreements (DPAs) are in place with each sub-processor.

7. Your Rights (GDPR)

In accordance with the GDPR (Articles 15 to 22), you have the following rights:

To exercise these rights: [email address to be completed] or via your account settings.

You also have the right to lodge a complaint with the Belgian Data Protection Authority: www.dataprotectionauthority.be

8. Security

We implement appropriate technical and organisational measures:

9. Minors

SplitMyTicket is intended for persons aged at least 16. We do not knowingly collect personal data relating to minors under 16.

10. Changes to This Policy

This policy may be updated. In the event of a substantial change, we will notify you by email (if you have an account) or via a notice visible in the application. The update date is always shown at the top of the document. Continued use of the service after notification constitutes acceptance.

11. Contact

Data Controller: SullyAndCie — https://splitmyticket.com

For any request relating to your personal data: [email address to be completed]

Belgian supervisory authority: Data Protection Authority — www.dataprotectionauthority.be

CGUConfidentialité