Privacy Policy
Last updated: May 5, 2026
This Privacy Policy explains how the Tabby mobile application (“Tabby”, “the app”, “we”, “us”) collects, uses and shares your information. By using Tabby you agree to the practices described below.
Tabby is published by Educalibr and reachable at the API domain tabby-api.educalibr.com. For any privacy-related question, write to privacy@educalibr.com.
- Account profile — name, email address, password (stored only as a one-way hash that we cannot reverse), preferred default currency.
- Event and expense data — event names, descriptions, amounts, currencies, categories, expense dates, payer, splits, items on itemized receipts, settlements (payments) you record between members, invitations you send.
- Payment method information (optional) — bank or label, card number and card holder name that you choose to attach to your profile for the sole purpose of other event members copying it to pay you outside Tabby. Tabby does not process payments and does not charge any card. You can delete a card at any time from Profile → Cards & banks.
- Receipt images (optional) — photos you upload to the “Scan receipt” flow.
- Ghost members (optional) — names you enter on behalf of friends who haven’t installed Tabby so you can split expenses with them; these have no email, password or login.
- Device push token if you grant notification permission, used to deliver expense, settlement and reminder alerts.
- IANA timezone derived from your device locale, used so the daily auto-reminder lands at your local evening rather than server time.
- Standard request metadata from your device when calling our API (IP address, user agent, request timestamps) for routine logging and abuse prevention.
We do not collect location, contacts, microphone, biometrics or advertising identifiers.
We use it to:
- Provide the core expense-splitting service — balances, settlements, history, exports, archive.
- Send push notifications about events you’re a member of.
- Send a once-a-day reminder if you have outstanding balances, scheduled at your local 18:00.
- Convert foreign currencies to each event’s base currency.
- Parse receipt photos into expense items.
- Diagnose bugs and protect the service from abuse.
3. Third-party processors
We share data with the following providers only to the extent necessary to operate the service:
| Provider |
Data shared |
Purpose |
| Expo Application Services (Expo, Inc.) |
Your device push token, notification title/body |
Delivers push notifications |
| OpenAI |
The image you submit to “Scan receipt” |
Vision-based parsing of line items |
| exchangerate-api.com |
No personal data — currency pairs only |
Fetches global FX rates |
| Apple / Google |
App-distribution metadata they require |
App Store / Play Store delivery |
| Cloud hosting (managed PostgreSQL + application server) |
All stored application data |
Runs our backend |
We do not sell your data, do not use it for advertising, and do not share it with data brokers.
4. What other event members see
When you join or create a shared event, your name, the expenses you log, the payments you record, and any payment method you choose to attach to the event are visible to every active member of that event. Removing yourself from an event hides you from future activity but does not delete your historical contributions, since other members may rely on them for their own balances.
The per-event Export tally feature lets you copy a plain-text summary of who owes whom, including any default card you’ve added to your profile — only members you select are included in the message.
5. Storage, security and retention
- Application data is stored in our managed databases on cloud infrastructure.
- Traffic between the app and our servers is encrypted in transit (HTTPS for REST, WSS for the realtime channel).
- Passwords are stored as bcrypt hashes; we cannot recover them.
- Receipt images submitted to the OCR endpoint are forwarded to OpenAI for parsing and are not retained on our servers after the response is returned.
- Data is retained while your account is active. Deleting an event permanently removes its expenses, settlements, members and attached receipts. Archiving an event hides it from your home screen but preserves its records — you can unarchive it later.
- Standard backups may persist for a short rolling window for disaster recovery.
6. Your rights
You can at any time:
- View all data in the app and via the per-event Export tally.
- Update your name, default currency and timezone from Profile → Edit profile.
- Archive or delete events you administer.
- Remove payment methods from Profile → Cards & banks.
- Sign out from Profile → Sign out.
- Disable notifications from Profile → Preferences.
- Request deletion of your account, or any other privacy-related action, by emailing privacy@educalibr.com — we’ll respond within 30 days.
Depending on where you live (EU/UK/California, etc.) you may have additional rights of access, rectification, portability, restriction or objection. Use the contact email above to exercise them.
7. Children
Tabby is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). If you believe we hold data about a child without parental consent, contact us and we will delete it.
8. International transfers
Tabby may store and process your data in regions outside the country where you live. We rely on standard contractual safeguards offered by our hosting and processor providers for any cross-border transfer.
9. Changes to this policy
We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the latest revision. Significant changes will be announced in-app or by email to your account address.
Educalibr — privacy@educalibr.com
For App Store / Play Store reviewers: this policy is published at the URL you’ll find on the Tabby store listing.