Privacy Policy

1. Data We Collect

We collect only the minimum data necessary to operate the Service:

• Account data: email address, hashed password (if email registration), Google account ID and profile picture (if Google OAuth).
• Exchange account data: your UID on partner exchanges that you voluntarily provide to connect your cashback account.
• Trading statistics: daily volume and commission data received from partner exchanges, used solely to calculate your cashback level and payout.
• Payment records: USDT cashback amounts paid to you, timestamps, and exchange references.
• Technical data: IP address, browser type, and usage logs for security and abuse prevention purposes.

We do not collect API keys, passwords to exchanges, or any trading credentials.

2. How We Use Your Data

Your data is used exclusively to:

• Operate your account and authenticate you;
• Calculate and distribute daily cashback payments;
• Display your trading statistics and cashback history in the dashboard;
• Detect and prevent fraud or abuse;
• Communicate important service updates (via Telegram or email).

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Data Sharing

We may share your data only in the following limited cases:

• Partner exchanges: we share your UID with the relevant exchange only to verify cashback eligibility — no other personal data is shared.
• Legal obligations: if required by law, court order, or government authority, we may disclose data as legally compelled.
• Service providers: our infrastructure runs on a European VPS. No personal data is processed by third-party analytics or advertising services.

4. Google OAuth

If you sign in with Google, we receive your email address and Google account ID from Google's OAuth service. We do not request access to your Google Drive, Gmail, contacts, or any other Google services. You can revoke access at any time via your Google Account settings.

5. Data Storage & Security

Your data is stored in a PostgreSQL database on a European VPS. Passwords are stored as bcrypt hashes (cost factor 12) — we never store plaintext passwords. All traffic between your browser and our servers is encrypted via TLS (HTTPS).

While we take reasonable security measures, no system is 100% secure. In the event of a data breach that affects your personal data, we will notify you within 72 hours of becoming aware of it.

6. Cookies & Sessions

We use a single secure HTTP-only session cookie to keep you logged in. We do not use tracking cookies, analytics cookies, or third-party advertising cookies. No data is shared with ad networks.

7. Your Rights

You have the right to:

• Access — request a copy of your personal data;
• Rectification — correct inaccurate data;
• Erasure — request deletion of your account and associated data;
• Portability — receive your data in a structured, machine-readable format;
• Object — object to processing of your data in certain circumstances.

To exercise any of these rights, contact us via Telegram: t.me/SplitFee. We will respond within 30 days.

8. Data Retention

We retain your account data for as long as your account is active. Payment and trading history records are retained for 3 years for financial record-keeping purposes. If you delete your account, personal identifiers are removed within 30 days; anonymised aggregate statistics may be retained indefinitely.

9. Children's Privacy

SplitFee is not directed at persons under 18. We do not knowingly collect personal data from minors. If you believe a minor has registered, please contact us and we will delete their data promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced via t.me/SplitFee at least 7 days before they take effect. The "Last updated" date at the top of this page will always reflect the current version.

11. Contact

Data controller: SplitFee (Estonia jurisdiction).
Contact: t.me/SplitFee