Tab

Privacy Policy

Last updated: April 21, 2026

1. Introduction

Tab is a mobile app that helps friends, roommates, and travel companions split bills and track shared expenses. This Privacy Policy explains what information we collect when you use Tab, how we use it, who we share it with, and the choices you have.

Tab is operated from Ontario, Canada. When we say "Tab," "we," "us," or "our," we mean the team behind Tab. When we say "you," we mean the person using the app.

We keep this policy short and plain. If something here is unclear, email us at legal@hellotab.app and we will answer you in plain English.

2. Information We Collect

We only collect information we need to run the app. Tab does not sell your data and does not use third-party advertising or analytics trackers.

Information you give us when you sign up

When you create an account, Tab asks your identity provider (Apple, Google, or Firebase Auth for email and password) to tell us:

  • Your email address. If you use Sign in with Apple and choose "Hide My Email," we only receive Apple's relay address.
  • A display name that other people in your groups will see. You can change this at any time in Profile settings.
  • A user identifier assigned by Firebase Authentication. This is an internal ID we use to link your data together.

Information you create inside the app

Tab stores the content you put into it so it can show the same data across your devices and to the people you share groups with:

  • Expenses (amount, currency, description, category, who paid, how it was split).
  • Groups and memberships (group name, who is in the group, roles).
  • Settlements (records that someone paid someone back).
  • Receipt photos you upload when using the scan feature.
  • Line items parsed from scanned receipts, along with how you assigned each item.

Information from your device

  • When you scan a receipt, the photo is read from your camera or photo library. We only access the specific photo you pick.
  • On devices that support on-device AI (iOS 26 and newer), Tab parses receipts on your phone without sending the image anywhere.
  • On older devices, or when you tap "Scan with AI," Tab uploads the receipt image to our Cloud Function so it can be parsed (see Section 4).

Information we may collect later

These features are planned but not fully live yet. When they turn on we will update this policy and tell you in the app:

  • Crash and performance logs via Firebase Crashlytics so we can fix bugs. These logs describe what the app was doing when it crashed. They do not include the contents of your expenses.
  • Phone number, only if you choose to add one for finding friends.
  • Push notification tokens from Apple Push Notification service so we can send reminders about groups you are part of.

What we do not collect

  • We do not access your contacts, location, microphone, health data, or calendar.
  • We do not use advertising SDKs, analytics SDKs, or cross-app tracking.
  • We do not collect anything from people under 13 (see Section 8).

3. How We Use Your Information

We use the data above to:

  • Run your account — authenticate you, keep you signed in, and recover your account if you lose a device.
  • Sync your data — show the same expenses and balances across your devices and to other members of your groups.
  • Scan receipts — extract line items, totals, tax, and tip from a receipt photo.
  • Calculate balances — figure out who owes whom across groups and currencies.
  • Send notifications — let you know when someone adds an expense or settles up (once this feature is live).
  • Enforce limits — count your cloud scans so we know when a free user has used their five monthly scans, and unlock unlimited scans for Tab Pro subscribers.
  • Support you — respond to the emails you send to support@hellotab.app.
  • Fix bugs — read crash reports and diagnose issues you report.
  • Comply with law — respond to valid legal requests and protect against fraud or abuse.

We do not use your data to train machine-learning models. We do not sell your data.

4. How We Share Your Information

Tab shares data only with the service providers we need to run the app, with other users you have chosen to share groups with, and when the law requires it.

People in your groups

When you add someone to a group, they can see your display name, avatar, and every expense, settlement, and line item inside that group. If you create a new group with someone whose email is already in Tab, the system links you automatically. Before you add anyone, make sure they are the right person.

Firebase (Google Cloud)

Tab is built on Firebase, which is operated by Google in the United States. Firebase handles:

  • Authentication (sign in with Apple, Google, or email and password).
  • Firestore (the database that stores your profile, groups, expenses, and settlements).
  • Cloud Storage (where receipt images are stored).
  • Cloud Functions (server code that parses receipts and updates currency exchange rates).
  • Cloud Messaging for push notifications (planned).

Firebase data is stored in Google's US data centres. If you are outside the United States your data will be transferred there. Google's Firebase privacy terms are available at https://firebase.google.com/support/privacy.

Anthropic (Claude Haiku)

When you tap "Scan with AI" on a receipt, our Cloud Function sends the receipt image and the on-device OCR text to Anthropic's Claude Haiku model so it can extract line items. Anthropic is based in the United States. According to Anthropic's commercial terms, API inputs are not used to train their models and are retained only transiently to deliver the response. We never send your email, display name, group members, or any other account identifiers to Anthropic — only the image and OCR text. You can read Anthropic's privacy policy at https://www.anthropic.com/legal/privacy.

If you only use on-device scanning (on a supported device) or manual entry, no receipt data leaves your phone.

Apple

If you sign in with Apple, Apple handles the authentication flow and tells us your email (either your real address or a private relay address you can revoke). Apple also processes subscription purchases through the App Store if you subscribe to Tab Pro. We receive only what is needed to grant your Pro status (a receipt token and a subscription identifier); we do not receive your payment card details.

Google

If you sign in with Google, Google handles the authentication flow and provides your name, email, and profile photo URL.

Legal reasons

We will share information if we are required to by law, a valid subpoena, or a court order, or if we need to investigate fraud, security issues, or violations of our Terms of Use. If we ever receive a legal request for your data, we will try to notify you unless we are legally prevented from doing so.

Business transfers

If Tab is ever acquired, merged with another company, or sells its assets, your information may be transferred as part of that deal. We will give you notice and the chance to delete your account before any transfer.

5. Your Rights and Choices

You have the following rights no matter where you live. Some people have extra rights under GDPR or CCPA; see Section 9.

  • Access. Almost all of your data is visible in the app. If you want a full copy of what we have on our servers, email support@hellotab.app and we will export it for you.
  • Correction. You can edit your display name, profile photo, expenses, group memberships, and settlements directly in the app.
  • Deletion. Delete individual items in the app. To delete your entire account and everything in it, tap Delete Account in Profile settings, or email support@hellotab.app. We will handle deletion requests in a reasonable time, typically within 30 days. Some records (for example, expenses in a group with other members) will be retained so the group balance stays consistent, but your personal profile, email, and identifiers will be removed or anonymized.
  • Objection. You can ask us to stop using your data for a particular purpose. Email legal@hellotab.app.
  • Portability. You can ask for your data in a machine-readable format. A self-serve export tool is on our roadmap; in the meantime, email support@hellotab.app.
  • Notifications. You can turn push notifications off in iOS Settings at any time.
  • Scan feature. You can choose not to use the AI scan feature. Manual expense entry is always available.

You can also ask your identity provider (Apple or Google) to stop sharing data with Tab through their account settings. Doing so may prevent you from signing in.

6. Data Retention

  • Account data (profile, groups, expenses, settlements) persists until you ask us to delete your account or delete specific items.
  • Receipt images are stored in Firebase Storage. You can delete a receipt image from inside the app. When you delete an expense, its associated receipt is removed from storage.
  • Firebase Authentication records (the internal user ID and email) remain until we process your deletion request.
  • Server logs (basic request logs kept by Firebase for reliability) are typically retained by Google for up to 30 days.
  • Backups. Firebase keeps short-term backups for disaster recovery. Data in those backups expires on Google's schedule and is not actively used by Tab.

7. Security

We take reasonable steps to protect your information:

  • All connections between the Tab app and our servers use TLS (HTTPS).
  • Firebase services store data in encrypted form on Google's infrastructure.
  • Access to production Firebase data is restricted to the Tab maintainers and requires Google account multi-factor authentication.
  • We use Firestore security rules to make sure you can only read and write data in groups you are part of.

No service is perfectly secure. If we ever discover a security breach that affects your data, we will notify you and the relevant regulators as required by law.

8. Children's Privacy

Tab is not intended for anyone under 13. We do not knowingly collect information from children under 13. If you believe a child under 13 has created an account, email legal@hellotab.app and we will delete the account. If you are between 13 and the age of majority in your jurisdiction, you should only use Tab with the involvement of a parent or guardian.

9. International Users

Tab is operated from Canada. Firebase and Anthropic are based in the United States. If you use Tab from outside Canada or the United States, your data will be transferred to and stored in those countries, which may have different privacy laws than your own.

If you are in the European Economic Area, the United Kingdom, or Switzerland (GDPR)

You have the right to access, correct, delete, or port your personal data, to restrict or object to our processing of it, and to lodge a complaint with your local data protection authority. Our legal basis for processing your data is:

  • Contract — we process your account and expense data to provide the service you signed up for.
  • Legitimate interest — we process limited data (for example, scan counters) to prevent abuse and keep the service working.
  • Consent — where the law requires it (for example, sending marketing email — which we do not currently do).

Cross-border transfers to the United States are covered by Google's and Anthropic's standard contractual clauses.

If you are in California (CCPA / CPRA)

You have the right to know what personal information we collect, to delete it, to correct it, to opt out of "sale" or "sharing" of personal information, and to not be discriminated against for exercising these rights. Tab does not sell or share personal information as those terms are defined under California law. We do not use cross-context behavioural advertising.

To exercise any California right, email legal@hellotab.app with "California privacy request" in the subject line.

If you are in Canada (PIPEDA)

You have the right to access and correct your personal information and to file a complaint with the Office of the Privacy Commissioner of Canada.

10. Changes to This Policy

We will update this policy when we add new features or change how we use data. When we make a material change, we will update the "Last updated" date above and, for significant changes, show a notice inside the app the next time you open it. If you keep using Tab after the change takes effect, you accept the new policy.

11. Contact Us

For privacy questions, complaints, or legal notices: legal@hellotab.app

For general help with the app, account deletion, or data export requests: support@hellotab.app

We read every email. We will respond in a reasonable time, typically within 30 days.