Who we are
Grudget is made by Cedlumia Studios (ABN 76 931 526 588), a one-person independent studio based in Perth, Western Australia. Every line of code, every pixel, and every reply to your email comes from the same person: Em. When we say "we," "us," or "Grudget" throughout this policy, that's who we mean.
As the data controller, Em is responsible for any personal information you share through the app.
What we collect
We only collect what we need to make Grudget work. Here's the full list:
What we don't collect: bank login details, card numbers, government IDs, location data, contact lists, or anything else we don't need. We'd rather not have it.
Why we collect it
We use your data for exactly these purposes:
- To let you sign in to your account and use the app.
- To sync your data across your devices (so your phone and tablet show the same thing).
- To let you split bills and share data with other Grudget users you've invited.
- To send you essential service communications (account issues, security alerts, important changes).
- To fix bugs and improve the app based on crash reports.
- To process subscription payments through the App Store or Google Play (we don't see your card details).
That's it. We don't run ads. We don't build advertising profiles. We don't do any of that.
How it's stored
Your data is stored in Supabase, a reputable cloud database service. Supabase stores data on servers operated by AWS.
Encryption
All data is encrypted in transit (using TLS) and at rest. Your password is hashed using industry-standard algorithms and is never stored in plain text.
Access controls
Grudget uses Row Level Security (RLS) policies in Supabase, which means your data can only be read by you (or, in the case of shared splits, the specific users you've linked them with). No other users can access your data.
International transfers
Supabase servers may be located outside of Australia. By using Grudget, you consent to your data being transferred and stored in these locations. Supabase maintains appropriate safeguards for international data transfers.
Selling data (we don't)
We do not sell your personal data. Full stop.
We don't sell it, rent it, lease it, license it, or trade it. We don't pass it to data brokers. We don't build profiles on you for advertising purposes. Our business model is simple: you pay us a subscription fee, and in exchange we give you the app. That's the whole deal.
If we ever were to be acquired or sell the business, your data would be transferred with the same privacy commitments intact. If that ever changed, we'd tell you first and give you the option to delete your account.
Your rights
You have the following rights regarding your data:
To exercise any of these rights, email Em at help@grudget.com.au. You'll get a reply within 30 business days.
Data retention
We keep your data for as long as you have an active Grudget account. When you delete your account, we permanently delete your personal data and financial records within 30 days.
Some data may be retained in encrypted backups for a further 90 days, after which it's also permanently deleted. We may retain anonymised, aggregated data (that can't be linked back to you) indefinitely for service improvement purposes.
Children's privacy
Grudget is not intended for children under 13 (or under 16 in parts of the EU). We don't knowingly collect data from anyone in that age range. If you believe a child has provided us with personal information, please contact us and we'll delete it.
Changes to this policy
We may update this policy from time to time. If we make material changes, we'll notify you in the app or by email before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.
Contact us
Questions, concerns, or requests about this policy or your data? Get in touch. Em will reply personally, usually within 10 business days. Definitely not Grudgey.