GhostCheckGhostCheck

Privacy Policy

Effective Date: April 30, 2026  ·  Last Updated: May 18, 2026

1. Introduction

GhostCheck (“we,” “our,” or “us”) is a restaurant bill-splitting application. This Privacy Policy explains how we collect, use, disclose, and protect information when you use GhostCheck. By using GhostCheck, you agree to the practices described in this policy.

2. Information We Collect

Information You Provide

  • Name — collected when you check in to a dining session or create a session as a host.
  • Phone number — collected from hosts to send a one-time verification code (OTP) before session creation, and from guests to send an SMS link to claim their portion of the bill.

Information Collected Automatically

  • Session data — the name of the dining session, items ordered, and bill totals entered by the host.
  • Receipt images — photos of receipts uploaded by the host for automated item extraction and receipt review by the host and guests. Images are compressed before upload when supported and stored privately in Supabase Storage for the meal.

Information We Do Not Collect

  • We do not collect payment information, credit card numbers, or bank details.
  • We do not collect location data.
  • We do not use cookies or tracking pixels.
  • We do not create user accounts or maintain persistent user profiles.

3. How We Use Your Information

We use your information solely to operate GhostCheck:

  • Host phone number — to send a one-time verification code (OTP) confirming the host’s identity before a session is created. The OTP expires after 10 minutes and is deleted immediately upon verification.
  • Guest name and phone number — to add you to a dining session roster and to send you an SMS link when the host is ready to split the bill.
  • Receipt images — to automatically extract item names and prices using AI OCR providers and to let the host and guests review the uploaded receipt while splitting the bill.
  • Session data — to calculate each guest’s share of the bill during the active session.

We do not use your information for marketing, advertising, or any purpose beyond the active dining session.

4. How We Share Your Information

We do not sell your personal information. We share information only as necessary to operate the service:

  • Twilio, Inc. — Your phone number is transmitted to Twilio to deliver the SMS verification codes and claim links.
  • Anthropic, PBC and Google — Receipt images uploaded by the host may be transmitted to AI OCR providers for text extraction.
  • Supabase — Receipt images and session data are stored so the active meal can be reviewed by authorized hosts and guests. Receipt images are accessed through temporary signed URLs.
  • Legal requirements — We may disclose information if required by law or in response to valid legal process.

All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with or sold to any third parties or affiliates for marketing or promotional purposes.

5. Data Retention

Session data (guest names, phone numbers, item claims, and receipt images) is stored for the active dining session and remains available until the meal is deleted or cleanup is requested. When a host or administrator deletes a meal, GhostCheck deletes the associated database records and attempts to remove the meal’s receipt images from Supabase Storage. We do not operate an automated retention window yet, but you may contact us to request deletion of your data.

6. SMS Communications

Hosts: By entering your phone number and clicking “Send Code,” you consent to receive a one-time verification code from GhostCheck and, after session creation, session update messages.

Guests: By entering your phone number and clicking “Check Me In,” you expressly consent to receive text messages from GhostCheck for bill review and payment reminders related to your dining session.

Message frequency varies. Standard message and data rates from your carrier may apply. Reply STOP to opt out at any time. Reply HELP for help.

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

7. Security

We take reasonable technical measures to protect the information we collect. Session data is stored on secured servers. Receipt images are transmitted over encrypted HTTPS connections to third-party processors and stored privately in Supabase Storage so hosts and guests can review the receipt through temporary signed URLs while resolving the bill.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Children's Privacy

GhostCheck is not directed at children under 13 years of age. We do not knowingly collect information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last Updated” date at the top of this page reflects the most recent revision. Continued use of GhostCheck after changes are posted constitutes acceptance of the revised policy.

10. Contact Us

If you have questions about this Privacy Policy or would like to request deletion of your data, contact us at: michael@d2sci.co.