Security

How we protect your data and maintain your trust.

At EasySplit, security is foundational to everything we build. We handle financial data — expense records, payment identifiers, and receipt images — and we take that responsibility seriously. This page describes our security practices, infrastructure, and the measures we take to protect your information.

Data Encryption

In Transit

All communication between your device and our servers is encrypted using TLS 1.3. This includes API requests, receipt image uploads, and authentication flows. We enforce HTTPS on all endpoints — plaintext HTTP connections are rejected.

At Rest

All data stored in our PostgreSQL database is encrypted using AES-256 encryption provided by Fly.io's managed database service. This includes:

User profiles and account data
Expense records, group data, and balance calculations
Receipt images and AI-parsed drafts
UPI VPAs and contact information

Database backups are also encrypted and stored in access-controlled storage.

Authentication & Access Control

User Authentication

Google OAuth 2.0: We use Google as our sole identity provider. We never handle or store user passwords.
JWT Tokens: After OAuth, sessions are managed via signed JSON Web Tokens with short expiry windows. Access tokens expire frequently and are refreshed using secure refresh tokens.
Token Blacklisting: On sign-out or suspicious activity, tokens are immediately invalidated via a server-side blacklist.
Secure Storage: On mobile, tokens are stored in the platform's secure enclave (iOS Keychain / Android Keystore) via Expo SecureStore. We do not use cookies on our web endpoints.

API Access Control

All API endpoints (except authentication routes) are protected by JWT authentication guards
Group-specific endpoints have additional membership verification — only group members can access group data
Role-based permissions within groups (admin vs member) control who can modify group settings, remove members, or delete expenses

Infrastructure

Isolated containers: Our API runs in isolated containers on Fly.io with no shared tenancy. Each deployment is an immutable image.
Managed PostgreSQL: Database is run on Fly.io's managed Postgres with automatic backups, point-in-time recovery, and no direct public access.
Redis: Used for caching and job queues (BullMQ). Contains only ephemeral data — no personal information is persisted in Redis long-term.
No plaintext secrets: All credentials, API keys, and signing secrets are injected via environment variables. No secrets exist in source code, configuration files, or container images.
Dependency scanning: We monitor dependencies for known vulnerabilities and apply patches promptly.

Application Security

Input validation: All API inputs are validated and sanitized using class-validator decorators in NestJS
SQL injection prevention: We use Prisma ORM with parameterized queries — no raw SQL concatenation
Rate limiting: API endpoints are rate-limited to prevent abuse and brute-force attacks
CORS policy: Cross-origin requests are restricted to authorized domains only
Money handling: All monetary calculations use decimal.js — we never use floating-point arithmetic for financial amounts, preventing rounding errors

AI Receipt Processing

When you scan a receipt, the image is sent to OpenAI's Vision API over an encrypted connection. Key safeguards:

Images are sent via OpenAI's API, which does not use API inputs for model training per their data usage policy
AI returns a draft only — no expense is created until you explicitly review and confirm it
Receipt images are encrypted at rest on our servers
You can delete receipt images at any time via account settings

Sub-Processors

The following third-party services process data on our behalf. Each is bound by their respective security and privacy commitments:

Provider	Purpose	Data Processed	Location
Google	OAuth 2.0 authentication	Google account ID, email, display name, avatar URL	United States
OpenAI	AI-powered receipt parsing via Vision API	Receipt images (processed, not stored for training)	United States
Fly.io	Application hosting and managed PostgreSQL database	All application data (encrypted at rest)	India (primary), United States (failover)
Resend	Transactional email delivery	Email addresses and message content	United States
Redis (Upstash)	Server-side caching and background job queues	Ephemeral session and task data	India

Data Handling Practices

Minimal data collection: We only collect data necessary to provide the Service. We do not track users across websites or sell data to advertisers.
Purpose limitation: Data is used exclusively for providing expense splitting functionality, notifications, and support.
Data segregation: User data is logically segregated by account. Group data is access-controlled by membership.
Logging: Server logs retain IP addresses and request metadata for up to 90 days for debugging and security purposes, then are automatically purged.

Data Retention & Deletion

Account data, expenses, and receipts are retained for the lifetime of your account
Upon account deletion, all personal data is permanently erased within 30 days
Server logs are automatically purged after 90 days
Database backups older than 30 days are destroyed
You can request deletion via the app, our deletion page, or by emailing support@akash-deep.com

Incident Response

In the event of a security incident that affects your personal data:

We will notify affected users within 72 hours of confirming the incident
Notifications will be sent via email and, where possible, in-app alerts
We will provide details about the nature of the incident, data affected, and remediation steps taken
We will cooperate fully with any regulatory authorities as required by applicable law

Report a Vulnerability

If you discover a security vulnerability in EasySplit, please report it responsibly. Do not disclose it publicly until we have had a chance to investigate and patch.

Security Contact

Email: security@akash-deep.com

For general support inquiries, use support@akash-deep.com instead.