EN
halvr icon

halvr, Privacy Policy

Last updated: June 2026

halvr processes financial transaction data that you voluntarily import from your bank statements. Your bank statement files are never stored on halvr's servers, they are read in memory, then discarded. We store only what is needed to run the shared ledger, keep it within the EU, and never sell or share it with third parties for any commercial purpose.

1. Who we are

halvr is a shared expense tracking application developed and operated by Ed Explore, registered in the Netherlands (KvK). You can reach us at info@edexplore.app.

2. What data we collect

Account and profile data

Payment details (optional)

If you choose to add them in your profile, halvr stores your IBAN and account holder name. These are used only to generate a payment QR code so other members of your shared book can pay you directly from their own banking app when settling up. halvr never initiates, processes, or has access to any payment itself, these details are purely informational and used locally to render the QR code.

Two-factor authentication (2FA)

If you enable two-factor authentication, halvr uses Supabase's built-in authenticator app (TOTP) multi-factor authentication. The shared secret is generated and verified directly by Supabase, halvr never sees or stores it separately.

Financial transaction data

When you import a bank statement, halvr extracts and stores the following fields from each transaction you choose to submit:

You control which transactions are submitted to the shared ledger. Transactions you do not select are not stored.

Settlement and balance data

Monthly settlement records include the total amounts attributed to each person, the calculated balance, and a timestamp of when the settlement was acknowledged.

Recurring patterns

When you mark a transaction as recurring, halvr saves the merchant pattern and expected amount range to auto-select it in future uploads. These patterns are stored per user and per shared book.

Audit events

To maintain an accurate and trustworthy shared ledger, halvr logs significant actions (statement submissions, expense removals, settlement acknowledgements) including:

Audit events form a checksum-chained log to detect tampering. They are append-only and cannot be deleted by anyone. No IP addresses or device information are recorded.

Bank statement files

halvr never stores your bank statement files on its own servers. Your file is read into memory to extract transactions, then immediately discarded, nothing is written to disk. If you choose to connect Google Drive (optional), you can save a copy of the file to your own Google Drive folder. That file lives entirely in your own Google Drive account, under your full control, and halvr only accesses it during parsing.

3. Legal basis (GDPR)

4. How long we keep your data

5. Who we share data with

Within halvr, members of the same shared book can see all expense lines, settlement records, and recurring items that belong to that book. Each member can see the display names of other members in their book.

We do not sell your data to any third party. We do not use your financial data for advertising or profiling.

6. Third-party processors

ProviderPurposeData locationPrivacy policy
Supabase Database (profiles, transactions, settlements, audit log) and authentication EU (West Europe) supabase.com
Google Drive Optional file archiving, if you connect your Google Drive, halvr can save your statement file to your own Drive folder (accessed only during parsing) EU google.com
Vercel Application hosting and serverless functions Global CDN; processing in EU vercel.com
Resend Transactional email (authentication, notifications) EU resend.com

7. Security

Access to data is controlled by row-level security (RLS) on every database table. You can only read data from books you are a member of. Passwords are hashed and never stored in plain text. All connections use HTTPS. Bank statement files are never stored on halvr's servers.

8. Your rights

Under the GDPR you have the right to:

A note on erasure: expense lines and audit events cannot be fully deleted because they form part of a shared, acknowledged financial record. On request, we can anonymise your user ID from historical records while preserving the financial integrity of the shared book.

To exercise any of these rights, email info@edexplore.app.

9. Changes to this policy

We may update this policy from time to time. The date at the top of the page reflects the most recent revision. Continued use of halvr after an update constitutes acceptance of the revised policy.