Skip to content

Privacy Policy

Last updated: May 12, 2026

This policy explains what TableSplit collects, what we use it for, and what we don't do with your data. It pairs with our Terms of Service.

What we collect

  • Your email address, used to sign you in and to send transactional emails (seat confirmations, event reminders, comment notifications). If you sign in with Google, we receive your verified email address, name, and profile picture URL from Google's OpenID Connect userinfo endpoint and store only your email; we never receive your Google password.
  • Content you submit: charity name, event details, table cost, seat count, host notes, optional venue, optional display-name preferences, optional seat notes, optional contact phone you provide when claiming a seat (visible only to your host), and comments on tables you're part of.
  • Activity metadata: when you signed in, when you claimed a seat, when you posted a comment. Used to make the Service work and to debug problems.
  • Standard server logs: IP address, user agent, requested path. Kept short-term for security and abuse investigation.

What we don't collect

  • No payment information.TableSplit doesn't process payments, so we never see credit cards, bank info, or charity donation amounts.
  • No location data beyond what your IP incidentally reveals.
  • No third-party advertising or analytics trackers.We use Cloudflare's privacy-friendly Web Analytics for aggregate page-view counts only.

We do not sell your information

We do not sell, rent, or share your personal information for monetary or other valuable consideration. We do not share your information for cross-context behavioral advertising. This holds regardless of whether the term “sale” is interpreted under the California Consumer Privacy Act (CCPA) or any similar state law.

Who can see your information

  • Hostsof a table you join can always see your email address and (if provided) your display name, contact phone, and seat notes, regardless of your “show on roster” setting. This is required for the host to coordinate the event.
  • Other participants and the publicsee only what your roster-visibility setting allows. By default, seats appear as “Seat #N — claimed” without your name.
  • TableSplit's operatorhas access to data necessary to run the Service. We don't sell or share your data with third parties beyond the subprocessors listed below.

How long we keep it

Retention varies by data type:

  • Account data (email, sign-in history) is kept for as long as your account is active, and for up to 30 days after deletion to complete the removal process and reconcile backups.
  • Tables, seats, and comments are retained for at least 90 days after the event date so participants and hosts can refer back to them, then may be archived. Soft-deleted comments are kept for audit-trail purposes.
  • Notification records (which emails were sent to whom) are kept for the lifetime of the related table to prevent duplicate sends.
  • Server logs and IP records are kept by our hosting provider (Cloudflare) on a short-term rolling basis, typically days rather than weeks. We do not retain a long-term archive of server logs.

Subprocessors

The Service is built on a small set of vendors:

  • Cloudflare — hosting, database (D1), DNS, web analytics, email routing.
  • Resend — transactional email delivery (sign-in links, seat confirmations, host notifications).
  • Google — Sign in with Google. Only used if you choose to sign in with a Google account; otherwise no data is shared with Google.
  • GitHub — code repository for the Service itself; does not host any user data.

Some of these vendors operate global infrastructure and may process or store your data in countries outside your own. We select vendors that contractually commit to industry-standard security practices.

Cookies

We set one essential cookie (ts_session) after you sign in. It's used to keep you signed in. No tracking cookies.

Your rights

You can request to see what data we hold about you, correct it, export it, or delete it. Email [email protected] and we will respond within 30 days. You may also opt out of non-essential emails (event reminders and comment digests) from the unsubscribe link in any such message; transactional emails tied to your account's operation (sign-in links, seat confirmations, cancellations) continue regardless of that setting.

Children

The Service is not intended for use by anyone under 18. We don't knowingly collect data from children. If you believe a child has provided us information, contact us and we will delete it.

Changes

Material changes to this policy will be posted on this page with a new “Last updated” date.

Contact

Questions or requests? Email [email protected].