Split

User Privacy Policy Last Updated: 2 March 2026 Your privacy is of the utmost importance to us. This User Privacy Policy (“Privacy Policy”) sets out how G & H TRANS LOGISTIC LLC, a company registered in the Republic of Armenia, operating the SPLIT digital payment platform under the trade name “SPLIT” (hereinafter “SPLIT” or “we”) collects, receives, uses, and discloses information about you when you engage or interact with the User Services as defined User Terms of Service, including while ordering and receiving catering or hospitality services from a merchant that uses SPLIT (a “Merchant”). We will update this Privacy Policy from time to time to reflect any changes or proposed changes to our use of your personal data, or to comply with changes in applicable law or regulatory requirements. We encourage you to review this Privacy Policy periodically to keep up to date on how we use your personal data. If we update this Privacy Policy, we will update the effective date at the top of the page. Section 1 – Purpose of this Privacy Policy This Privacy Policy explains our approach to any personal data that we might receive, use, and disclose about you, whether we collect it from you or obtain it from a third party, and the purposes for which we process your personal data. This Privacy Policy also sets out your rights in respect of our processing of your personal data. When we talk about “personal data”, we mean any information which relates to an identified or identifiable living individual. Individuals might be identified by reference to a name, an identification number, location data, an online identifier (such as an IP address) or to other factors that are specific to them, such as their physical appearance. This Privacy Policy is intended to assist you in making informed decisions when using the User Services. Please take a moment to read and understand it. It should be read in conjunction with our User Terms of Service. This Privacy Policy only applies to the use of your personal data obtained by us, whether from you directly or from a third party. It does not apply to personal data collected by third parties during your communications with those third parties or your use of their products or services (for example, where you follow links to third party websites over which we have no control, or you purchase goods or services from those third parties). Section 2 – About us and how to reach us The User Services are made available by G & H TRANS LOGISTIC LLC, registered in the Republic of Armenia (Address: Mamikonyants 50, 0052, Yerevan). If you have any questions about this Privacy Policy or want to exercise your rights as a data subject set out in this Privacy Policy, you can contact us at armankarapetyan@splitapp.info. For the purposes of the Law of the Republic of Armenia on Personal Data Protection (2015), G & H TRANS LOGISTIC LLC (operating as SPLIT) acts as the Data Controller. Section 3 – What personal data we receive We may collect and process different types of personal data about you for different processing purposes. The types of personal data we collect depends on how you use the User Services and includes the following: Profile and Contact Information We receive email address when you sign up to receive your online receipt, which may include name. We may link this information to the different devices or accounts you use when you interact with the User Services. Email address may be used for marketing purposes and sending out updates on SPLIT. Device Information We receive information about the phones and other devices you use when you use or interact with the User Services, including IP address (which is NOT used to collect geolocation data), device identifiers, cookie IDs, the browser you use, your network connection, or other unique identifiers or device information. Payment information We receive only payment result identifiers and status confirmations. SPLIT does not store or process raw cardholder data, such as card numbers (PAN), CVV, or expiry dates; these are handled exclusively by Ameria Bank's secure hosted checkout. Transaction Data We collect transaction-specific data including table tokens, split/payment selections, payment provider transaction references, and idempotency markers to prevent duplicate processing. Settings and Privacy Preferences We receive information about your settings and preferences, as well as information about your browser and device privacy settings. Communication with SPLIT We receive information, including message and email content, when you communicate with SPLIT (such as for customer support inquiries, taking surveys, participating in promotions or research). Section 4 – How we collect and receive personal data We collect and receive personal data using different methods: Personal data you provide to us You may give us your personal data directly, for example, when you use the User Services, complete forms on our website or provide feedback to us. Personal data we collect using cookies and other similar technologies When you access and use the User Services, we will collect certain personal data. We collect this personal data by using cookies and other similar technologies (see our cookie policy). When you use certain payment methods (ApplePay or GooglePay), we may collect your email address if it’s attached to it. Cookies are used for Security (CSRF protection), session management, and remembering your language/locale preferences. Personal data received from third parties We may receive limited personal data from service providers required to operate SPLIT, such as payment status and transaction identifiers from Ameriabank and POS check/payment-application data from iiko via our POS bridge. We do not receive personal data from third-party directories or data brokers. Section 5 – How we use your personal data Purpose / Activity Lawful basis for processing including basis of legitimate interest Provision, improvement, and personalization of the User Services and your experience: To provide you with a personalized experience, including delivering online receipt upon request, offering easy payment options, processing the payment flow, and managing split and session logic, as well as improving the User Services. Contractual Necessity (performance of the user agreement between you and SPLIT) Legitimate Interests. If Contractual Necessity is not applicable, we have a legitimate interest in providing a good service Perform product research and development. To develop, test, and improve the User Services, including troubleshooting our products and services, developing or improving the User Services, and analysing your use of and interactions with the User Services Necessary for our legitimate interests to develop our business and improve the customer journey. Advertise, market and promote SPLIT: To market, advertise, and promote SPLIT services, including for personalized communications or advertisements relating to the SPLIT services. Consent or Necessary for our legitimate interests to develop our business and improve the customer journey. Communicate with you. To communicate with you about the User Services, including about product updates, your account, and changes to our policies and terms. We also use your information to respond to you when you contact us. Consent or Necessary for our legitimate interests to develop our business and improve the customer journey Authentication, Integrity, Security, and Safety, including the prevention of duplicate payments and operational troubleshooting. To authenticate your account, provide a secure payment and user experience, and to detect, investigate, and prevent malicious conduct, fraudulent activity or unsafe experiences, address security threats, protect public safety, and secure the User Services for you and the Merchants. Necessary for our legitimate interests to detect or prevent fraudulent activities. Security, Safety, and Dispute Resolution. To protect the rights, property, and safety of SPLIT, our Merchants, and their staff. This includes assisting Merchants in resolving payment disputes, investigating violations of our Terms (such as non-payment or “walkouts”), and addressing security incidents or harassment. Legitimate Interests. We and our Merchants have a legitimate interest in ensuring services are paid for, protecting business assets, and maintaining a safe environment for staff and guests. Legal reasons. To comply with applicable law or respond to valid legal process, including requests from law enforcement or government agencies, to investigate or participate in civil discovery, litigation, or other adversarial legal proceedings, and to enforce or investigate potential violations of our terms or policies. Legal obligations Section 6 – If you fail to provide your personal data If you fail to provide personal data when we request it, we may not be able to provide you the products and services you have requested from us. Section 7 – How we obtain your consent Where our use of your personal data requires consent, you can provide such consent at the time we collect your personal data following the instructions provided. Marketing consent is obtained on an 'opt-in' basis and will never be pre-checked. Section 8 – Third-party links This Privacy Policy only applies to personal data processed by us through your use of our website and/or in connection with our business operations. However, from time to time, our website may contain links to third-party websites and services. We have no control over these websites and services and this Privacy Policy does not apply to your interaction with the relevant third parties. When you use a link to go from our website to another website (even if you don’t leave our website) or you request a service from a third party, your browsing and interactions on any other websites, or your dealings with any other third-party service provider, is subject to that website’s or third-party service provider’s own rules and policies. We do not monitor, control or endorse the privacy practices of any third parties. We encourage you to become familiar with the privacy practices of every website you visit or third-party service provider that you use in connection with your interaction with us and to contact them if you have any questions about their respective privacy notices and practices. Section 9 – Sharing personal data At SPLIT, we respect your privacy and do not sell your personal data to third parties. When processing your information, we share it only with a limited number of service providers necessary to operate our services, as set out in the table below. Third-party Service Providers We may share your personal data with third party service providers to: provide you with the User Services; to provide technical support. Payment Service Providers Payments are processed through Ameriabank via a hosted checkout. These providers may use your payment data in accordance with their own professional privacy standards. POS Integration Partners We utilize the iiko POS system and the Split bridge plugin to synchronize transaction data. Please note that once data is synchronized with a restaurant’s iiko system, it is further governed by that specific merchant’s privacy practices. Communication Providers We may share limited contact information with our SMTP providers solely for the delivery of transactional receipts and essential service communications. Merchants & Partners (Security & Legal) We may share your contact details and transaction history with a Merchant if you are involved in a payment dispute, security incident, or violation of terms at their venue. This allows the Merchant to resolve the issue directly or take necessary legal action. Review & Feedback Platforms If a restaurant enables the review flow, you may be redirected to Google Reviews. Subsequent data processing is governed by Google’s privacy policy. Our primary backend infrastructure and databases are hosted in Frankfurt, Germany. Depending on the specific configuration of our infrastructure, personal data is predominantly processed within the European Union. However, the global nature of our service requires that data be shared with certain partners in other jurisdictions. Specifically, Payment Service Providers and POS Integration Partners (such as Ameriabank and iiko) may process data within Armenia or other regions where they maintain operations. Where personal data is transferred outside of the EU or the Republic of Armenia, we rely on appropriate safeguards in accordance with applicable data protection laws. We take all reasonable and necessary steps to ensure that your personal data is treated securely and with an adequate level of protection, regardless of where it is processed. Section 10 – How long we keep your personal data We retain personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for compliance purposes. Specifically, our retention periods are governed by the following criteria: Transaction & Payment Data: Operational records and payment details are retained in accordance with Armenian accounting and legal standards to facilitate audits, reconciliations, and dispute resolutions. System & Security Logs: Infrastructure logs (including IP addresses and technical request data) are retained temporarily to ensure the security, stability, and operational monitoring of the SPLIT platform. Marketing Data: If you have opted-in to receive communications, your data is retained until you withdraw your consent or until the account is deemed inactive according to our internal periodic review. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Section 11 - Confidentiality and security of your personal data We are committed to keeping the personal data you provide to us secure and we have implemented information security policies, rules and technical measures to protect the personal data under our control from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss. In addition, all our employees and data processors (i.e. those who process your personal data on our behalf) are obliged to respect the confidentiality of the personal data of all users of our website and those who purchase our products and services. We implement appropriate technical and organizational measures, including: Encryption in transit (TLS) Role-based access control Restricted database access Service account isolation Monitoring and audit logging Rate limiting and abuse prevention Section 12 – Personal data of minors We do not intentionally gather personal data from users who are under the age of 18. If we learn that a child under the age of 18 has submitted personal data to SPLIT, we will attempt to delete such data as soon as possible. If you believe that we might have any personal data from a child under 18, please contact us at armankarapetyan@splitapp.info Section 13 – Data Breach Notification In the event of a personal data breach, we will notify affected individuals and competent authorities where required by applicable law. Section 14 – Your rights as a data subject You may ask us to take the following actions in relation to your personal data that we hold: Access. Provide you with information about our processing of your personal data and give you access to your personal data. Correct. Update or correct inaccuracies in your personal data. Delete. Delete your personal data where there is no good reason for us continuing to process it – you also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below). Transfer. Transfer a machine-readable copy of your personal data to you or a third party of your choice. Restrict. Restrict the processing of your personal data, for example if you want us to establish its accuracy or the reason for processing it. Object. Object to our processing of your personal data where we are relying on Legitimate Interests – you also have the right to object where we are processing your personal data for direct marketing purposes. Withdraw Consent. When we use your personal data based on your consent, you have the right to withdraw that consent at any time. The right to lodge a complaint: You have the right to lodge a complaint with the Personal Data Protection Agency of the Republic of Armenia , the Armenian supervisory authority for data protection issues (https://pdpa.am/en). Exercising These Rights: You may submit these requests by email to armankarapetyan@splitapp.info. Under Armenian law, SPLIT has to respond to rights requests within 10 business days. We may request specific information from you to help us confirm your identity and process your request. Whether or not we are required to fulfil any request you make will depend on a number of factors (e.g., why and how we are processing your personal data), if we reject any request you may make (whether in whole or in part) we will let you know our grounds for doing so at the time, subject to any legal restrictions.