Privacy Policy
This Privacy Policy describes how SplitGoGo, a TripGoGo product, collects, uses, and shares personal data. SplitGoGo serves two audiences: visitors and prospects on this website, and engineering teams that integrate with our API on behalf of their own users. The way we handle data differs between the two; both are covered below.
1. Who is responsible
TripGoGo is the controller of personal data submitted through this website (for example, demo-request forms). For personal data that a Customer sends to us through the API on behalf of its end users, the Customer is the controller and SplitGoGo acts as a processor under the Data Processing Addendum.
2. What we collect
- Contact details you give us — name, email address, company, and any message body submitted through the demo-request form.
- Account and integration data — tenant name, API key labels and scopes, and audit records of significant actions taken through the API.
- Usage data — request method, path, response status, latency, and a hashed approximation of the source IP, retained for operational diagnostics and abuse prevention.
- End-user data sent by a Customer — participants, transactions, splits, and balances, processed on the Customer’s behalf in line with the DPA.
3. How we use it
We use personal data to:
- operate, secure, and improve the service;
- respond to enquiries and provide support;
- send service-related communications (we do not send marketing email without consent); and
- comply with legal obligations.
4. Legal bases
Where the GDPR applies, we rely on the following bases: performance of a contract (when we provide the service to a Customer); legitimate interests (to operate, secure, and improve the service); consent (where required, for example for non-essential cookies); and compliance with a legal obligation.
5. Sharing
We do not sell personal data. We share it only with vetted subprocessors that help us run the service (hosting, error tracking, transactional email), with our professional advisers, and where required by law. The current list of subprocessors is available on request through privacy@splitgogo.com.
6. Retention
Account and integration data are kept for the life of the account. Demo requests are kept for up to twenty-four months unless the requester asks us to delete them sooner. End-user data sent by a Customer is retained in line with the Customer’s instructions and the DPA, and is deleted or returned within a reasonable period after termination.
7. Security
We maintain technical and organisational measures appropriate to the risks presented by our processing, including encryption in transit, hashed storage of secrets, tenant-scoped access controls, and an immutable audit trail of significant actions.
8. Your rights
Subject to applicable law, you have the right to access, correct, or delete the personal data we hold about you, to object to or restrict certain processing, and to data portability. Requests can be sent to privacy@splitgogo.com. When SplitGoGo acts as a processor on behalf of a Customer, please direct requests to that Customer; we will assist them in responding.
9. International transfers
Personal data may be processed in countries outside your own. Where transfers are made out of the European Economic Area, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses.
10. Changes and contact
We will post any updates to this Policy on this page, with a revised “Last updated” date. Questions about this Policy can be sent to privacy@splitgogo.com.