Skip to content
yummypear

Terms & Privacy

Last updated: May 20, 2026

Terms of Service

1. Acceptance of Terms

By accessing or using yummypear.com ("the Service"), you agree to be bound by these Terms of Service. If you do not agree to these terms, do not use the Service.

2. Description of Service

yummypear is a free, web-based tool that helps groups split restaurant and store receipts. You upload a photo of a receipt, which is processed by artificial intelligence to extract line items, and then share a link so others can claim the items they ordered and see what they owe.

The Service does not require an account, login, or payment. Receipt parsing is performed by a third-party AI service (Google Gemini) and results are stored on Cloudflare infrastructure.

3. User Conduct

You agree not to:

  • Upload illegal, fraudulent, or harmful content
  • Upload images containing sensitive personal information beyond what appears on a typical receipt (e.g., Social Security numbers, medical records)
  • Attempt to circumvent rate limits, bot protection, or other security measures
  • Use the Service to harass, deceive, or harm others
  • Use automated tools to scrape or abuse the Service

4. User Content

You retain ownership of any images and data you upload. yummypear does not claim ownership of your content. By uploading a receipt image, you grant yummypear a limited license to process the image through third-party AI services for the purpose of extracting receipt data, and to store and display both the extracted data and the uploaded receipt image to users who have the receipt link. If you upload a profile photo, you grant yummypear a limited license to store and display that photo where your profile is already visible in the Service.

Receipt images are sent to Google's Gemini API for processing and are also stored by yummypear on private Cloudflare infrastructure for the lifetime of the receipt so viewers with the receipt link can reference the original photo.

5. Receipt Sharing & Access

Receipts are accessible to anyone who has the receipt link. This includes the parsed receipt data and, when available, the stored receipt photo. You are responsible for sharing links only with intended recipients. The person who uploads a receipt is automatically recognized as the owner through their browser session and can edit or delete the receipt. You may register a passkey so you can manage your receipts from multiple devices.

6. Disclaimers

The Service is provided "as is" and "as available" without warranties of any kind, whether express or implied.

Specifically:

  • AI-powered receipt parsing may produce errors. Always verify the extracted amounts against your original receipt.
  • Split calculations are approximate and based on the data extracted. yummypear is not responsible for inaccurate splits.
  • The Service is not financial, tax, or legal advice.
  • Availability is not guaranteed. The Service may be modified, suspended, or discontinued at any time.

7. Limitation of Liability

To the fullest extent permitted by law, the operator of yummypear shall not be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits or revenue, whether incurred directly or indirectly, or any loss of data, arising from your use of the Service.

Because the Service is provided free of charge, the total liability of the operator for any claim arising from these terms or the Service is limited to zero dollars ($0).

8. Changes to These Terms

These terms may be updated from time to time. The "Last updated" date at the top of this page will be revised accordingly. Continued use of the Service after changes constitutes acceptance of the revised terms.

9. Governing Law

These terms are governed by and construed in accordance with the laws of the United States. Any disputes arising from these terms or the Service shall be resolved in accordance with applicable U.S. law.

10. Contact

For questions about these terms, please email hi@yummypear.com.

Privacy Policy

1. Overview

yummypear is designed to be privacy-friendly. The Service does not require accounts, does not run analytics or advertising scripts, and does not process payments. This policy explains the limited data that is collected and how it is used.

2. Information We Collect

Receipt images. When you upload a receipt photo, the image is sent to Google's Gemini API for AI-powered text extraction and stored by yummypear in private Cloudflare R2 object storage. The stored photo is shown to anyone with the receipt link so they can reference the original receipt.

Parsed receipt data. The structured data extracted from your receipt (merchant name, item names, modifier/detail lines, quantities, prices, tax, tip, and total) is stored in a Cloudflare D1 database so that it can be displayed to anyone with the receipt link.

Display names. When you claim items on a receipt, you may enter a display name. This name is stored alongside your claim. It is not linked to any real identity or account.

Profile photos. If you upload a profile photo, yummypear stores a resized copy in private Cloudflare R2 object storage. The photo is shown to people who can already see your profile on receipts, tabs, or notifications involving you.

Guest sessions. When you first use the Service, a session is created automatically and a secure cookie is set in your browser. This session associates you with receipts you created or claims you made, without requiring an account or login. Sessions are not linked to your real identity.

Passkey credentials. If you choose to register a passkey for persistent access, the Service stores your credential's public key and a signature counter. Your biometric data (fingerprint, face scan, etc.) never leaves your device and is never sent to yummypear.

IP addresses. Your IP address is used by Cloudflare for rate limiting to prevent abuse. IP addresses are not stored in the yummypear database.

Push notification subscriptions. If you enable push notifications, the Service stores the subscription details your browser provides: a push endpoint URL (a long opaque address pointing at your browser vendor's push service), two short encryption keys generated by your browser (so only your device can decrypt the notifications), a short device label derived from your browser's user agent (e.g. "iPhone", "Chrome on Mac"), and the timestamp of your most recent check-in. Notification content includes the name of the person who took the action (display name as it appears in yummypear, not a real-world identity), the amount in question for settlements and tab balances, and the receipt or tab name. If you do not want this content visible on a locked screen, both iOS and Android offer a system setting to hide notification previews unless the device is unlocked. You can disable push for the current device from the profile page.

3. How We Use Information

All information collected is used solely to provide the receipt-splitting service:

  • Processing receipt images to extract line items
  • Storing and displaying parsed receipt data
  • Storing and displaying the uploaded receipt photo to users with the receipt link
  • Associating claims with display names
  • Displaying profile photos where your profile is visible
  • Delivering push notifications about activity on receipts and tabs you participate in, if you opt in
  • Preventing abuse through rate limiting and bot protection

We do not sell, rent, or share your information with third parties for marketing or advertising purposes.

4. Third-Party Services

The Service relies on the following third-party providers:

  • Google Gemini API — receipt images are sent to Google for AI-powered text extraction. Google's use of this data is governed by Google's Privacy Policy.
  • Cloudflare — provides hosting, content delivery, database storage (D1), object storage (R2), and bot protection (Turnstile). Cloudflare's use of data is governed by Cloudflare's Privacy Policy.
  • Google Fonts — fonts are loaded from Google's servers. See Google Fonts Privacy.
  • Browser push services — if you enable push notifications, encrypted notifications are routed through your browser vendor's push service: Apple Push Notification service (Safari, iOS PWA), Firebase Cloud Messaging (Chrome and most Chromium browsers), Mozilla Push (Firefox), or Windows Notification Services (Microsoft Edge on Windows). yummypear does not choose which service is used; your browser does. Notification payloads are encrypted end-to-end between yummypear and your browser, so the push service cannot read the content. Each vendor's privacy practices govern their handling: Apple, Google, Mozilla, Microsoft.

5. Cookies & Local Storage

Cookies: yummypear sets a session cookie to identify your browser session. This cookie is HttpOnly, Secure, and persists for one year. Cloudflare may set additional strictly necessary cookies for security and bot protection purposes. No cookies are used for analytics, advertising, or tracking.

Local storage: The Service stores the following in your browser's local storage:

  • Claim tokens for receipts you participated in
  • Your display name (pre-fills the name field on return visits)
  • A list of your recent receipts (for the "Recent receipts" section on the home page)

You can clear this data at any time by clearing your browser's local storage or site data for yummypear.com. Note that clearing cookies will end your session and you will lose the ability to manage receipts you previously created, unless you have registered a passkey.

6. Data Retention

Parsed receipt data and stored receipt photos are retained for the lifetime of the receipt unless deleted by the receipt owner. There is currently no automatic expiration period. We reserve the right to introduce automatic data retention limits in the future.

Profile photos are retained until you remove them, or until the underlying profile is deleted or merged into another profile. Browser caches may keep a previously loaded photo briefly after removal.

Push subscriptions you no longer use are deleted automatically: 60 days after the device last checks in, or 7 days after you disable push for that device.

7. Data Security

All data is transmitted over HTTPS. Session tokens are hashed using SHA-256 before being stored in the database, so they cannot be recovered from stored data. If you register a passkey, your biometric data never leaves your device — only a public key is stored on our servers. Infrastructure is managed by Cloudflare, which maintains industry-standard security practices.

However, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.

8. Children's Privacy

The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children. Because the Service is anonymous and does not require accounts, it does not collect the type of personal information typically associated with children's privacy concerns.

9. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with rights regarding your personal information. Because yummypear is anonymous by design and does not collect personal information tied to identifiable individuals (no accounts, no email addresses, no persistent identifiers linked to real identities), the Service's data practices result in minimal CCPA obligations.

If you believe yummypear holds data related to you and wish to exercise your rights to know, delete, or opt out, please contact us using the information below.

10. Changes to This Policy

This Privacy Policy may be updated from time to time. The "Last updated" date at the top of this page will be revised accordingly. Continued use of the Service after changes constitutes acceptance of the revised policy.

11. Contact

For privacy-related questions or requests, please email hi@yummypear.com.