Terms of Use & Privacy Policy

Terms of Use

1. Acceptance of Terms

By accessing and using the dividi application ("Application", "Service"), you ("User") agree to comply with and be bound by the following Terms of Use. If you do not agree with any part of these terms, do not use the Application.

The dividi service is provided by Jonathan da Silva Givisiez, an individual, also identified in the Privacy Policy as the controller of your personal data.

2. Description of Service

dividi is an application for managing, organizing, and splitting bills and purchases between users. The service allows you to:

• Track personal and shared expenses
• Split costs with another person fairly and transparently
• Track payment records (by you or by who shares the account) and balances in real time
• Register cards to organize expenses and purchases by card
• Associate purchases with registered cards and track monthly summaries of card-linked spending generated from records entered in the application
• Register installment purchases and recurring purchases linked to registered cards
• Receive reminders for pending bills via push notification on your device
• Add expenses by voice: speech recognition runs on your own device and the resulting transcription is sent to the dividi server so that an AI can automatically suggest description, amount, and category for your review before saving (feature available to Premium subscribers)
• Manage individual expenses and ditch manual spreadsheets

3. Registration and User Account

3.1 Registration Requirements – To use dividi, you need to create an account by providing: a valid email address and full name.

3.2 Account Responsibility – You are responsible for maintaining the confidentiality of your account and for all activities under your account. The Application is not intended for children under 13 years of age. If you are between 13 and 17 years old, you declare that you use the service with the prior verifiable consent of a parent or legal guardian, as detailed in the Privacy Policy; we may request proof when reasonably necessary.

3.3 Authentication – dividi may use link-based authentication sent via email and, when available, authentication through third-party identity providers such as Google and Apple. You are responsible for maintaining secure access to your email and any linked authentication accounts.

4. Appropriate Use of Service

It is expressly prohibited to: use the Application in a way that could damage it; attempt unauthorized access; transmit viruses or malware; violate intellectual property or privacy rights; use the service for fraud or illegal activities; reverse engineer or decompile the Application.

5. User Content

You retain all rights to the data you enter. By submitting content, you grant dividi a limited, non-exclusive, and revocable license to process, store, and display that content solely for the purpose of providing the service.

6. Intellectual Property

All content of the Application (design, layout, text, software, features) is the property of dividi or its licensors and is protected by Brazilian and international intellectual property laws.

7. Privacy and Data Protection

The processing of your personal data is described in the Privacy Policy below.

8. Service Availability

dividi is provided "as is" and "as available." We do not guarantee that the service will be uninterrupted, secure, or error-free. No online environment guarantees absolute security; we adopt reasonable technical and organizational measures to protect the service and data. We reserve the right to temporarily suspend access for maintenance.

9. Limitation of Liability

Use of the Application is at your own risk. You are solely responsible for the accuracy, integrity, and lawfulness of the information you enter and for how you use records in the Application. dividi shall not be liable for data loss, direct or indirect damages, lost profits, or financial disputes between users. dividi is an organizational tool: it does not perform financial transactions, does not intermediate payments or settlements between users, and does not act as an arbitrator or judge of disagreements regarding amounts, deadlines, settlements, or interpretation of entries. Any card-linked spending summaries or details displayed in the Application are generated from records entered by users and do not replace the official invoice issued by the financial institution, nor do they represent validation of limits, interest, fees, or other issuer data.

10. Modifications and Termination

We reserve the right to modify, discontinue, or change features of the Application. You may close your account at any time through settings or by contacting us. We may suspend or terminate your account in case of violation of these Terms, fraudulent use, abuse of the service, or activities that compromise the security or integrity of the platform or third parties.

11. Changes to Terms

We may update these Terms periodically. We will notify you of significant changes through the Application or by email. Continued use constitutes acceptance of the new terms.

12. Applicable Law and Jurisdiction

These Terms are governed by the laws of the Federative Republic of Brazil. The courts of the City of São Paulo, State of São Paulo, Brazil, shall have jurisdiction over disputes arising from these Terms, to the extent permitted by applicable law. Consumers domiciled in Brazil may bring actions in the courts of their domicile for claims they initiate, in accordance with the Brazilian Consumer Defense Code (Law No. 8.078/1990).

Privacy Policy

1. Introduction

This Policy describes how we collect, use, store, and protect your personal information. It complies with the LGPD (Law No. 13,709/2018) and the Brazilian Internet Civil Framework (Law No. 12,965/2014).

2. Data Controller

The controller responsible for the processing of your personal data is:

• Name: Jonathan da Silva Givisiez, individual
• Email: suporte@dividi.com.br

For more context about who operates dividi and the project behind it, see our About us page.

3. Information We Collect

Provided by you: full name, email, registered bills, amounts, categories, descriptions, shared account information, card organization data such as card nickname, issuing bank name provided by you, selected network, and visual theme, as well as the association of purchases or bills with those cards.

"Voice expense" feature: when you use the voice expense feature (available only to Premium subscribers), the audio captured by your device microphone is processed locally by the operating system (Apple Speech on iOS, Google Speech Recognition on Android) and converted to text. The raw audio is not sent to dividi nor stored. The resulting text transcription is sent over an authenticated, encrypted (TLS) channel to our Cloud Functions, where Google Cloud Vertex AI (Gemini model) is used solely to extract a structured suggestion of description, amount, category, due day and, when mentioned, the goal, card and responsible/payer member for the expense. To improve prefill quality, we send the AI only minimal metadata about the context of your active account (joint account member names, active goal names and your card nicknames/banks). You always review and confirm the prefilled fields before saving. To evolve the feature, we keep an encrypted at-rest copy of the submitted transcription and the AI structured response (without the audio) for 90 days, linked to your account; after that period the records are automatically deleted. These records are not used to train AI models, in accordance with our Google Cloud agreement, and we also keep an aggregated monthly counter of usage for quota and abuse prevention purposes.

Collected automatically: device type, operating system, app version, usage frequency, accessed features, viewed screens, in-app interaction events and technical installation and messaging identifiers (such as App Instance ID, push notification tokens and installation IDs, when applicable), as well as crash and error data (stack traces, crash logs), performance data (response times, performance metrics) and session recordings (replay) for diagnostics. For replay and diagnostic telemetry, we apply data minimization and, when available in the tool, masking, blocking, or anonymization of sensitive fields. Interaction events may include, for example, app opens, screen navigation, completed authentication, joint account creation, sharing invitations and acceptances, bill creation, transfers, goals, cards, notification opens, push permission changes, paywall views, purchases, subscription restores and forced update screen views. We use app integrity verification (App Check), which may involve device integrity signals provided by Apple (App Attest) or Google (Play Integrity) solely for security and prevention of unauthorized access. We do not collect location data.

We do not collect: sensitive banking data such as bank account number, branch number, balances, or bank statements; real card data such as full card number, CVV, expiration date, or payment credentials; application passwords. Authentication is performed through passwordless sign-in and/or third-party identity providers, when available; device contacts (unless you choose to share).

Product analytics limits: analytics events are limited to controlled technical and usage categories, such as account type, screen, entry point, plan type, action result and first-time usage indicators. We do not use Firebase Analytics to store email, name, free-form descriptions, card nicknames, account names, partner names or raw monetary amounts.

Sign in with Google: when you use “Continue with Google”, the Google permission screen may request access to your name, email, and profile photo. dividi uses only your name and email to identify your account; the profile photo is not used or stored by the application. This request appears because Google bundles these data in a single permission; it is not possible to request only name and email separately.

Sign in with Apple: when you use “Sign in with Apple”, Apple may share your name and email with dividi. Apple allows you to hide your real email using a private relay address; in that case, dividi will only receive the relay address. We use your name and email solely to identify your account.

4. Third-Party Services and Technologies Used

We use the following services for operation, security, and improvement of the application:

• Firebase (Google): authentication, data storage (Firestore), push notifications (Firebase Messaging), crash reports (Crashlytics), usage analytics (Firebase Analytics), remote feature configuration (Firebase Remote Config), backend function execution (Cloud Functions) and app integrity verification (Firebase App Check). App Check uses Apple (App Attest) and Google (Play Integrity) attestation services to ensure only the official application can access service resources. Firebase Analytics may collect usage events, accessed screens, engagement metrics and technical SDK identifiers to help us understand how the application is used, measure feature adoption, identify friction in the product journey and improve the experience, always with data minimization and without deliberate submission of free-form fields or raw financial values.
• Google Cloud Vertex AI (Gemini): used exclusively in the "Voice expense" feature (Premium) to interpret the text transcription sent to the server and return a suggested description, amount, and category. Only the text of the transcription is processed; the original audio is never sent. Per Google Cloud terms for Vertex AI, data sent to the service is not used to train Google AI models and is subject to the same security and privacy policies as the Google Cloud platform.
• Device speech recognition: the "Voice expense" feature uses the operating system's native speech recognition service (Apple Speech on iOS and Google Speech Recognition on Android), which may communicate with servers operated by the OS vendor in order to perform audio-to-text conversion. That processing is governed by Apple's and Google's privacy policies and occurs outside of dividi's control.
• RevenueCat: subscription management (Premium); payment is processed by the store (Apple App Store or Google Play). RevenueCat collects user identifiers, subscription status and purchase history for Premium feature access and subscription lifecycle management.
• Sentry: error monitoring, performance and application stability. Sentry may collect crash data (stack traces, logs), performance metrics (response times, execution profiles) and session recordings (interaction replay) for diagnostics, with minimization and, when supported by configuration, masking or suppression of sensitive data. This data may include personal information (such as user and device identifiers) linked to your account to facilitate issue identification and resolution.
• Local storage: user preferences (SharedPreferences), device information and version (package_info_plus, device_info_plus) for support and compatibility.

5. Legal Basis and Purposes

We process your data based on: contract performance (registration, authentication, account synchronization, bills, goals, cards, sharing and service provision, including Premium features such as "Voice expense"); consent (optional features, such as notification permissions and microphone/speech recognition permissions, when applicable); legitimate interest (security, fraud prevention, stability, usage measurement, voice feature quota control, aggregated feature adoption analysis and experience improvement); and compliance with legal obligations.

6. Information Sharing

When you share an account, the information in that account is visible to the users you shared it with. This may include expenses, payments, history, and, when applicable, the indication that those expenses were associated with a card registered by the user, according to the permissions granted. We share limited information with cloud providers (Google Cloud), email services, and analytics, all contractually required to protect your data. We never sell, rent, or trade your personal information.

7. International Data Transfer

To operate the service, your personal data may be transferred to and processed on servers located outside Brazil, including in the United States, through the following providers: Google (Firebase, Cloud Platform and Vertex AI), Sentry and RevenueCat. These transfers are carried out in accordance with Art. 33 of the LGPD and include appropriate contractual and technical safeguards to ensure the protection of your data, including encryption in transit and at rest and standard contractual clauses for data protection.

8. Storage and Security

Your data is stored on secure servers (Google Cloud Platform). We use encryption in transit (TLS/SSL) and at rest. No system guarantees absolute security; we adopt technical and organizational measures consistent with risk and with the LGPD. After account deletion, data is removed immediately from active systems. Backup copies may be retained for up to 30 days for technical and security reasons and are deleted within that period. We may retain data for longer only when required by law or regulation.

Joint account deletion: when the owner of a joint account deletes their dividi account, all data associated with that joint account (including bills, amounts and history) is permanently deleted for all members. Invited members have access according to the permissions granted by the owner and cannot delete another user's joint account.

Registered card deletion: when you delete a card registered in dividi, that card record is removed, but any expenses or bills previously linked to it remain stored and are only unlinked from the deleted card.

9. Your Rights (LGPD)

You have the right to: access, correction, deletion, portability, objection, and withdrawal of consent. To exercise these rights, contact us at suporte@dividi.com.br or through the application settings. We will respond within 15 days. To request account and data deletion, see the dedicated page with step-by-step instructions.

10. Use by Minors

dividi is not intended for children under 13 years of age; we do not knowingly collect data from that age group. If you are between 13 and 17 years old, you may use the service only with the prior verifiable consent of a parent or legal guardian, in accordance with Art. 14 of the LGPD. We may request information or documents reasonably necessary to confirm such consent. The processing of adolescents' data complies with Art. 14 of the LGPD and good practices for the protection of children and adolescents.

11. Changes and Contact

We may update this Policy periodically. We will notify you of significant changes through the Application or by email.