← Back to Squash the Beef
Privacy Policy
Last updated: April 18, 2026
This Privacy Policy explains what information Squash the Beef ("we," "us") collects, how we use it, and the choices you have. We try to be plain about this because we think you should actually understand it.
1. What we collect
Account information
- Name — the one you set at signup, shown to friends.
- Apple ID identifier — a stable, anonymous ID returned by Sign in with Apple.
- Email relay address — if Apple provides one. We use it only for account-related notices, never marketing.
- Phone number — when you add it to your profile, so friends can find you.
Usage information
- Beefs you file and receive — reason, amount, counterparties, timestamps, status.
- Friend connections — the list of accounts you've added as friends.
- Device push notification token — so we can alert you when something happens.
- Audit log entries — security-relevant events (logins, account deletions, refund actions) retained for fraud prevention.
Payment information
When you send or receive money, the actual card/bank details are handled by Stripe. We never see, store, or log your card number. We receive only the transaction ID, amount, status, and a Stripe customer reference.
What we do not collect
- Your contacts. When you tap "pick from contacts" we read the one contact you select; we never upload your address book.
- Location data. We don't ask for it and don't use it.
- Cross-app tracking. We don't use Apple's AppTrackingTransparency framework and we don't use third-party advertising SDKs.
- Your messages or anything outside the app.
2. How we use what we collect
- To provide the core service — let you add friends, file beefs, send and receive payments.
- To send push notifications about activity on your account.
- To detect and prevent abuse, fraud, and policy violations.
- To comply with legal obligations.
We do not sell your data. We don't share it with advertisers. We don't use it to profile you across other apps or sites.
3. Third parties we use
We use a small set of service providers. They process data only on our behalf and under contract.
- Apple — Sign in with Apple, Push Notifications, App Store billing.
- Stripe — payment processing. Subject to Stripe's privacy policy.
- Twilio — SMS invites to non-users and opt-out handling. Subject to Twilio's privacy policy.
- Railway — application hosting.
- Sentry — error monitoring. We do not send personal data in error reports.
4. SMS invites
When you invite a friend who isn't yet on Squash, we send them a one-time SMS with an install link. We store their phone number only if they accept the invite and create an account. If they reply STOP, we honor the opt-out permanently and will not send them any further messages.
5. Data retention
- Account and beef history: retained while your account is active.
- Audit log: retained for up to 12 months after the event.
- Deleted accounts: personal data is purged within 30 days. Financial records that we're legally required to retain (for tax and anti-fraud purposes) are kept for the legally required period and then deleted.
6. Your rights
- Access your data — email support@squashthebeef.net.
- Delete your account — in-app: Settings → Delete Account. This is immediate and irreversible.
- Correct information — update your name and phone number in Settings.
- Export your data — email support and we'll send you a machine-readable copy within 30 days.
- Opt out of SMS — reply STOP to any invite message.
California residents: You have the right to know what personal information we collect, to request deletion, and to not be discriminated against for exercising those rights. Squash the Beef does not sell personal information.
EU/UK residents: We process personal data on the legal basis of contract (providing the service you signed up for) and legitimate interest (security, fraud prevention). You have the rights of access, rectification, erasure, restriction, portability, and objection under GDPR/UK GDPR. Contact us at support@squashthebeef.net.
7. Children
Squash the Beef is rated 17+. It is not directed to children under 13 and we do not knowingly collect personal information from children under 13. If we learn we have, we will delete it.
8. Security
We encrypt data in transit (TLS). Payment data is handled exclusively by Stripe on PCI-compliant infrastructure. We don't store card numbers. Access to production systems is restricted and logged.
No system is perfectly secure. If you suspect your account has been compromised, email support@squashthebeef.net.
9. Changes
If we materially change this policy, we'll notify you in the app and update the "Last updated" date above. Continued use after a change means you accept the revised policy.
10. Contact
Questions, data requests, or concerns: support@squashthebeef.net