Privacy Policy

Last updated: April 18, 2025

expensy.io ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use the expensy.io website (https://expensy.io) and our services (the "Service"). By accessing or using the Service, you consent to the collection and use of your information as described in this Privacy Policy.

1. Definitions

• "Operator" means expensy.io, a trading name of a sole trader based in the United Kingdom.
• "Service" means the receipt‑uploading, storage, and management platform offered via https://expensy.io and related applications.
• "Personal Data" means any information relating to an identified or identifiable individual.
• "User", "you" or "your" means any person using our Service.

2. Data Controller

The data controller responsible for your Personal Data is expensy.io, registered in the UK. Contact: [email protected].

3. Information We Collect

a. Information You Provide

• Account Information: name, email address, password.
• Receipt Images and Metadata: images of receipts, dates, amounts, vendor names.
• Payment Information: payment method details processed by our payment provider (we do not store full card data).
• Communications: messages and support requests you send.

b. Automatically Collected Information

• Usage Data: pages visited, features used, timestamps.
• Device & Log Data: IP address, browser type, OS, referral URLs.
• Cookies & Tracking Technologies: session cookies, analytics cookies (see Section 9).

4. How We Use Your Information

We use your Personal Data to:

1. Provide, maintain, and improve the Service.
2. Process payments and manage subscriptions.
3. Communicate updates, support, and marketing (with your consent where required).
4. Analyze usage patterns and diagnose technical issues.
5. Comply with legal obligations (e.g., tax record retention).

5. Legal Basis for Processing

Under the UK GDPR and Data Protection Act 2018, we process your data on these bases:

• Performance of a Contract: to deliver the Service you requested.
• Legitimate Interests: improving Service features and security.
• Legal Obligation: retaining financial records.
• Consent: for marketing communications.

6. Data Sharing and Disclosure

We may share your information with:

• Service Providers: payment processors, cloud hosting, analytics.
• Professional Advisors: legal, accounting, tax advisors under confidentiality agreements.
• Authorities: when required by law or to protect rights (e.g., court orders).

We do not sell or rent your personal data to third parties.

7. International Data Transfers

Your data may be processed in the UK or other jurisdictions. We ensure appropriate safeguards (e.g., Standard Contractual Clauses) for transfers outside the UK/EEA.

8. Data Retention

• Account Data: retained while your account is active and for 6 years thereafter to comply with UK tax rules.
• Transactional Records: retained for at least 6 years.
• Support Communications: retained as needed for service improvement.

9. Cookies and Tracking

We use cookies and similar technologies to enhance your experience and analyze usage. You can manage cookie preferences via your browser settings. For more details, see our Cookie Policy.

10. Your Rights

Subject to local law, you may have the following rights:

• Access: request a copy of your Personal Data.
• Rectification: correct inaccurate data.
• Erasure: delete your data (subject to legal retention requirements).
• Restriction: limit processing of your data.
• Portability: receive your data in a structured format.
• Object: object to processing based on legitimate interests.
• Withdraw Consent: for marketing communications.

To exercise these rights, contact us at [email protected].

11. Security

We implement reasonable technical and organizational measures to protect your data (e.g., encryption in transit and at rest, access controls). However, no system is completely secure.

12. Third-Party Links

The Service may contain links to external sites. We are not responsible for their privacy practices. Please review their policies separately.

13. Children’s Privacy

The Service is not directed at children under 16. We do not knowingly collect data from minors. If you believe we have inadvertently collected such data, contact us at [email protected].

14. Changes to This Policy

We may update this Privacy Policy. We will notify you by posting the revised policy at https://expensy.io/privacy with a new "Last updated" date.

15. Contact Us

If you have questions or concerns about this Privacy Policy, please contact:

expensy.io Support
[email protected]

End of Privacy Policy