Privacy Policy

1. Introduction

ExpensePro.ai ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our document processing service.

2. Information We Collect

2.1 Information You Provide

• Account information (name, email address)
• Documents you upload (receipts, invoices, statements)
• Payment information (processed securely via Stripe)
• Communication with our support team

2.2 Information from Third-Party Services

When you connect third-party services, we may receive:

• Google: Email address, name, email attachments (with your permission)
• QuickBooks: Company information, vendor/customer data, transaction history
• Google Drive: Selected files you choose to import

2.3 Automatically Collected Information

• Device and browser information
• IP address and general location
• Usage patterns and feature interactions

3. How We Use Your Information

We use your information to:

• Provide and improve our document processing services
• Extract data from your uploaded documents using AI
• Sync data with your connected accounting software
• Send service notifications and updates
• Process payments and manage your subscription
• Respond to your inquiries and provide support
• Detect and prevent fraud or abuse

4. Data Processing & AI

We use artificial intelligence (including OpenAI's GPT-4) to analyze and extract data from your documents. Your documents are:

• Processed securely and encrypted in transit
• Not used to train AI models
• Deleted from processing systems after extraction
• Stored only in your account for your access

5. Google API Data Usage

When you connect your Google account to ExpensePro, we access certain data through Google APIs. This section describes our use and protection of Google user data.

5.1 Gmail Data (gmail.readonly scope)

When you enable email scanning, we access your Gmail to:

• Read email metadata (sender, subject, date) to identify invoices and receipts
• Access email body content to extract vendor and document information
• Download PDF and image attachments containing financial documents

We do NOT:

• Send, modify, or delete any emails
• Access emails unrelated to invoices, receipts, or financial documents
• Store raw email content - only extracted financial data
• Share your email data with any third parties
• Use your email data for advertising or marketing purposes

5.2 Google Drive Data (drive.file scope)

When you import files from Google Drive, we access ONLY the specific files you select through Google's file picker. We cannot access any other files in your Drive.

• We read selected documents to extract financial data (invoices, receipts)
• File content is processed for data extraction only
• We do not modify or delete any files in your Google Drive

5.3 Google User Info

We access your Google profile information (email address, name) to:

• Create and manage your ExpensePro account
• Identify which Google account is connected
• Personalize your experience within the app

5.4 Revoking Google Access

You can disconnect your Google account at any time from the ExpensePro dashboard (Settings → Integrations → Email). You can also revoke access directly from your Google Account at myaccount.google.com/permissions. Upon disconnection, we stop accessing your Google data immediately.

5.5 Limited Use Disclosure

ExpensePro's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

6. Data Sharing

We do not sell your personal information. We may share data with:

• Service Providers: Cloud hosting, payment processing, AI services
• Connected Services: QuickBooks, Google (only with your authorization)
• Legal Requirements: When required by law or to protect our rights

7. Data Security

We implement industry-standard security measures including:

• SSL/TLS encryption for all data in transit
• Encryption at rest for stored data
• Regular security audits and monitoring
• Access controls and authentication requirements

8. Data Retention

We retain your data for as long as your account is active. Upon account deletion:

• Your documents and extracted data are permanently deleted within 30 days
• Backup copies are purged within 90 days
• Anonymized usage statistics may be retained

9. Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate information
• Delete your account and data
• Export your data
• Disconnect third-party integrations at any time
• Opt out of marketing communications

10. Cookies

We use essential cookies for authentication and session management. We do not use third-party advertising cookies.

11. International Transfers

Your data may be processed in countries outside your residence. We ensure appropriate safeguards are in place for any international data transfers.

12. Children's Privacy

Our Service is not intended for users under 18 years of age. We do not knowingly collect information from children.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or through the Service.

14. Data Controller

The data controller responsible for your personal data is:

15. Contact Us

For questions about this Privacy Policy or to exercise your rights, contact us at:

Email: [email protected]