Privacy Policy

Data We Collect

When you use xPensi, we collect the following information to provide and improve our expense management services:

• Account information: Name, email address, and company or team name
• Subscription and billing details: Plan type, payment method, and billing history
• Expense data: Amounts, dates, categories, descriptions, and approval statuses submitted through the platform
• Receipt images: Photos or scanned documents uploaded for expense verification
• Usage data: Feature interactions, session duration, and device type to improve the product experience
• Team structure: Roles, permissions, and reporting relationships within your organization

We do not collect data unrelated to your use of the platform, and we never sell your information to advertisers.

How We Use Data

We use the data we collect to:

• Process and manage expense reports and reimbursement requests
• Provide receipt scanning and automatic categorization
• Enable approval workflows between team members and managers
• Generate spending reports and analytics for your team
• Send transactional notifications (approvals, rejections, reimbursement status)
• Maintain platform security and prevent fraudulent activity
• Improve our services based on aggregated, anonymized usage patterns

We retain your data for as long as your account is active. After account deletion, expense records are retained for 90 days to support any pending reimbursements, then permanently removed.

Receipt & Expense Data

Receipt images and expense details are central to how xPensi works. Here is how we handle them:

• Storage: Receipt images are stored securely in encrypted cloud storage. Expense records are stored in our production database with encryption at rest.
• OCR processing: When you upload a receipt, our optical character recognition system extracts merchant name, amount, date, and line items. This processing happens on our servers and the extracted data is stored alongside your expense entry.
• Access controls: Only you, your designated approvers, and team administrators can view your expense data. We enforce role-based access at every level.
• Data export: You can export all your expense data and receipt images at any time from your account settings.
• Deletion: When you delete an expense entry, the associated receipt image and extracted data are permanently removed within 30 days.

Third-Party Services

We use a limited number of third-party services to operate the platform:

• Cloud infrastructure: Our servers and data storage run on industry-standard cloud providers with SOC 2 compliance.
• Payment processing: Subscription payments are handled by Stripe. We never store your full credit card number.
• Email delivery: Transactional emails (notifications, approvals) are sent through a secure email service provider.
• Error monitoring: We use crash reporting tools to identify and fix bugs. These reports do not contain your expense data or receipt images.

We do not share your expense data, receipt images, or financial information with any third party for marketing or advertising purposes.

Your Rights

You have the following rights regarding your data:

• Access: Request a copy of all data we hold about you and your team
• Correction: Update or correct inaccurate information in your account
• Deletion: Request permanent deletion of your account and all associated data
• Export: Download your expense history, receipt images, and reports in standard formats
• Restriction: Ask us to limit how we process your data while a concern is resolved
• Objection: Opt out of non-essential data processing such as anonymized analytics

To exercise any of these rights, contact us at privacy@xpensi.app. We respond to all requests within 30 days.