Privacy Policy

LAST UPDATED: December 12, 2023

At XPENSES, we respect your privacy and are committed to protecting it. Every company has a privacy policy, but when it comes right down to it, we want you to understand how we protect your privacy and to know what data we collect and how we use it. So let’s get to it.

Overview

This policy describes the types of information Xpenses (“XPENSES”, “Company” or “We”) may collect from you or that you may provide when you visit and utilize the software available through our apps, software, and the website xpenses.app (collectively, our “Website“). This includes our practices for collecting, using, maintaining, protecting, and disclosing that information and the basis for doing so.

This policy applies to information we collect on the Website, in email, text and other electronic messages between you and this Website and, through mobile and desktop applications you download from this Website or other services (such as the iOS App Store or Google Play Store), which provide dedicated non-browser-based interaction between you and this Website.

We reserve the right to make changes to this privacy policy at any time by giving notice on this page and/or within this Application and/or sending a notice to you via any contact information available to us. It is strongly recommended to check this page often, referring to the date of the last modification listed at the top.

Collection and Use of Personal Data

XPENSES relies on a number of legal bases to collect, use, share, and otherwise process the information we have about you for the purposes described in this Privacy Policy. Generally, this includes analytics, user database management, managing support and contact requests, transaction aggregation, hosting and backend infrastructure and infrastructure monitoring.

We process data:

  • in order to provide the services and fulfill our obligations pursuant to the Terms of Service. For example, we cannot provide our services without an email address to sign into your account, conduct customer support, or send educational materials; we cannot provide the service without users providing financial information on which a budget is based;
  • where necessary to comply with a legal obligation, a court order, or to exercise and defend legal claims;
  • to protect your vital interests, or those of others, such as in the case of emergencies;
  • where you have made the information public;
  • where necessary in the public interest;
  • where necessary for the purposes of XPENSES’s or a third party’s legitimate interests, such as those of visitors, members or partners;
  • where you provide consent (for example, to join email mailing lists).

We also process your data based on our legitimate interest in:

  • providing a quality service and in improving that service;
  • ensuring the services are secure;
  • protection against fraud, spam and abuse, etc.;
  • understanding how clients and visitors interact with our websites and services, so that we can continuously improve the experience and effectiveness of doing so.

Categories of data we collect

We collect information about you, including information that directly or indirectly identifies you, through your use of XPENSES. We do so:

  • when you provide the information, through filling out forms or otherwise providing information on our websites and apps;
  • when we connect to your financial institutions in order to retrieve transaction data on your behalf;
  • when you use location services to record transactions in our mobile apps;
  • when you correspond with us to receive customer support via email or chat.

This includes:

  • Your email address that you provide to us as a username, or that is provided to us by your social media account(s) if you use those for sign-in.
  • Your IP address when you interact with our website and apps.
  • When you choose to directly link financial accounts to XPENSES, your login credentials (including usernames and passwords) for the accounts you link to our services, account security and/or challenge questions for those accounts, and other information  (including account names, balances, transactions and holdings).
  • Your location when you record a transaction in our mobile applications and have previously activated location services.
  • Records and copies of your correspondence (including email addresses different than that used to establish your account), if you contact us.
  • Your responses to surveys that we might ask you to complete for research purposes.
  • Details of transactions you carry out through our Website and of the fulfillment of your orders. You may be required to provide financial information before placing an order through our Website.
  • Information that you provide by filling in forms on our Website. This includes information provided at the time of registering to use our Website, subscribing to our service, or requesting further services. We may also ask you for information when you enter a contest or promotion sponsored by us, and when you report a problem with our Website.
  • To provide you with customer support or service offerings, including responding to and resolving your inquiries and requests via email or text-based chat. When you request assistance from our customer support team with respect to importing third-party financial account data, to allow a customer support representative to review a limited amount of data from your accounts, including account names and recent transactions for the sole purpose of facilitating technical implementation of the account aggregation services. When asked to do so by you, our customer support representative may utilize that transaction data on your behalf in interactions with third-party financial account providers intended to facilitate implementation of requested account aggregation within our services.

Cookies & technical data

XPENSES collects information as visitors and clients browse and interact with the website and/or apps. For more details on how XPENSES uses cookies, please see our Cookie Policy.

Here are a few things to note:

  1. We do not sell users’ data. (And we never have!)
  2. Cookies help us improve your experience, like keeping you logged in or remembering certain preferences.
  3. Cookies help us analyze our site usage and improve our marketing, like not showing ads to current customers.
  4. If you wish, you can opt-out of cookies, or opt-out of specific types of cookies in the Cookie Consent Manager.

Recipients of personal data

We do not sell users’ data. (And we never have!)

We share data to fulfill the purposes for which you provide it; to enforce or apply our Terms of Service, including billing. We may disclose or transfer personal information that we collect or you provide as described in this privacy policy:

  • To contractors, service providers, and other third parties we use to support our business, in particular providing infrastructure and analytics services, and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
  • With respect to aggregating your banking and other financial accounts, you or we will transmit your account credentials to third-party aggregation partners, who will use them to link, gather and maintain your account balances, transactions, and holdings used to provide our services.
  • By utilizing transaction aggregation services, you acknowledge and agree to the terms of the respective privacy policies of those partners ( MX , Plaid , TrueLayer ), and you expressly grant aggregation partners the right, power, and authority to access and transmit your information as reasonably necessary to provide the Services to you. Note that when you link your account through TrueLayer, we will transmit your email address in order for TrueLayer to comply with regulatory requirements, per their privacy Policy.
  • To the extent that any user previously utilized account linking and aggregation services through the service provider Quovo, Inc., you expressly authorize Quovo, Inc. to transmit any information or data arising out of those services to Plaid, subsequent to the acquisition of Quovo by Plaid, so that Plaid can offer you its Services.
  • To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal information held by us about our Website users is among the assets transferred.
  • To fulfill the purpose for which you provide it.
  • In aggregated form, and/or information that does not identify any individual.
  • For any other purpose disclosed by us when you provide the information.
  • With your consent.
  • If you elect to participate in the Website and associated services through a business or other organization (“Partner”) as part of a Partner’s plan (“Plan”), then we will share your name, email address, and the date you joined the Plan. If a Plan has 10 or more users, the Partner is given aggregated, anonymized data about the number of users who access XPENSES each month. No other personal data associated with Your use of the Website will be conveyed by XPENSES to the Partner.

We may also disclose your personal information:

  • To comply with any court order, law or legal process, including to respond to any government or regulatory request.
  • To enforce or apply our Terms of Service or terms of sale and other agreements, including for billing and collection purposes.
  • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Xpenses, our customers or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

Categories of third-party providers

Categories of services used to process data include:

Infrastructure & Fulfillment

XPENSES partners with third-parties to provide storage and server access that acts as infrastructure for our website and apps. In addition, we partner with third-parties to fulfill payments and transactions in fulfillment of our terms.

Aggregation

XPENSES partners with third-parties to aggregate financial information from your financial institutions when you request it.

Analytics

XPENSES partners with third-parties to help us monitor and analyze website traffic and can be used to keep track of User behavior, helping us to improve the services and experience of using them.

Customer Support

XPENSES partners with third-parties to help us receive, process, and respond to customer support requests, as customer support and education are a core part of the services offered.

Performance and Logging

XPENSES partners with third-parties that assist us in monitoring the stability of the website and applications and resolving issues or errors with the service.

Marketing

XPENSES partners with third-parties to manage receipt of consent to send marketing emails and to send those same emails.

Data Retention

We retain account data for a period of time after an account expires, whether through trial expiration or subscription expiration, unless you delete your account as described below.

Once an account has become inactive beyond the period of time described below, we will delete its budget data – if you don’t need XPENSES, we don’t need your account data, and you probably don’t want us to have it. (Keep in mind that if you cancel your account, it remains active until the end of your subscription. The timeline below doesn’t start until that subscription expires.)

We will delete accounts and their data:

  • For an expired trial, a minimum of one hundred-twenty (120) days after the expiration of the trial;
  • For an expired subscription, a minimum of three years after the expiration of the subscription.

After deletion, we retain your email address in order to be able to confirm deletion of associated data.

Automated data processing

In conjunction with a third-party payment processor, we use automated analysis to screen for suspicious or fraudulent transactions.

When we make solely automated decisions that affect you in a legal or a significant way, you have the right to provide your point of view and have those decisions reviewed by a member of our staff.

Third-party applications and integrations

When you choose to use third party apps (such as the XPENSES Toolkit or other OAuth apps based on our API), plug-ins, or websites that integrate with the Services, they may receive your information and content, including your personal information, photos, and your activity data (including private activities). Information collected by these third parties is subject to their terms and policies. XPENSES is not responsible for the terms or policies of third parties.

Children under the age of 13

Our Website is not intended for children under 13 years of age (or 16 years of age for those who habitually reside in the EU, which applies to the remainder of the paragraph that follows). No one under these ages may provide any personal information to the Website. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this Website or on or through any of its features, register on the Website, make any purchases through the Website, use any of the interactive or public comment features of this Website or provide any information about yourself to us, including your name, address, telephone number, e-mail address or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at privacy@xpenses.app.

Your Rights

We have established a number of procedures to help you manage your personal data.

Deletion

You may delete your account by visiting your account settings. This will delete all personal data with the exception of email correspondence. Note that the process to delete all data associated with your account will take up to thirty (30) days, with log files retained for up to eighteen (18) months.

Adjust Notification and Email Preferences

XPENSES offers various ways to manage the communications you receive. You can choose to unsubscribe from emails and lists by following the instructions contained at the bottom of each type of email. Any administrative or service-related emails (to confirm a purchase, or an update to this Privacy Policy or the Terms of Service, etc.) generally do not offer an option to unsubscribe as they are necessary to provide the Services you requested.

Updating Account Information

You may correct, amend, or update your email and/or password at any time by adjusting that information in your account settings.

Portability

You can access information that you have shared with us by exporting your budget and transactions history.

Object, Restrict, or Withdraw Consent

You may withdraw consent for processing in the situations described above. Other data processing we conduct is necessary for the fulfillment of our Terms of Service and/or our legitimate interest and/or legal reasons, and deletion of your account and data is required to cease processing.

California privacy rights

California Civil Code Section § 1798.83 permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.

XPENSES has not and does not transfer information to third parties for direct marketing purposes. In the event we decided to do so in the future, we would provide affirmative consent and opt-out procedures.

The CCPA provides consumers who reside in California with rights regarding their personal data, which you can read in full detail.

EU Visitors and Clients’ Rights

Rights to access, deletion, portability, and restriction are described above. In addition, if you habitually reside in the EU and wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority.

Transfers

The Services offered by XPENSES are operated from the United States. If you are located outside of the United States and choose to use the Services or provide information to us, you acknowledge and understand that your information will be transferred, processed, and stored in the United States, as it is necessary to provide the Services and perform the Terms of Service.

Further reading

We take security quite seriously around here, and go into detail about the steps we take to protect users’ data in our Security Policy . For more legal reading, see our Terms of Service . If you need further assistance, email privacy@xpenses.app .