Privacy Policy
Last Updated: November 5, 2024
Your Privacy Matters. At ExpenseLyft, we're committed to protecting your financial data with end-to-end encryption. This policy explains how we collect, use, and safeguard your information.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Email address
- Name (optional)
- Password (encrypted)
- Profile preferences
1.2 Expense Data
Your expense tracking data includes:
- Receipt images (encrypted)
- Expense amounts, dates, and categories (encrypted)
- Merchant names and notes (encrypted)
- OCR-extracted text from receipts (encrypted)
1.3 Usage Information
We automatically collect:
- Device information (browser type, operating system)
- IP address and location data
- Usage statistics and analytics
- Error logs and performance data
2. How We Use Your Information
We use your data to:
- Provide the Service: Process receipts, categorize expenses, and generate reports
- Improve Features: Enhance OCR accuracy and user experience
- Customer Support: Respond to your inquiries and technical issues
- Security: Detect and prevent fraud and unauthorized access
- Communications: Send service updates and important notifications
3. End-to-End Encryption
Your expense data is encrypted using AES-256-GCM before being stored in our database. This means:
- Only you can decrypt and view your expense details
- We cannot access your encrypted expense data
- Each user has a unique encryption key derived from their account
- Receipt images and sensitive information are protected at rest and in transit
4. Data Sharing and Disclosure
4.1 We Never Sell Your Data
We do not sell, rent, or trade your personal information to third parties.
4.2 Limited Sharing
We may share data only in these circumstances:
- Service Providers: Cloud hosting, analytics, and payment processing
- Legal Requirements: When required by law or to protect our rights
- Business Transfers: In the event of a merger or acquisition
5. Data Storage and Retention
Your data is stored on secure cloud servers with:
- Regular backups and redundancy
- Industry-standard security measures
- Encryption at rest and in transit
We retain your data:
- As long as your account is active
- For up to 90 days after account deletion (for recovery purposes)
- Longer if required by law or legitimate business needs
6. Your Rights and Choices
You have the right to:
- Access: Request a copy of your personal data
- Correction: Update or correct inaccurate information
- Deletion: Request deletion of your account and data
- Export: Download your expense data in CSV format
- Opt-Out: Unsubscribe from marketing communications
7. Cookies and Tracking
We use cookies and similar technologies to:
- Maintain your login session
- Remember your preferences
- Analyze usage patterns and improve our service
You can control cookies through your browser settings.
8. Third-Party Services
We use the following third-party services:
- Firebase Authentication: Secure login and account management
- Cloud Storage: Encrypted data storage
- Analytics: Anonymous usage statistics (no personal data)
9. Children's Privacy
ExpenseLyft is not intended for users under 18. We do not knowingly collect information from children. If we discover we have collected data from a child, we will delete it immediately.
10. International Data Transfers
Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in compliance with applicable data protection laws.
11. Security Measures
We implement comprehensive security measures:
- End-to-end encryption for sensitive data
- HTTPS/TLS for all data transmission
- Regular security audits and updates
- Access controls and authentication
- Monitoring for suspicious activity
12. Data Breach Notification
In the unlikely event of a data breach affecting your personal information, we will:
- Notify you within 72 hours
- Inform relevant authorities as required by law
- Take immediate steps to contain and remedy the breach
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy on our website
- Sending you an email notification
- Displaying a notice in the application
14. Contact Us
If you have questions about this Privacy Policy or how we handle your data, please contact us:
Email: privacy@expenselyft.com
Support: support@expenselyft.com
15. Your Consent
By using ExpenseLyft, you consent to this Privacy Policy and agree to its terms.
Commitment to Privacy: We take your privacy seriously. Your financial data is encrypted, and we will never sell your information to third parties. You have full control over your data.