Overview
ExpenseShare (“we”, “us”, or “our”) operates https://expenshare.app (the “Service”). This Privacy Policy explains what personal information we collect, why we collect it, how we use it, and the choices available to you. If you do not agree with this policy, please do not use the Service.
1. What we collect
a) Information you provide
- Account details: name, email, profile photo, phone (if provided), and hashed password.
- Group & expense data: group names, members (emails/phones you add), expense entries, amounts, dates, categories, and receipts/photos you upload.
- Billing info: billing name, address, and payment token (we use payment processors and do not store raw card numbers).
- Support messages and feedback you send us.
b) Information we collect automatically
- Usage data: pages visited, feature usage, timestamps, device & browser metadata, IP address, and crash reports.
- Analytics: aggregated metrics for product improvements.
- Cookies & local storage: see the Cookies section below.
c) Third-party sources
- Social logins (Google/Apple/etc.): information you consent to share, typically name and email.
- Payment processors: confirmation of payments and subscription status (no raw card storage).
2. How we use your data
We use data to:
- Provide and operate the core Service (create groups, calculate splits, show histories).
- Process payments, issue receipts, and manage subscriptions.
- Send account notifications, product updates, and support replies.
- Improve and personalize the Service via analytics and testing.
- Prevent fraud, enforce our terms, and comply with legal obligations.
We only use your information for the purposes described here or with your explicit consent.
3. Legal bases (for EEA users)
If you are in the EEA, our lawful bases for processing include:
- Contract: to provide the Service you requested (account management, expense tracking).
- Legal obligation: to comply with laws or regulatory requirements.
- Legitimate interests: product improvement, analytics, and fraud prevention (balanced against your rights).
- Consent: when we rely on consent (e.g., optional marketing or certain cookies).
5. Storage & international transfers
Your information is stored on secure servers and may be processed in countries other than your own (including the U.S.). When transferring data cross-border we apply appropriate safeguards such as standard contractual clauses and vendor due diligence.
7. Security
We implement reasonable technical and organizational measures (encryption in transit, hashed passwords, access controls) to protect your data. No system is 100% secure — if we become aware of a breach that risks your rights, we will notify affected users and regulators as required.
8. Data retention
We retain account and transaction data while your account is active and for a reasonable period afterwards to meet legal obligations, resolve disputes, and enforce agreements. If you request deletion, we will remove your data unless we are required to retain certain information for legal/regulatory reasons.
9. Your rights
Depending on where you live, you may have rights to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Request deletion (subject to legal exceptions).
- Restrict or object to processing.
- Request portability (receive your data in machine-readable format).
- Withdraw consent where processing is based on consent.
To exercise these rights, email privacy@expenshare.app. We may ask for ID to verify requests and will respond within the timeframes required by law (generally 30 days).
10. California residents (CCPA/CPRA)
If you are a California resident, you may request information about the categories of personal information we collect, access specific pieces of information, request deletion (with exceptions), or opt out of sales. We do not sell personal information. Submit requests to privacy@expenshare.app with the subject line "California Privacy Request".
11. Children
We do not knowingly collect data from children under 16. If you believe a child has provided information, contact privacy@expenshare.app and we will promptly investigate and remove such data where required.
12. Third-party links & services
Our Service may include links or embeds (maps, social feeds, analytics). Those third parties have their own privacy practices — we are not responsible for their policies. If you integrate payments or OCR, those providers' terms apply.
13. Payments, receipts & OCR
When you use receipt scanning, we process uploaded images to extract line items and amounts for functionality (auto-categorization). Payment processing is handled by third-party gateways; we receive confirmation and tokenized data, but not raw card numbers.
14. Data export & portability
You can export your account data (groups, members, expenses, receipts) from account settings. Exports are typically provided in CSV/JSON formats.
15. Complaints & supervisory authority
If you are in the EEA and believe your rights have been violated under GDPR, you may lodge a complaint with your local data protection authority.
16. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes we will post the updated date at the top of this page. For significant changes we may also notify active users via email.
17. Contact
Questions or requests? Email: privacy@expenshare.app
Replace the placeholder contact address above with your company DPO or legal contact before publishing.
