Privacy Policy

1. Introduction

Welcome to ExpenseGenius ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal and financial information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service").

By using ExpenseGenius, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Personal Information

We collect personal information that you voluntarily provide to us when you:

• Create an account (email address, name)
• Contact us for support or inquiries
• Subscribe to paid features or services

2.2 Financial Information

When you use our financial account connection features powered by Stripe Financial Connections, we collect:

• Financial Account Data: Bank account information, credit card transaction data, account balances, and transaction history from connected financial institutions
• Transaction Details: Merchant names, amounts, dates, and transaction descriptions
• Account Ownership: Account holder name and verification information

Important: We do not store your banking credentials (usernames or passwords). Financial account connections are handled securely through Stripe's infrastructure, and we only receive read-only access to transaction data as authorized by you.

2.3 Receipt and Transaction Data

When you use our receipt scanning features, we collect:

• Images of receipts you upload
• Extracted data from receipts (merchant names, items purchased, prices, dates)
• Manually entered transaction information
• Categories and notes you add to transactions

2.4 Usage and Device Information

We automatically collect certain information about your device and how you interact with our Service:

• Device type, operating system, and version
• Unique device identifiers
• App usage statistics and interaction data
• Error logs and diagnostic information
• IP address and general location (city/region level)

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide Core Services: Process and categorize your transactions, sync financial account data, and display your expense information
• AI-Powered Features: Analyze receipts using Google's Gemini AI to extract transaction details, identify spending patterns, and generate personalized insights
• Account Management: Create and maintain your account, authenticate your identity, and manage subscriptions
• Customer Support: Respond to your requests, provide technical support, and resolve issues
• Service Improvement: Analyze usage patterns to improve our features, fix bugs, and develop new functionality
• Security and Fraud Prevention: Detect and prevent unauthorized access, fraudulent activity, and security threats
• Legal Compliance: Comply with applicable laws, regulations, and legal processes
• Communications: Send you service-related notifications, updates about your account, and respond to your inquiries

4. How We Share Your Information

We do not sell your personal or financial information. We share your information only in the following circumstances:

4.1 Third-Party Service Providers

• Stripe: For financial account connections, transaction syncing, and payment processing. Stripe's privacy policy: https://stripe.com/privacy
• Google (Gemini AI): For AI-powered receipt scanning and transaction analysis. Google's privacy policy: https://policies.google.com/privacy
• MongoDB: For secure data storage and database management
• Firebase (Google): For authentication, push notifications, and cloud storage
• Vercel: For hosting and infrastructure services

4.2 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, or government agencies).

4.3 Business Transfers

If ExpenseGenius is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

5. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data transmitted between your device and our servers is encrypted using TLS/SSL protocols
• Data Encryption at Rest: Financial data and sensitive information are encrypted in our databases
• Access Controls: Strict access controls limit who can access your data internally
• Secure Infrastructure: We use trusted cloud providers with robust security practices (Firebase, MongoDB Atlas, Vercel)
• No Credential Storage: We never store your banking usernames or passwords. Financial connections are managed through Stripe's secure OAuth implementation
• Regular Security Audits: We regularly review and update our security practices

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy:

• Active Accounts: We retain your data as long as your account is active
• Deleted Accounts: After account deletion, we remove or anonymize your personal data within 30 days, except where retention is required by law
• Financial Records: Some financial transaction records may be retained for longer periods to comply with legal and regulatory requirements
• Backup Systems: Data may persist in backup systems for up to 90 days after deletion

7. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: Request access to the personal data we hold about you
• Correction: Update or correct inaccurate information in your account settings
• Deletion: Request deletion of your account and associated data
• Data Export: Request a copy of your data in a portable format
• Disconnect Financial Accounts: Disconnect linked financial accounts at any time through the app
• Opt-Out of Communications: Unsubscribe from marketing communications (service-related communications may continue)

To exercise these rights, contact us at privacy@expensegeni.us

8. Children's Privacy

ExpenseGenius is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child under 18, please contact us immediately so we can delete it.

9. International Users

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from those in your country. By using our Service, you consent to the transfer of your information to the United States and other countries where we operate.

10. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience:

• Essential Cookies: Required for the website to function properly
• Analytics: Help us understand how visitors use our website
• Preferences: Remember your settings and preferences

You can control cookies through your browser settings. Disabling cookies may limit some functionality of our website.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you through the app or via email for material changes
• Provide a summary of changes where appropriate

Your continued use of our Service after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

13. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect, use, and disclose
• Right to request deletion of your personal information
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights