1. Information We Collect
ExpenseFlow collects information you provide directly to us, including:
- Account information (email address, name)
- Receipt images and expense data
- Mileage and journey information
- Payment information (processed securely by third-party providers)
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve our services
- Process receipt data using OCR and AI
- Generate expense reports and analytics
- Send you technical notices and support messages
- Comply with HMRC guidelines and legal obligations
3. Data Storage and Security
Your data is stored securely using industry-standard encryption:
- Receipt images stored in Google Cloud Storage (UK/EU regions)
- Database hosted on secure servers with encryption at rest and in transit
- Regular security audits and updates
- Access limited to essential personnel only
4. Data Sharing
We do not sell your personal data. We share data only with:
- Service providers (hosting, OCR, email processing) under strict confidentiality
- When required by law or to protect our legal rights
5. Your Rights (GDPR)
Under UK GDPR, you have the right to:
- Access your personal data
- Correct inaccurate data
- Request deletion of your data
- Export your data in a portable format
- Object to processing of your data
- Withdraw consent at any time
6. Data Retention
We retain your data for as long as your account is active. If you delete your account:
- Data is retained for 30 days to allow for recovery
- After 30 days, all personal data is permanently deleted
- Some aggregated, anonymised data may be retained for analytics
7. Cookies
We use essential cookies to maintain your login session and preferences. No tracking or advertising cookies are used.
8. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of any significant changes by email or through the service.