Privacy Policy

What Expensum does

Expensum helps early access users collect receipts, match receipts to card charges, and prepare expense records. The product processes only the account, transaction, receipt, and email information needed to provide those user-facing expense features.

Information we collect

For early access signups, we collect your email address and optional context such as role, biggest expense-reporting pain, referral source, and campaign parameters. For product use, we collect receipt files you upload, card or bank transaction details you choose to connect through Plaid, Gmail receipt-candidate messages and attachments you choose to connect, and the expense records Expensum creates from that information.

Google Gmail data

Signing in with Google does not give Expensum access to your Gmail inbox. Gmail receipt import requires a separate connection step where you grant read-only Gmail access. If you connect Gmail, Expensum requests read-only Gmail access so it can identify receipts, invoices, and expense-related records, read receipt-candidate message content and attachments, convert those records into expense records, and match them to your connected card transactions. Expensum does not send email, delete email, mark messages read, archive messages, label messages, or modify your Gmail inbox.

Gmail message content may be processed transiently with AI and OCR providers to classify whether a message is a receipt candidate. Raw Gmail message bodies used for classification are processed transiently. For receipt-candidate messages, Expensum may temporarily retain raw message text only as needed to extract and verify receipt data, and deletes or minimizes raw message text after processing when it is no longer needed for the user-facing receipt record. Expensum stores Gmail-derived text and receipt assets only when a message passes the receipt-candidate gate for the user-facing expense workflow. Non-receipt email bodies are not retained.

Expensum stores Gmail refresh tokens server-side so it can continue checking for receipts until you disconnect Gmail, delete Gmail-derived data, or revoke access from your Google Account. Gmail-derived receipt-candidate data may include received dates, message IDs, minimal source metadata, message text needed to verify the receipt, attachments, generated receipt PDFs, OCR text, parsed receipt fields, and matching results.

How we use and share information

We use information to operate Expensum, identify receipts, match transactions, prepare expense records, improve product quality, troubleshoot issues, prevent abuse, and communicate with you about the product. Expensum's use and transfer of information received from Google Workspace APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

We do not sell Google user data, use Google user data for advertising, retargeting, personalized advertising, creditworthiness decisions, or lending decisions, or use Google Workspace API data to train or improve generalized AI or machine-learning models.

We share limited data with service providers only when needed to provide Expensum features, such as hosting, database, file storage, bank connection, OCR, receipt parsing, email processing, analytics, and AI processing. Service providers may process Gmail data only to provide Expensum features and not for advertising or unrelated purposes.

Human access

Expensum limits human access to Gmail-derived content. We do not read specific Gmail messages or receipt files unless you ask for support for that data, give affirmative permission, or access is necessary for security, abuse prevention, legal compliance, or aggregated internal operations.

Security and retention

Expensum stores sensitive integration tokens and receipt data in server-side systems and private storage. Gmail tokens, Plaid tokens, and other integration secrets are not exposed in the browser. Gmail refresh tokens for active Gmail connections are encrypted before database storage. We keep connected-account and receipt-candidate data while needed to provide the early access service, support your account, meet legal obligations, and improve product reliability.

Your control

You can disconnect Gmail, Plaid, or other connected accounts from the app. Disconnecting Gmail stops future Gmail access. You can also revoke Gmail access at myaccount.google.com/permissions. You may request deletion of Gmail-derived data, receipt files, parsed receipt records, connected account records, or your account by contacting us at support@expensumai.com.

Contact

Questions about privacy can be sent to support@expensumai.com.