Security & Privacy

Our security posture

Expensum is built for sensitive receipt, transaction, and email-derived data. We use access to connected accounts only to provide the receipt import, receipt parsing, transaction matching, and expense workflow features a user chooses to enable.

Gmail read-only access

Signing in with Google does not give Expensum access to your Gmail inbox. Gmail receipt import requires a separate connection step where you grant read-only Gmail access.

Expensum uses read-only Gmail access to find receipts, invoices, confirmations, payments, travel records, subscriptions, statements, and other expense-related records. Expensum does not send, delete, archive, label, mark read, or otherwise modify your emails.

Non-receipt email bodies are not retained after classification. Receipt-candidate data may be stored only as needed to provide the user-facing expense workflow.

AI and OCR processing

Message content, receipt files, and attachments may be processed transiently with AI and OCR providers to classify receipt candidates, extract receipt details, and match receipts to card transactions. Service providers may process Gmail data only to provide Expensum features and not for advertising or unrelated purposes.

Expensum does not use Gmail data to train or improve generalized AI or machine-learning models.

Storage and encryption

Expensum uses hosted cloud providers for app hosting, database, file storage, OCR, AI processing, bank connections, email ingestion, analytics, and operational monitoring. Data is protected in transit with HTTPS/TLS, and production database and file-storage providers use encryption at rest.

Gmail, Plaid, and other connected-account tokens are stored server-side only and are not exposed in the browser. Gmail refresh tokens for active Gmail connections are encrypted before database storage.

Human access limits

Expensum limits human access to Gmail-derived content and receipt files. We do not read specific Gmail messages or receipt files unless you ask for support for that data, give affirmative permission, or access is necessary for security, abuse prevention, legal compliance, or aggregated internal operations.

Deletion and backups

You can disconnect Gmail in the app, revoke Google access from your Google Account, or request deletion of Gmail-derived data by contacting us. Disconnecting Gmail stops future Gmail access. Deletion removes linked Gmail-derived receipt artifacts and records from active systems where linked.

Limited data may remain temporarily in logs, backups, or provider systems where needed for security, legal compliance, fraud prevention, troubleshooting, or disaster recovery, and is not used for normal product workflows.

We do not sell your data

Expensum does not sell Google user data, receipt data, transaction data, or email-derived data. We do not use Google user data for advertising, retargeting, personalized advertising, creditworthiness decisions, or lending decisions.

Contact

Security and privacy questions can be sent to support@expensumai.com.