Privacy Policy

Last updated: 12/2/2025

1. Introduction

ExpenseFlow (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our financial management application.

By using ExpenseFlow, you consent to the data practices described in this policy.

2. Information We Collect

Personal Information

We may collect:

  • Name and email address
  • Account credentials
  • Profile information
  • Communication preferences

Financial Information

We collect financial data you input:

  • Expense and income records
  • Budget information
  • Bank account details (if provided)
  • Debt and savings information
  • Receipt images (if uploaded)

Usage Information

We automatically collect:

  • Device information and IP address
  • Browser type and version
  • Usage patterns and preferences
  • Error logs and performance data

3. How We Use Your Information

We use your information to:

  • Provide and maintain the ExpenseFlow service
  • Process your financial data and generate insights
  • Send important service updates and notifications
  • Improve our application and user experience
  • Provide customer support and respond to inquiries
  • Ensure security and prevent fraud
  • Comply with legal obligations

4. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • Service Providers: With trusted third-party services that help us operate our business (hosting, analytics, payment processing)
  • Legal Requirements: When required by law or to protect our rights and safety
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Consent: With your explicit consent for specific purposes

5. Data Security

We implement appropriate security measures to protect your information:

  • End-to-end encryption for data transmission
  • Secure data storage with industry-standard protocols
  • Regular security audits and updates
  • Access controls and authentication measures
  • Employee training on data protection

6. Data Retention

We retain your information for as long as your account is active or as needed to provide services. You may request deletion of your data at any time.

Some information may be retained for legal, security, or business purposes even after account deletion.

7. Your Rights and Choices

You have the right to:

  • Access: Request a copy of your personal data
  • Correct: Update or correct inaccurate information
  • Delete: Request deletion of your data
  • Export: Download your data in a portable format
  • Opt-out: Unsubscribe from marketing communications
  • Object: Object to certain processing activities

8. Cookies and Tracking

We use cookies and similar technologies to:

  • Remember your preferences and settings
  • Analyze usage patterns and improve our service
  • Provide personalized content and features
  • Ensure security and prevent fraud

You can control cookie settings through your browser preferences.

9. Third-Party Services

Our service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these external services.

We recommend reviewing the privacy policies of any third-party services you use.

10. Children's Privacy

ExpenseFlow is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data during such transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes via email or through our service. Your continued use of ExpenseFlow after changes constitutes acceptance of the updated policy.

13. UK Data Protection

As a UK-based business, we comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. You have the right to:

  • Right to be informed: About how we use your data
  • Right of access: Request a copy of your personal data
  • Right to rectification: Correct inaccurate data
  • Right to erasure: Request deletion of your data
  • Right to restrict processing: Limit how we use your data
  • Right to data portability: Receive your data in a portable format
  • Right to object: Object to certain processing activities
  • Rights in relation to automated decision making: Human review of automated decisions

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@expenseflow.io
Address: [Your UK Business Address]
Website: expenseflow.io
Data Protection Officer: dpo@expenseflow.io

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your data properly.