Last Updated: 2017
Information that our European users submit through the Expensify Service or the Site is sent to and stored on secure servers located in the United States of America and may be transferred by us to our other offices and/or to the third parties (such as our Partner Companies), who may be situated in the United States of America or elsewhere outside the European Economic Area (EEA) and may be processed by staff operating outside the EEA. The US and other non-EEA countries do not have similar data protection laws to the European Union, and you should be aware in particular that the law and practice in the United States in respect of law enforcement authority access to data is significantly different from Europe. Where we transfer your information we will take all reasonable steps to ensure that your privacy rights continue to be protected consistent with our obligations under local law and the Privacy Sheild Framework. By submitting information via the Site, you agree to this storing, processing and/or transfer.
In compliance with the Privacy Shield Principles, Expensify Inc. commits to resolve complaints about our collection or use of your Personal Data. European Union individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Expensify Inc. via email at: firstname.lastname@example.org or via or via post addressed to Operations Lead, 88 Kearny Street, San Francisco, CA 94108.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at feedback-form.truste.com/watchdog/request. As further explained in the Privacy Shield Principles, a binding arbitration option also be made available to you in order to address residual complaints not resolved by any other means.
Expensify, Inc. is responsible for the processing of Personal Data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. We comply with the Privacy Shield Principles for all onward transfers of Personal Data from the EU, including the onward transfer liability provisions.
You have a legal right to request the Personal Data about you held by us. On request, we will provide you with a copy of this information. You also have a right to correct, amend or delete such Personal Data where it is inaccurate or has been processed in violation of the Privacy Shield Principles.
With respect to Personal Data received or transferred pursuant to the Privacy Shield Framework, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We do not intentionally gather Personal Data about visitors who are under the age of 13. If we inadvertently hold or have access to Personal Data about anyone under 13, please let us know so we can delete it.
Expensify collects Personal Data from you when you visit our Site, when you send us information or communications in connection with your use of the Expensify Service, and/or when you download and use the Expensify Software. "Personal Data" means data that allows someone to identify or contact you, including, for example, your name, address, geographic location of your computer or mobile device, telephone number, credit card number, email address and bank account information.
We collect Personal Data from you, such as first and last name, email and mailing addresses, telephone number, professional title, company name, and password, when you register for the Expensify Service. In addition, we (or our third-party credit card or payment processor on our behalf) will collect Personal Data including your credit card number or account information when you upgrade to a paid account. We also retain information on your behalf, such as the Personal Data described above and any correspondence. If you provide us feedback or contact us via email, we will collect your name and email address, IP address, as well as any other content included in the email, in order to send you a reply, and any information that you submit to us, such as a resume. If we conduct a survey in which you participate, we may collect additional profile information. We may also collect Personal Data at other instances in the Site or Application user experience where we state that Personal Data is being collected.
If you choose to use our referral service to tell a friend about our site, we will ask you for your friend's name and email address. We will automatically send your friend a one-time email inviting him or her to visit the site. Expensify stores this information for the sole purpose of sending this one-time email and tracking the success of our referral program. If your friend is a resident of the European Union, please make sure they are happy to be contacted by us.
When you provide us with Personal Data about your contacts we will only use this information for the specific reason for which it is provided.
If you believe that one of your contacts has provided us with your Personal Data and you would like to request that it be removed from our database, please contact us at email@example.com
Your friend may also contact us at firstname.lastname@example.org to request that we remove this information from our database.
We may receive Personal Data about you from companies that distribute the Expensify Service by way of a co-branded or private-labeled website, companies that offer their products and/or services via the Expensify Service, or companies that provide services (such as payment processing services) in connection with the Expensify Service (collectively, "Partner Companies"). Our Partner Companies may supply us with Personal Data, such as your name and email and mailing address information or your login credentials for such Partner Company's website or service, in order to help us establish the account or fulfill orders. We may add this information to the information we have already collected from you via our website in order to perform and improve the Expensify Service. If you provide us Personal Data about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us.
The Expensify Service (which may be hosted by a third-party service provider) collects Personal Data from you, such as browser type, your approximate geographic location of your mobile device or computer (from your Internet Protocol (IP) address), operating system and version, Internet Protocol (IP) address, domain name, information about your application, operating environment and hardware profiles and/or a date/time stamp for your visit. We may also use Identifiers (as defined below) and navigational data like Uniform Resource Locators (URL) to gather information regarding the date and time of your visit and/or access to the Expensify Service and your activity on the Site and the Application. Like most Internet services, we automatically gather this Personal Data and store it in log files each time you visit the Site, use the Application or access your account on our network.
When you interact with the Site or the Application, we try to make that experience simple and useful. We and our partners use industry standard identifiers, such as cookies or other similar technologies. We also use mobile device identifiers which perform a similar role, like the IDFA used by Apple devices and the UDID used by Android devices. Cookies are small pieces of information which are issued to your computer or mobile device (as the case may be) when you visit a website or access or use a mobile application and which store and sometimes track information about your use of the Site or Application (as the case may be). A number of cookies we use last only for the duration of your web or Application session and expire when you close your browser or exit the Application. Other cookies are used to remember you when you return to the Site or Application and will last for longer. We refer to cookies and the mobile device equivalents as "Identifiers".
We use Identifiers to:
Some of the Identifiers used by the Site are set or accessed (as appropriate) by us, and some a by third parties who are delivering services on our behalf.
Most web and mobile device browsers automatically accept cookies but, if you prefer, you can change your browser to prevent that or to notify you each time a cookie is set. You can also learn more about cookies by visiting www.allaboutcookies.org which includes additional useful information on cookies and how to block cookies using different types of browser or mobile device. Please note, however, that by blocking or deleting cookies used on the Site or Application, you may not be able to take full advantage of the Site or Application (as the case may be).
In addition to cookies, web beacons may be set by us or third parties in respect of your use of the Site or Application. Web beacons are small image files within the content of the Site or Application for analytics purposes so we or third parties can understand parts of the Site or Application are visited and which functions of the Site or Application are used and whether particular content is of interest.
When you download and use our Services, we automatically collect information on the type of device you use and operating system version.
We send you push notifications from time-to-time in order to update you about any events or promotions that we may be running. If you no longer wish to receive these types of communications, you turn them off at the device level. To ensure you receive proper notifications, we will need to collect certain information about your device such as operating system and user identification information.
We collect your location based information for the purpose of mileage tracking and providing location specific features. We may share your geo-location data with third parties for the sole purpose of providing these services. If you do not wish to allow us to share your information in this manner please opt out by contacting us at email@example.com.
You may opt-out of location based services at any time by editing the setting at the device level or by emailing us at firstname.lastname@example.org.
We use mobile analytics software to allow us to better understand the functionality of our Mobile Software on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information we store within the analytics software to any personally identifiable information you submit within the mobile application.
We may partner with a third party to either display advertising on our website or to manage our advertising on other sites. Our third party partner may use technologies such as cookies to gather information about your activities on this website and other sites in order to provide you advertising based upon your browsing activities and interests. If you wish to opt out of interest-based advertising click here [or if located in the European Union click here]. Please note you will continue to receive generic ads.
Expensify uses your Personal Data in the following ways:
Any information, including Personal Data, which you elect to make publicly available on the Expensify Service will be available to other Members. If you remove information that you have made public on the Expensify Service, copies may remain viewable in cached and archived pages of the Expensify Service, or if other Members have copied or saved that information.
We collect information under the direction of our clients, and have no direct relationship with individuals whose Personal Data we process. If you are an employee or a customer of one of our Corporate Members and would no longer like to be contacted in conjunction with one of our Corporate Members that use our service, please contact the Corporate Members that you interact with directly.
We may share your Personal Data with Partner Companies to provide technical support or to provide specific services, such as hosting of your applications, maintenance services, database management or payment processing for purchases, reimbursements or other payments (including but not limited to PayPal and the Bancorp). Partner Companies will have access to your Personal Data only to perform these services on our behalf and are obligated not to disclose or use it for any other purpose. They may be located, or their data processing activities may take place, in the United States of America or elsewhere outside the European Economic Area (EEA). The US and other non-EEA countries do not have similar data protection laws to the European Union, and you should be aware in particular that the law and practice in the United States in respect of law enforcement authority access to data is significantly different from Europe.
Expensify may sell/divest/transfer the company (including any shares in the company), or any combination of its products, services, assets and/or businesses. Personal Data may be among the items sold or otherwise transferred in these types of transactions, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of your Personal Data. We may also sell, assign or otherwise transfer such information in the course of corporate divestitures, mergers, acquisitions, bankruptcies, dissolutions, reorganizations, liquidations, similar transactions or proceedings involving all or a portion of the company.
In certain situations, Expensify may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Regardless of any choices you make regarding your Personal Data (if applicable), Expensify may disclose Personal Data if it believes in good faith that such disclosure is necessary to (a) comply with relevant laws or to respond to subpoenas or warrants or lawful requests from government authorities served on Expensify; or (b) protect or defend the rights, reputation or property of Expensify or users of the Expensify Service.
Except as otherwise stated in this policy, we do not sell, trade, share, or rent the Personal Data collected from our services to third parties. You expressly consent to the sharing of your Personal Data as described in this policy.
Expensify may transfer Personal Data to companies that help us provide our service. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice and the service agreements with our Clients.
Expensify offers you the choice of receiving different types of communication and information related to our company, products and services. You may subscribe to e-newsletters or other publications; you may also elect to receive marketing communications and other special offers from us via email. If at any time you would like to change your communication preferences, we provide unsubscribe links and an opt-out mechanism for your convenience. You may also access and manage your preferences from your account.
You may change aspects of any of your Personal Data in your account by editing your profile within the registration portion of the Site or by sending an email to us at email@example.com. You may request deletion of your account information by us, but please note that we may be required (by law or otherwise) to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). We will respond to your request to access within 30 days. We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Upon request we will provide you with information about whether we hold any of your Personal Data. We also acknowledge that you have the right to access your Personal Data. Where a Member accesses the Application or the Expensify Service because their employer is a Corporate Member, Expensify has no direct relationship with that Member. In that situation, a Member who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to the Expensify's Corporate Member (the data controller). If the Corporate Member requests Expensify to remove the data, we will respond to their request within 30 business days.
Expensify will retain data we process on behalf of our Corporate Members for as long as needed to provide services to our Corporate Member. Expensify will retain and use this information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Our Web site offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your Personal Data from our blog or community forum, contact us at firstname.lastname@example.org. In some cases, we may not be able to remove your Personal Data, in which case we will let you know if we are unable to do so and why.
Members who are California residents may request and obtain from us once a year, free of charge, certain information about the Personal Data (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of Personal Data that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to email@example.com.
Expensify is committed to protecting the security of your Personal Data. We use a variety of industry-standard security technologies and procedures to help protect your Personal Data from unauthorized access, use, or disclosure. When you enter sensitive information (such as a credit card number) on our order forms, we encrypt the transmission of that information using secure socket layer technology (SSL). We also require you to enter a password to access your account information. Please do not disclose your account password to unauthorized people. Despite these measures, you should know that Expensify cannot fully eliminate security risks associated with Personal Data. If you have any questions about the security of your Personal Data, you can contact us at firstname.lastname@example.org.