Last Updated: October 28th, 2016
Information that our European users submit through the Expensify Service or the Site is sent to and stored on secure servers located in the United States of America and may be transferred by us to our other offices and/or to the third parties (such as our Partner Companies), who may be situated in the United States of America or elsewhere outside the European Economic Area (EEA) and may be processed by staff operating outside the EEA. The US and other non-EEA countries do not have similar data protection laws to the European Union, and you should be aware in particular that the law and practice in the United States in respect of law enforcement authority access to data is significantly different from Europe. Where we transfer your information we will take all reasonable steps to ensure that your privacy rights continue to be protected consistent with our obligations under local law. By submitting information via the Site, you agree to this storing, processing and/or transfer.
Expensify, Inc and its subsidiary company, Expensify Ltd. participate in and have certified their compliance with the EU-U.S. Privacy Shield Framework. Expensify, Inc. is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov/list.
Expensify, Inc. is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Under certain conditions, more fully described on the Privacy Shield website at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
We do not intentionally gather Personal Data about visitors who are under the age of 13. If we inadvertently hold or have access to Personal Data about anyone under 13, please let us know so we can delete it.
Expensify collects Personal Data and Anonymous Data from you when you visit our Site, when you send us information or communications in connection with your use of the Expensify Service, and/or when you download and use the Expensify Software. "Personal Data" means data that allows someone to identify or contact you, including, for example, your name, address, geographic location of your computer or mobile device, telephone number, credit card number, email address and bank account information, as well as any other non-public information about you that is associated with or linked to any of the foregoing data. "Anonymous Data" means data about you that is not associated with or linked to your Personal Data; Anonymous Data does not permit the identification of individual persons. We collect Personal Data and Anonymous Data, as described below.
We collect Personal Data from you, such as first and last name, email and mailing addresses, telephone number, professional title, company name, and password, when you register for the Expensify Service. In addition, we (or our third-party credit card or payment processor on our behalf) will collect Personal Data including your credit card number or account information when you upgrade to a paid account. We also retain information on your behalf, such as the Personal Data described above and any correspondence. If you provide us feedback or contact us via email, we will collect your name and email address, IP address, as well as any other content included in the email, in order to send you a reply, and any information that you submit to us, such as a resume. If we conduct a survey in which you participate, we may collect additional profile information. We may also collect Personal Data at other instances in the Site or Application user experience where we state that Personal Data is being collected.
If you choose to use our referral service to tell a friend about our site, we will ask you for your friend's name and email address. We will automatically send your friend a one-time email inviting him or her to visit the site. If your friend is a resident of the European Union, please make sure they are happy to be contacted by us.
When you provide us with personal information about your contacts we will only use this information for the specific reason for which it is provided.
If you believe that one of your contacts has provided us with your personal information and you would like to request that it be removed from our database, please contact us at email@example.com
Your friend may also contact us at firstname.lastname@example.org to request that we remove this information from our database.
We may receive Personal Data about you from companies that distribute the Expensify Service by way of a co-branded or private-labeled website, companies that offer their products and/or services via the Expensify Service, or companies that provide services (such as payment processing services) in connection with the Expensify Service (collectively, "Partner Companies"). Our Partner Companies may supply us with Personal Data, such as your name and email and mailing address information or your login credentials for such Partner Company's website or service, in order to help us establish the account or fulfill orders. We may add this information to the information we have already collected from you via our website in order to perform and improve the Expensify Service.
The Expensify Service (which may be hosted by a third-party service provider) collects Personal Data from you, such as browser type, your approximate geographic location of your mobile device or computer (from your Internet Protocol (IP) address), operating system and version, Internet Protocol (IP) address, domain name, information about your application, operating environment and hardware profiles and/or a date/time stamp for your visit. We may also use Identifiers (as defined below) and navigational data like Uniform Resource Locators (URL) to gather information regarding the date and time of your visit and/or access to the Expensify Service and your activity on the Site and the Application. Like most Internet services, we automatically gather this Personal Data and store it in log files each time you visit the Site, use the Application or access your account on our network.
When you interact with the Site or the Application, we try to make that experience simple and useful. We and our partners use industry standard identifiers, such as cookies or other similar technologies. We also use mobile device identifiers which perform a similar role, like the IDFA used by Apple devices and the UDID used by Android devices. Cookies are small pieces of information which are issued to your computer or mobile device (as the case may be) when you visit a website or access or use a mobile application and which store and sometimes track information about your use of the Site or Application (as the case may be). A number of cookies we use last only for the duration of your web or Application session and expire when you close your browser or exit the Application. Other cookies are used to remember you when you return to the Site or Application and will last for longer. We refer to cookies and the mobile device equivalents as "Identifiers".
We use Identifiers to:
Some of the Identifiers used by the Site are set or accessed (as appropriate) by us, and some a by third parties who are delivering services on our behalf.
Most web and mobile device browsers automatically accept cookies but, if you prefer, you can change your browser to prevent that or to notify you each time a cookie is set. You can also learn more about cookies by visiting www.allaboutcookies.org which includes additional useful information on cookies and how to block cookies using different types of browser or mobile device. Please note, however, that by blocking or deleting cookies used on the Site or Application, you may not be able to take full advantage of the Site or Application (as the case may be).
In addition to cookies, web beacons may be set by us or third parties in respect of your use of the Site or Application. Web beacons are small image files within the content of the Site or Application for analytics purposes so we or third parties can understand parts of the Site or Application are visited and which functions of the Site or Application are used and whether particular content is of interest.
We may partner with a third party to either display advertising on our website or to manage our advertising on other sites. Our third party partner may use technologies such as cookies to gather information about your activities on this website and other sites in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here (or if located in the European Union click here). Please note this does not opt you out of being served ads. You will continue to receive generic ads.
Expensify uses your Personal Data in the following ways:
We may create Anonymous Data records from Personal Data by excluding information (such as your name and email) that render the data personally identifiable to you. We use this Anonymous Data to analyse request and usage patterns so that we may enhance the content and functionality of the Expensify Service. Expensify reserves the right to use for other purposes and to disclose Anonymous Data to third parties in its discretion.
Any information, including Personal Data, which you elect to make publicly available on the Expensify Service will be available to other Members. If you remove information that you have made public on the Expensify Service, copies may remain viewable in cached and archived pages of the Expensify Service, or if other Members have copied or saved that information.
We collect information under the direction of our clients, and have no direct relationship with individuals whose personal data we process. If you are an employee or a customer of one of our Corporate Members and would no longer like to be contacted in conjunction with one of our Corporate Members that use our service, please contact the Corporate Members that you interact with directly.
We may share your Personal Data with Partner Companies to provide technical support or to provide specific services, such as hosting of your applications, maintenance services, database management or payment processing for purchases, reimbursements or other payments (including but not limited to PayPal and the Bancorp). Partner Companies will have access to your Personal Data only to perform these services on our behalf and are obligated not to disclose or use it for any other purpose. They may be located, or their data processing activities may take place, in the United States of America or elsewhere outside the European Economic Area (EEA). The US and other non-EEA countries do not have similar data protection laws to the European Union, and you should be aware in particular that the law and practice in the United States in respect of law enforcement authority access to data is significantly different from Europe.
Expensify may sell/divest/transfer the company (including any shares in the company), or any combination of its products, services, assets and/or businesses. Personal Data may be among the items sold or otherwise transferred in these types of transactions, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of your personal information. We may also sell, assign or otherwise transfer such information in the course of corporate divestitures, mergers, acquisitions, bankruptcies, dissolutions, reorganizations, liquidations, similar transactions or proceedings involving all or a portion of the company.
Regardless of any choices you make regarding your Personal Data (if applicable), Expensify may disclose Personal Data if it believes in good faith that such disclosure is necessary to (a) comply with relevant laws or to respond to subpoenas or warrants or lawful requests from government authorities served on Expensify; or (b) protect or defend the rights, reputation or property of Expensify or users of the Expensify Service.
Except as otherwise stated in this policy, we do not sell, trade, share, or rent the Personal Data collected from our services to third parties. You expressly consent to the sharing of your Personal Data as described in this policy.
Expensify may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice and the service agreements with our Clients.
Expensify offers you the choice of receiving different types of communication and information related to our company, products and services. You may subscribe to e-newsletters or other publications; you may also elect to receive marketing communications and other special offers from us via email. If at any time you would like to change your communication preferences, we provide unsubscribe links and an opt-out mechanism for your convenience. You may also access and manage your preferences from your account.
You may change aspects of any of your Personal Data in your account by editing your profile within the registration portion of the Site or by sending an email to us at email@example.com. You may request deletion of your account information by us, but please note that we may be required (by law or otherwise) to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). We will respond to your request to access within 30 days. We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Upon request we will provide you with information about whether we hold any of your personal information. We also acknowledge that you have the right to access your personal information. Where a Member accesses the Application or the Expensify Service because their employer is a Corporate Member, Expensify has no direct relationship with that Member. In that situation, a Member who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to the Expensify's Corporate Member (the data controller). If the Corporate Member requests Expensify to remove the data, we will respond to their request within 30 business days.
Expensify will retain data we process on behalf of our Corporate Members for as long as needed to provide services to our Corporate Member. Expensify will retain and use this information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Our Web site offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog or community forum, contact us at firstname.lastname@example.org. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
Members who are California residents may request and obtain from us once a year, free of charge, certain information about the Personal Data (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of Personal Data that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to email@example.com.
Expensify is committed to protecting the security of your Personal Data. We use a variety of industry-standard security technologies and procedures to help protect your Personal Data from unauthorized access, use, or disclosure. When you enter sensitive information (such as a credit card number) on our order forms, we encrypt the transmission of that information using secure socket layer technology (SSL). We also require you to enter a password to access your account information. Please do not disclose your account password to unauthorized people. Despite these measures, you should know that Expensify cannot fully eliminate security risks associated with Personal Data. If you have any questions about the security of your personal information, you can contact us at firstname.lastname@example.org.