Back to ExpenseMate

Privacy Policy

Last updated: 20 April 2025

1. Introduction

Welcome to ExpenseMate ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you about how we look after your personal data when you visit our website at expensemate.app (regardless of where you visit it from) or use our mobile application, and tell you about your privacy rights and how the law protects you.

This privacy policy applies to both our website and mobile application (collectively referred to as "Services").

2. Data Controller

Tun Keltesch is the controller and responsible for your personal data.

We do not share your personal data with any third parties. Your data remains accessible only by you and is essential for the operation of the Services.

If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact us at: tun.keltesch@expensemate.app

3. The Data We Collect

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes first name, last name, username or similar identifier.
  • Contact Data includes email address and optionally telephone numbers.
  • Financial Data includes expense records, receipt data, and payment information that you choose to share with the app.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Services.
  • Profile Data includes your username and password, your preferences, feedback, and survey responses.
  • Usage Data includes information about how you use our Services.
  • Image Data includes photographs of receipts you upload to the application.

4. How We Collect Your Data

We use different methods to collect data from and about you including through:

  • Direct interactions: You may give us your Identity, Contact, and Financial Data by filling in forms or by corresponding with us through the Services.
  • Automated technologies or interactions: As you interact with our Services, we may automatically collect Technical Data about your equipment, browsing actions, and patterns.
  • Third parties or publicly available sources: We may receive Technical Data about you from analytics providers such as Google.

5. How We Use Your Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation.

We use your data for the following purposes:

  • To register you as a new user
  • To provide and maintain our Services
  • To process and analyze your receipts and expenses
  • To improve our Services
  • To notify you about changes to our Services
  • To allow you to participate in interactive features of our Services
  • To provide customer support
  • To gather analysis or valuable information so that we can improve our Services
  • To monitor the usage of our Services
  • To detect, prevent and address technical issues

6. Data Processing and Storage

Your data is processed and stored on Google Cloud infrastructure, which provides robust security measures. We specifically use:

  • Google Cloud Storage (Buckets) for storing receipt images and other files
  • Firebase Authentication for secure user authentication
  • Google Cloud Run for hosting our API services
  • Google Cloud SQL for database hosting and management

Additionally, receipt images may be processed by Google Gemini and/or OpenAI services to extract data and analyze receipt content. This processing is essential for the core functionality of our application.

All data processing and storage is necessary for the functioning of the application and providing the services you request.

7. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

9. Your Legal Rights

Under the GDPR, you have various rights with respect to our use of your personal data:

  • Access: You have the right to request a copy of your personal data that we hold.
  • Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
  • Erasure: You have the right to request that we delete your personal data in certain circumstances.
  • Restrict processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • Data portability: You have the right to request that we provide you with your personal data in a structured, commonly used and machine-readable format.
  • Object: You have the right to object to the processing of your personal data in certain circumstances.

You can exercise any of these rights by contacting us at tun.keltesch@expensemate.app. We will respond to all legitimate requests within one month.

10. Cookies and Tracking

Our website uses cookies and similar tracking technologies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

11. Changes to the Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us at tun.keltesch@expensemate.app.