top of page

Privacy Policy

Privacy Policy
 

Effective Date: January 1, 2025.
 

SpendFlow ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your information when you use the SpendFlow app and services (the "Service"). By using SpendFlow, you agree to the terms of this Privacy Policy.

  1. Information We Collect We collect various types of information to provide and improve our Service. This includes:

1.1 Account Information

  • Full name, email address, and phone number when you create an account.

  • Business details (if applicable), including company name, role, and tax identification number.

  • Login credentials and authentication tokens for connected services.

  • Billing and payment information for subscriptions and transactions.

1.2 Financial & Transaction Data

  • Receipt images, invoices, and transaction details uploaded or forwarded to SpendFlow.

  • Data extracted from email providers (Gmail, Outlook) and financial institutions with user authorization.

  • Categorization and metadata from receipts, including amounts, merchant details, timestamps, and payment methods.

  • Expense reports, approval workflows, and reimbursement details.

  • Budgeting and spending analytics based on user activity.

1.3 Device & Usage Information

  • IP address, device type, operating system, browser type, and version.

  • Application logs, error reports, and feature usage patterns.

  • Cookies and tracking technologies to enhance user experience and security.

  • Location data (only if explicitly permitted by the user) to enable features like currency conversion or tax calculations.

1.4 Third-Party Integrations

  • Data from connected services, including accounting software (QuickBooks, Xero), payroll providers, and financial APIs.

  • Permissions granted for secure access to third-party sources.

  • Interaction logs for synced data and transactions.

  1. How We Use Your Information We use collected data to:

  • Provide core SpendFlow functionalities such as receipt scanning, expense categorization, and financial reporting.

  • Sync and reconcile transactions from linked financial accounts.

  • Automate approvals and reimbursement workflows.

  • Detect fraudulent activity and ensure compliance with tax regulations.

  • Personalize user experience with spending insights and budget recommendations.

  • Improve our products through analytics and research.

  • Communicate service updates, support messages, and promotional offers (if opted-in).

  • Comply with legal and regulatory requirements.

Google Workspace API Usage: SpendFlow does not use Google Workspace APIs to develop, improve, or train generalized AI and/or ML models. Any data accessed through Google Workspace APIs is used solely to provide the intended SpendFlow functionalities. This includes extracting and processing receipts, invoices, and financial transaction data for user expense management. Data obtained via Google APIs is not shared with third parties except as necessary to provide SpendFlow’s services, comply with legal requirements, or as explicitly authorized by the user.

  1. How We Share Your Information We do not sell your data. However, we may share information in the following scenarios:

3.1 Service Providers & Partners We work with trusted third-party vendors to support:

  • Cloud hosting, database storage, and encryption services.

  • AI-powered receipt scanning and document processing.

  • Secure payment gateways and subscription management.

  • Customer support and live chat assistance.

3.2 Business & Enterprise Accounts If you are using SpendFlow through an employer or business account, your data may be shared with your organization's administrators and finance teams.

3.3 Compliance & Legal Requirements We may disclose user data when required to:

  • Comply with laws, regulations, and court orders.

  • Enforce agreements and protect legal rights.

  • Investigate fraud, security threats, or policy violations.

3.4 Business Transactions In the event of a merger, acquisition, or company restructuring, your data may be transferred as part of the business transaction.

  1. Compliance & Regulatory Requirements SpendFlow adheres to applicable data protection laws and financial regulations, including:

  • General Data Protection Regulation (GDPR) for users in the European Union.

  • California Consumer Privacy Act (CCPA) for residents of California, USA.

  • Payment Card Industry Data Security Standard (PCI DSS) for secure payment processing.

  • Anti-Money Laundering (AML) & Know Your Customer (KYC) Regulations where applicable.

  • Tax Compliance Laws for accurate financial reporting. We continuously monitor and update our practices to ensure compliance with evolving regulations.

  1. Data Security We implement strict security measures to safeguard user data, including:

  • End-to-end encryption of sensitive information during transmission and storage.

  • OAuth authentication and multi-factor authentication (MFA) for account protection.

  • Regular security audits, penetration testing, and vulnerability assessments.

  • Role-based access controls (RBAC) to restrict data access internally. Users are advised to protect their login credentials and report any suspicious activity.

  1. Data Retention We retain personal data only as long as necessary to:

  • Provide uninterrupted service to users.

  • Fulfill legal, tax, and accounting obligations.

  • Improve features through anonymized analytics. Users may request data deletion at any time, subject to compliance regulations.

  1. Your Rights & Choices Depending on your location, you may have the right to:

  • Access, update, or delete your personal information.

  • Withdraw consent for data processing and marketing communications.

  • Download an export of your financial data.

  • Restrict certain types of data sharing. Requests can be submitted via info@spendflow.co

  1. Cookies & Tracking Technologies SpendFlow uses cookies and similar technologies to:

  • Improve app performance and user navigation.

  • Store session preferences and auto-fill forms.

  • Analyze trends and optimize features.

  • Prevent fraudulent logins and unauthorized access. Users can manage cookie preferences through browser settings.

  1. Third-Party Links & Integrations SpendFlow may contain links to third-party websites or integrate with external services. We are not responsible for their privacy practices. Users should review those privacy policies independently.

  2. International Data Transfers SpendFlow operates globally, which may require transferring data across different jurisdictions. We ensure compliance with:

  • GDPR (General Data Protection Regulation) for EU users.

  • CCPA (California Consumer Privacy Act) for US users.

  • Other applicable data protection laws.

  1. Children’s Privacy SpendFlow is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from minors. If we discover such data has been collected, we will take steps to delete it promptly.

  2. Changes to This Privacy Policy We may update this Privacy Policy periodically to reflect changes in our practices. Updates will be communicated via email, app notifications, or our website. Continued use of the Service after updates constitutes acceptance of the revised policy.

  3. Contact Us For any questions, concerns, or data-related requests, contact us at: info@spendflow.co

SpendFlow is committed to transparency, security, and user control over personal data. Thank you for trusting us with your expense management needs.

bottom of page