Privacy Policy

Last updated: May 14, 2026

ApproveExpense ("we", "us", "our") provides expense submission, approval, and reimbursement-export software to businesses ("Customers") and their personnel ("Users"). This Privacy Policy explains what information we collect, how we use it, and the choices Users have.

1. Information we collect

• Account data — name, work email, password hash, company affiliation, role (employee, approver, accountant, admin).
• Company data — company name, handle, branding, plan tier, billing contact.
• Expense data — amounts, dates, vendors, categories, memos, attestations, approval decisions, rejection reasons.
• Receipt images — files Users upload as proof of expense, plus a derived hash used for duplicate detection.
• Usage data — log files, IP address, device and browser metadata, timestamps of actions taken in the product.
• Payment data — handled by our payment processor; we do not store full card numbers on our servers.

2. How we use information

• Operate the service, including authentication, expense submission, approval routing, reporting, and export.
• Detect duplicate or fraudulent receipts within a Customer's tenant.
• Bill Customers and meter optional add-ons such as AI receipt scanning.
• Send transactional notifications (approvals, rejections, reimbursement status).
• Improve product reliability, security, and performance.
• Comply with legal obligations and enforce our Terms of Use.

3. AI receipt scanning

If a Customer enables the optional AI receipt scanning add-on, receipt images are processed by an automated extraction model to pre-fill expense fields. We do not use Customer receipt content to train third-party general-purpose models. Extracted data is treated as Customer data under this Policy.

4. Sharing

We share data within a Customer's tenant according to role permissions (employees, approvers, accountants, admins). We do not sell personal information. We share with service providers strictly to operate the service: cloud hosting, email delivery, payment processing, and the AI extraction provider where the add-on is enabled. We may disclose information to comply with law or to protect rights, property, or safety.

5. Data retention

Customer expense and receipt data is retained while the Customer's account is active and for a reasonable period after termination to support export, audit, and tax requirements. Customers can request deletion subject to legal retention obligations.

6. Security

We use industry-standard safeguards including encryption in transit, encrypted storage of secrets, role-based access controls, and per-company tenant isolation. No method of transmission or storage is 100% secure.

7. Your choices

Users may update their profile, request a copy of their data, or request deletion by contacting their company's admin or emailing us. Customers control retention and access settings for their tenant.

8. Children

The service is intended for business use and is not directed to individuals under 16.

9. Changes

We may update this Policy from time to time. Material changes will be communicated via the product or email.

10. Contact

Questions about this Policy? Email privacy@approveexpense.com.