Privacy Policy

Last updated: May 17, 2026

ApproveExpense ("we", "us", "our") provides expense submission, approval, and reimbursement-export software to businesses ("Customers") and their personnel ("Users"). This Privacy Policy explains exactly what information we collect, where it is stored, how long we keep it, and the choices Users have. It is written to match how the service actually works.

1. Information we collect

2. How we use information

We do not sell personal information. We do not use Customer Data to train general-purpose machine-learning models or for advertising.

3. AI receipt scanning

If a Customer enables the optional AI receipt scanning add-on, receipt images are sent to our AI gateway, which routes the request to a third-party model provider for the sole purpose of extracting structured fields (merchant, date, amount, currency). The extracted fields are returned to the User for review before being saved. Extracted values are treated as Customer Data under this Policy. The User must verify the extracted values before submission; the service is not liable for unreviewed AI output.

4. Sub-processors

We rely on a small set of vetted vendors to operate the service. Each processes Customer Data only on our instructions.

5. Sharing within a Customer's account

Within a Customer's tenant, data is shared strictly according to role. Row-level security in our database enforces that:

6. Legal disclosure

We may disclose information when required by law, valid legal process, or to protect the rights, property, or safety of ApproveExpense, our Customers, or the public.

7. Data retention

The following schedule applies by default:

Customers may request earlier deletion at any time, subject to legal, regulatory, or tax retention obligations that override deletion requests.

8. Security

No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. Your rights and choices

Depending on where you live, you may have the right to access, correct, export, or delete your personal information, and to object to or restrict certain processing. Users can update their profile and avatar directly in the product, and can unsubscribe from non-essential email via the link in any such message. Transactional emails (security, billing, approval) cannot be unsubscribed because they are required to operate the service. To exercise a right that the product UI does not expose, contact us at the address below; we will respond within 30 days.

10. International transfers

Our infrastructure and sub-processors may process data in the United States and other countries. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers.

11. Children

The service is intended for business use and is not directed to individuals under 16. We do not knowingly collect personal information from children.

12. Changes

We may update this Policy from time to time. Material changes will be communicated via the product or by email to the Customer admin. The "Last updated" date at the top reflects the latest revision.

13. Contact

Questions about this Policy, sub-processors, or to exercise a data right, email privacy@approveexpense.com.