Data Protection & Privacy

    GDPR Compliance

    Your data protection rights and how we ensure compliance with the General Data Protection Regulation (GDPR).

    About GDPR

    The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations operating within the EU and those that offer goods or services to individuals in the EU, regardless of where the organization is based.

    At XpensePal, we are committed to protecting your privacy and ensuring compliance with GDPR requirements. This page outlines your rights and how we handle your personal data.

    Your GDPR Rights

    Right to Access

    You have the right to request access to your personal data and receive a copy of the data we hold about you.

    Right to Rectification

    You can request correction of inaccurate or incomplete personal data.

    Right to Erasure

    You have the right to request deletion of your personal data under certain circumstances.

    Right to Portability

    You can request a copy of your data in a structured, machine-readable format.

    Right to Restrict Processing

    You can request that we limit how we use your personal data.

    Right to Object

    You can object to the processing of your personal data in certain situations.

    How We Process Your Data

    Data Category
    Personal Data
    Purpose
    Retention Period
    Account Information
    Name, email address, password, profile information
    Account creation and management, authentication
    Until account deletion
    Expense Data
    Expense details, amounts, categories, receipts, group information
    Core service functionality, expense tracking and splitting
    Until account deletion or 7 years for tax purposes
    Usage Analytics
    App usage patterns, feature interactions, performance data
    Service improvement, bug fixes, user experience optimization
    2 years
    Technical Data
    IP address, device information, browser type, cookies
    Security, fraud prevention, service delivery
    1 year

    Legal Basis for Processing

    Contract Performance

    We process your data to provide our expense management services as outlined in our Terms of Service.

    Legitimate Interest

    We process data for security, fraud prevention, and service improvement where it doesn't override your rights.

    Consent

    For optional features like marketing communications, we rely on your explicit consent.

    Legal Obligation

    We may process data to comply with legal requirements, such as tax regulations.

    Exercise Your Rights

    To exercise any of your GDPR rights, contact our Data Protection Officer at privacy@xpensepal.com

    We will respond to your request within 30 days. For complex requests, we may extend this period by up to 60 days.