We believe transparency is the foundation of trust. This policy explains exactly what data we collect, how we use it, and the rights you have over it.
We collect information you provide directly and data generated as you use ExpenseAI. This data is essential to deliver our AI-powered financial tracking features.
Minimal Data Principle
Account Information
Financial Data
Device & Usage Data
We may also collect data from third-party services (e.g., Google Sign-In) with your explicit authorization. You can review and manage this data at any time from your profile settings.
Your data powers the core features of ExpenseAI. We use it for the following clearly-defined purposes:
Service Operation
Process transactions, sync data, and provide your personalized expense dashboard.
AI-Powered Insights
Analyse spending patterns to generate smart budget recommendations and financial insights.
Notifications & Alerts
Send budget alerts, spending limit warnings, and account security notifications.
Analytics & Improvement
Aggregate anonymised usage stats to improve features and fix bugs.
Security & Fraud Prevention
Monitor for suspicious activity, detect unauthorized access, and protect your account.
Communications
Send product updates, feature announcements, and support responses (opt-out available).
No Selling, Ever
We do not share your personal information except in the limited circumstances described below. All sharing is governed by strict data processing agreements.
Service Providers
We share data with trusted vendors who help us operate ExpenseAI — cloud hosting (e.g., AWS/Vercel), email delivery, and analytics. These providers are contractually bound to use your data only for the services they provide to us.
Legal Requirements
We may disclose your information when required by law, court order, or governmental authority, or when necessary to protect the rights, property, or safety of ExpenseAI, our users, or the public.
Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the business. We will notify you before your data is subject to a different privacy policy.
With Your Consent
We may share your data with third parties when you explicitly authorise us to do so — for example, when you use a third-party integration or share a folder report via public link.
We Never Share With
We retain your data only as long as necessary to provide services and comply with legal obligations. The retention periods below apply after account deletion unless otherwise stated.
Account Deletion
We may retain certain data longer if required by applicable law (e.g., the Information Technology Act, 2000 and its amendments) or to resolve pending disputes.
You have full control over your personal data. These rights are available to all ExpenseAI users regardless of location.
Access
Request a copy of all personal data we hold about you in a portable format.
Download from Profile → Settings → Export Data
Correction
Update or correct any inaccurate personal information we hold.
Edit in Profile → Personal Information
Deletion
Request complete deletion of your account and associated personal data.
Profile → Account Management → Delete Account
Portability
Export your financial data in CSV or JSON format at any time.
Dashboard → Export → Choose Format
Opt-Out
Unsubscribe from marketing emails and disable non-essential notifications.
Profile → Notifications → Preferences
Withdraw Consent
Withdraw consent for data processing where consent was the legal basis.
Contact us at support@expenseai.in
Response Time
If you are located in the European Economic Area (EEA), you also have the right to lodge a complaint with your local data protection authority. For Indian users, rights are governed under the Digital Personal Data Protection Act, 2023.
We implement enterprise-grade security to keep your financial data safe. However, no system is 100% immune — we encourage you to use a strong password and enable all security features in your account.
AES-256 Encryption
All financial data is encrypted at rest using AES-256, the same standard used by banks.
TLS 1.3 in Transit
All data transmitted between your device and our servers is protected via TLS 1.3.
Multi-Device Session Control
Monitor all active sessions and remotely revoke access from any device at any time.
Anomaly Detection
Real-time monitoring detects suspicious logins or unusual activity and alerts you instantly.
Secure Password Hashing
Passwords are hashed using bcrypt with per-user salts — we never store plain-text passwords.
Regular Security Audits
We conduct periodic security reviews and vulnerability assessments to proactively address threats.
Report a Vulnerability
Have questions about this Privacy Policy or how we handle your data? We are here to help. Reach out through the appropriate channel below.
Privacy Requests
support@expenseai.in
Data access, deletion, portability, or consent withdrawal requests.
Security Issues
support@expenseai.in
Vulnerability disclosures, suspicious activity reports, or account compromise.
General Support
support@expenseai.in
Account issues, billing questions, and general product inquiries.
Prefer a contact form?
Use our website contact form for general privacy inquiries.
Registered Address: ExpenseAI, India. This Privacy Policy is effective as of April 12, 2026 and supersedes all prior versions. We reserve the right to update this policy — changes will be notified via email or an in-app banner.
© 2026 ExpenseAI. All rights reserved.