Expense Pro LogoExpense Pro

Privacy Policy

Last Updated: May 12, 2025

Welcome to Expense Pro! Your privacy is critically important to us. This Privacy Policy document outlines the types of personal information that is received and collected by Expense Pro and how it is used.

1. Information We Collect

a. Account Information: When you register for an account, we collect information such as your name, email address, and password (stored securely hashed). You may optionally provide a profile picture.

b. Financial Data: You provide financial data including account names, balances, transaction details (description, amount, category, date), budget information, savings goals, investment details, and debt information. This data is essential for the functionality of the application.

c. AI API Keys: If you choose to use the AI Assistant feature, you may provide your own API key (e.g., for Google AI). We store this key securely encrypted using AES-GCM encryption and only decrypt it on the server when needed to process your AI requests. We do not have access to the raw key after it's encrypted.

d. Usage Data: We may collect information on how the Service is accessed and used ("Usage Data"). This UsageData may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

2. How We Use Your Information

We use the collected data for various purposes:

  • To provide and maintain our Service
  • To notify you about changes to our Service
  • To allow you to participate in interactive features of our Service when you choose to do so
  • To provide customer support
  • To gather analysis or valuable information so that we can improve our Service
  • To monitor the usage of our Service
  • To detect, prevent and address technical issues
  • To process your financial data as per the application's functionality (e.g., calculating balances, generating reports).
  • If you provide an AI API Key, to use that key to interact with the respective AI provider on your behalf for the AI Assistant feature.

3. Data Security

The security of your data is important to us. We use industry-standard practices to protect your information, including password hashing (bcrypt) for authentication credentials and AES-GCM encryption for sensitive data like AI API keys. JWTs are used for session management. However, remember that no method of transmission over the Internet or method of electronic storage is 100% secure.

4. Data Sharing and Disclosure

Expense Pro will not rent or sell potentially personally-identifying and personally-identifying information to anyone. We may disclose your Personal Information only in the following circumstances:

  • With Your Consent: For example, when you share an account with another user.
  • Service Providers: We may employ third-party companies and individuals to facilitate our Service, provide the Service on our behalf, or perform Service-related services. These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. (e.g., email provider for notifications).
  • For Legal Requirements: If required to do so by law or in response to valid requests by public authorities.
  • AI Providers: If you use the AI Assistant, your prompts and relevant (anonymized where possible) context data will be sent to the AI provider (e.g., Google AI) using your provided API key. Their use of this data is governed by their respective privacy policies.

5. User Rights

You have the right to access, update, or delete your personal information. You can manage your account information through your profile settings. For deletion of your entire account and associated data, please contact us.

6. Cookies

We use cookies for session management and to ensure the proper functioning of our application. Our primary use of cookies is for authentication (e.g., storing your JWT in an HttpOnly cookie).

7. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes.

8. Contact Us

If you have any questions about this Privacy Policy, please contact us through our Contact Support page.