Privacy Policy

1. Introduction and Scope

Welcome to Eloope Expense. This Privacy Policy explains how Eloope LLC collects, uses, discloses, and protects your personal information when you use our expense management application, website, and related services (collectively, the "Service").

This Privacy Policy applies to our web application at https://app.expense.eloope.com, our APIs and developer tools, and all integrations with third-party services.

By using the Service, you agree to be bound by this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

When you create an account, we collect your name, email address, and password (which is encrypted). You may also provide your phone number, profile photograph, job title, department, and organization name to complete your profile.

As you use our expense management features, we collect expense reports and receipts, transaction amounts, dates, and merchant names, as well as mileage and travel data. We also store your currency preferences and, if you choose to receive reimbursements through our platform, your bank account information.

You may upload receipt images in formats such as JPEG, PNG, WebP, or PDF, along with supporting documentation and attachments. We also collect information from your communications with us, including customer support inquiries, feedback, and email correspondence.

2.2 Information Collected Automatically

When you use the Service, we automatically collect technical information such as your IP address, device type, and browser type. We also gather usage data including the pages you access, time spent on the Service, and any error logs or crash reports. Your approximate location may be determined based on your IP address, and with your explicit consent, we may collect precise GPS location data for mileage tracking purposes.

2.3 Information from Third Parties

If you choose to sign in using authentication providers such as Google or Microsoft, we receive basic profile information from these services. When you connect business applications like accounting software or cloud storage, we may receive data from those connected services as described in Section 4.

3. How We Use Your Information

3.1 Providing the Service

We use your information to process and manage expense reports, perform OCR scanning and data extraction from receipts, generate reports and analytics, facilitate approval workflows, process reimbursements, and provide customer support.

3.2 Communication

We send transactional emails related to receipts, approvals, and notifications. With your consent, we may also send push notifications, service announcements and updates, and marketing communications.

3.3 Security and Compliance

We use your information to protect against fraud and unauthorized access, comply with legal obligations, and enforce our Terms of Service.

4. Third-Party Integrations

4.1 Integration Data Access

When you connect third-party integrations, we access only the data necessary to provide the integration features you've requested. For accounting software integrations, this may include your chart of accounts, vendor lists, invoices, and tax codes. For cloud storage services, we access only the files you explicitly select along with their metadata. Communication platform integrations may access your user profile, workspace information, and channel lists. Calendar service integrations may access your events and travel itineraries to help correlate expenses with business activities.

4.2 Data Handling

We request only the minimum necessary permissions for each integration, and all integration credentials are encrypted at rest. We do not sell data obtained through integrations. You can disconnect any integration at any time through your account settings.

4.3 Third-Party Policies

Each third-party integration is governed by its own privacy policy. We encourage you to review the privacy policies of any services you connect. We are not responsible for the privacy practices of third-party services.

5. Data Sharing and Disclosure

5.1 Within Your Organization

We share your expense data with administrators, managers, approvers, and finance team members as configured in your organization settings. This sharing is necessary to facilitate the expense approval and reimbursement workflow.

5.2 Service Providers

We share data with trusted service providers who assist us in operating the Service. These include cloud hosting providers such as Supabase and Vercel, payment processors such as Stripe, email delivery services such as Resend, and providers of OCR and AI processing capabilities. All service providers are bound by contractual obligations to protect your data and use it only for specified purposes.

5.3 Legal Requirements

We may disclose your information when required to comply with applicable laws or legal processes, respond to lawful government requests, or protect our rights, safety, or property.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your personal information.

5.5 Aggregated Data

We may share anonymized, aggregated data that cannot reasonably be used to identify you for research and analytics purposes.

6. Data Retention

We retain your account data for the duration of your account plus seven years to comply with legal and tax requirements. Expense records are retained for seven years from creation to meet tax compliance obligations. Customer support logs are retained for three years, and technical logs are retained for one year.

Upon account deletion, your personal data is deleted within 30 days and backup copies are purged within 90 days. Data required for legal compliance is retained as mandated by applicable law.

7. Data Security

We implement industry-standard security measures to protect your data. All data in transit is protected with TLS encryption, and data at rest is encrypted using AES-256 encryption. Credentials are securely stored using bcrypt hashing. We maintain access controls based on the principle of least privilege and have incident response procedures in place.

In the event of a data breach affecting your personal information, we will notify affected users within 72 hours and notify relevant authorities as required by law.

We are based in the United States. Your data may be transferred to and processed in countries other than your own, and we implement appropriate safeguards for such transfers.

8. Your Rights and Choices

You have the right to access your personal information and receive a copy of your data in portable formats such as JSON or CSV. You may correct any inaccurate information and request deletion of your data, subject to legal retention requirements. You can also restrict or object to processing, withdraw consent at any time, and opt out of marketing communications.

To exercise your rights, you can use the settings within your account or contact us at privacy@eloope.com. We respond to verified requests within 30 days.

We comply with applicable privacy laws in your jurisdiction. If you have specific rights under CCPA, GDPR, or other privacy regulations, please contact us at privacy@eloope.com to exercise those rights.

9. Cookies and Tracking Technologies

We use essential cookies that are required for authentication and security features. These cookies cannot be disabled as they are necessary for the Service to function properly. We also use functional cookies to remember your preferences and settings, and analytics cookies to understand usage patterns and improve the Service.

You can manage cookies through your browser settings or our cookie consent banner. We honor Do Not Track signals where technically feasible.

10. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we learn that we have collected such information, we will take steps to delete it promptly. If you believe we have collected information from a child under 16, please contact us at privacy@eloope.com.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and notify you via email or in-app notification.

Your continued use of the Service after changes become effective constitutes acceptance of the revised Privacy Policy.

12. Contact Information

For questions, concerns, or requests regarding this Privacy Policy, please contact us: