PRIVACY POLICY

Last updated: May 17, 2026

This service is operated by Xpensy Technologies.

1. Information We Collect

We collect information that you provide directly to us, including:

  • Account information (name, email, phone number) — provided directly or via Google Sign-In, which also shares your profile picture
  • Expense data you enter via WhatsApp or our platform
  • Billing information for premium features — we only store transaction IDs and payment status; card details are never received by us
  • Communication data when you contact us

2. How We Use Your Information

We use the collected information to:

  • Provide and maintain our expense tracking service
  • Process your expense data using AI
  • Send you service-related notifications
  • Improve and personalize your experience
  • Ensure security and prevent fraud

3. Data Security

We take the security of your personal information seriously and implement industry-standard security measures to protect your data:

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using HTTPS/TLS with HTTP Strict Transport Security (HSTS) enforced.
  • Encryption at Rest: Your data is encrypted at rest using AES-256 at the infrastructure level.
  • Password Hashing: Passwords and one-time passwords (OTPs) are cryptographically hashed — they are never stored in a recoverable form and cannot be read by anyone, including our team.
  • Session Token Security: Authentication session tokens are hashed using SHA-256 before being stored in our database. Even if our database were compromised, these tokens cannot be used to access your account.
  • Payment Card Data: We never store your credit or debit card details. All payment processing is handled by Razorpay, which is PCI-DSS compliant. We only store transaction IDs and payment status.
  • Access Controls: Our database is not publicly accessible. Access is restricted to application servers within a private network.
  • Sensitive Data Redaction: Passwords, tokens, and OTPs are automatically redacted from all application logs.

We do not sell or share your personal information with third parties for their marketing purposes. Your financial data is never shared with WhatsApp, Meta, or any advertising networks.

4. WhatsApp Integration

Our service integrates with WhatsApp to provide expense tracking functionality. We only access messages you send to our designated WhatsApp number. We do not access other WhatsApp conversations or contacts.

5. Data Retention and Deletion

We retain your information for as long as your account is active or as needed to provide services.

Account Deletion: You can request deletion of your account and all associated data at any time through your account settings or by visiting our Data Deletion page. We provide a 30-day grace period before permanent deletion. For questions, contact support@xpensy.in.

6. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data
  • Opt-out of marketing communications

7. Third-Party Services

We use third-party services including but not limited to:

  • WhatsApp Business API (Meta) — for messaging and expense tracking via WhatsApp
  • Google OAuth & Gemini AI — for sign-in and AI-powered natural language expense parsing
  • Razorpay — for payment processing (PCI-DSS compliant; card data never reaches our servers)
  • Cloud Database Provider — for secure database hosting with AES-256 encryption at rest

8. Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

9. Contact Us

If you have any questions about this Privacy Policy, please contact us:

Xpensy Technologies

Email: support@xpensy.in

Location: India