Privacy Policy

1. Permissions We Require

ExpenseBot requires the following permissions from your Google Account to function effectively:
Gmail (Read and Modify): These permissions are completely optional and are only requested when you explicitly opt-in by clicking the "Process from Gmail" button. We access only emails that you've tagged with "ExpenseBot" to process receipts and expenses, and apply a "Processed" label to indicate completion. We use three specific Gmail scopes:

  • gmail.readonly: To read the emails you've tagged with "ExpenseBot"
  • gmail.labels: To create and manage the "ExpenseBot" and "Processed" labels
  • gmail.modify: To apply the "Processed" label after processing

Google Photos (Read and Add): We access your Google Photos to scan for receipts using AI and can save receipt photos you upload directly to your Google Photos library for easier organization.
Google Drive (Limited Access): We create and manage a folder for receipt photos and a Google Sheets spreadsheet to help organize your expenses.

2. Gmail API Integration

ExpenseBot uses Gmail API integration to:

  • Read emails that you've specifically tagged with "ExpenseBot" to identify receipts and expenses
  • Apply a "Processed" label to emails after they've been analyzed to help you track what's been processed
  • Extract expense information from your email content and attachments

Important Privacy Considerations:
  • Gmail integration is completely optional and permissions are only requested when you explicitly click the "Process from Gmail" button
  • We never permanently store your email content on our servers
  • We only access the emails you explicitly tag for processing, not your entire inbox
  • Email content is processed transiently and then immediately deleted
  • All extracted expense data is stored exclusively in your own Google Sheets and Google Drive

Limited Use Statement: The use of information received from Gmail APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. This means we only use your Gmail data to provide you with the ExpenseBot service, and we don't use this data for advertising purposes, sell it to third parties, or use it for any purpose other than providing our service to you.

3. Financial Account Integration (Plaid)

ExpenseBot uses Plaid to securely connect to your financial accounts for automated expense tracking:

  • Access your transaction history to automatically identify and categorize expenses
  • Retrieve account balances and basic account information
  • Sync new transactions as they occur

Important Privacy Considerations:
  • Bank account connection is completely optional
  • We use Plaid's secure infrastructure to connect to your financial institutions
  • We never store your banking credentials - they are securely handled by Plaid
  • We only access transaction data relevant to expense tracking
  • You can disconnect your financial accounts at any time through your account settings

Data Processing: By connecting your financial accounts, you authorize us to retrieve and process your financial data through Plaid in accordance with Plaid's End User Privacy Policy. We use this data solely to provide expense tracking and management services.

Security: Your financial data is transmitted using bank-level encryption and is processed in accordance with industry security standards. Access tokens are stored securely and are never exposed in client-side code.

4. How We Use Your Data

We use your data solely to provide our service. Our AI processes your receipt photos to extract information. Receipt images are temporarily uploaded to our servers for processing, after which they are immediately deleted. All photos and spreadsheets remain securely stored in your Google Drive under your control.

Email Data: Gmail integration is completely optional. We only process emails when you explicitly click the "Process from Gmail" button, and we only access emails you've tagged with "ExpenseBot". We do not process your emails automatically. Email content is processed only when you request it, and we do not permanently store email content.

Financial Data: When you connect your bank accounts, we use the transaction data to automatically identify expenses, categorize them, and sync them with your expense tracking spreadsheet. We only store minimal transaction metadata necessary to prevent duplicate processing and maintain sync status. Your full transaction details are stored in your Google Sheets, under your control.

5. Data Storage and Security

ExpenseBot does not store your photos or expense data on our servers permanently. Your photos and Google Sheets spreadsheet remain securely stored in your Google Drive, where you have full control. We ensure secure, encrypted transmission of your data during processing.

Email Data: We do not permanently store email content on our servers. We only store minimal metadata about processed emails (such as reference IDs) to prevent duplicate processing. Email content is processed transiently and then immediately deleted after processing is complete.

6. Information We Collect

ExpenseBot collects and stores minimal information necessary to provide and improve our service. Specifically, we store:

  • Your name, email address, and profile image link from your Google account.
  • The ID of the Google Sheets spreadsheet we create for you to organize your expenses.
  • The ID of the Google Drive folder we create to store your receipt photos.
  • Reference IDs for processed emails to prevent duplicate processing.
  • Authentication tokens to enable secure interaction with your Google account.
  • Plaid access tokens to maintain connection to your financial accounts (stored securely and encrypted).
  • Minimal transaction metadata (IDs and sync status) to prevent duplicate processing.
  • Your Stripe subscription ID and customer ID (if applicable), for managing subscriptions.

We do not store any photos, expense information, or details of your receipts. These are stored securely in your Google Drive under your control. Similarly, your full transaction details from connected bank accounts are stored in your Google Sheets, not on our servers.

7. Data Sharing, Disclosure, and Transfer

We do not share or sell your personal information to third parties for marketing purposes. However, we may share or disclose your data under the following circumstances:
With Google Services: We share data only with Google services (such as Gmail, Google Photos, Google Drive, Google Gemini, and Google Vision) as part of the functionality of the ExpenseBot service.
For Legal Reasons: We may share your information to comply with legal obligations, such as in response to a legal request or to enforce our legal rights.
Business Transfers: If ExpenseBot is involved in a merger, acquisition, or sale of assets, the minimal data we collect (such as your email, profile information, and subscription data) may be transferred as part of that transaction to ensure continuity of service. In such cases, we will obtain your explicit consent before transferring any Gmail data.

8. Data Deletion and Reset

You can reset your account at any time. This will delete all data created by ExpenseBot in your Google Drive, including photos and spreadsheets, while preserving your trial or subscription status. This allows you to start over without losing your account status.

Email Data: Since we never permanently store email content on our servers, there is no email data to delete. We maintain minimal metadata about processed emails for up to 30 days to prevent duplicate processing.

Gmail Authorization Revocation: You can revoke ExpenseBot's access to your Gmail account at any time through your Google Account settings. Gmail integration is completely optional, and we only process your emails when you explicitly request it by clicking the "Process from Gmail" button.

9. Third-Party Services

ExpenseBot integrates with third-party services like Gmail, Google Photos, Google Drive, which are governed by their own privacy policies. We also use Google Vision and Google Gemini to analyze and process receipt photos as part of our service.

10. Google Workspace API Compliance

ExpenseBot does not use data obtained from Google Workspace APIs to develop, improve, or train generalized AI or machine-learning models. All data from Google Workspace APIs, including Gmail, Google Photos and Google Drive, is used solely to provide and support our service to you. We fully comply with Google's "Limitation on User Data Transfer" policy, which prohibits the use of Workspace user data to train non-personalized AI or ML models.

Our use of Gmail API services adheres to the Google API Services User Data Policy, including the Limited Use requirements. We request only the minimum necessary Gmail API scopes required to provide our service functionality.

11. Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the effective date. You are advised to review this Privacy Policy periodically for any changes.

12. Contact Information

If you have any questions or concerns about this privacy policy, please contact us at info@expensebot.ai.

13. Effective Date

This Privacy Policy is effective as of May 12, 2025.