Last updated: February 19, 2026
This privacy policy applies to Expensent (www.expensent.com), an automated invoice forwarding service that helps users send invoice emails from their inbox to their accountant.
Our Privacy Commitment
We take your privacy seriously. Expensent uses a three-phase, progressive-narrowing approach to find invoices in your inbox. This means we minimize data access at every step:
- Metadata fetch: We request only email metadata (sender, subject, date, and attachment info) from your inbox via Nylas—no email bodies are downloaded at this stage
- AI prefilter on metadata only: An AI model reviews only the metadata to determine which emails look like invoices. The vast majority of emails are discarded here without their content ever being read
- Deep analysis for invoice candidates only: Only the small percentage of emails that appear to be invoices have their body text and attachments (PDF, JPG, PNG) analyzed by AI for classification and data extraction
We use OAuth authentication, meaning we never see or store your email password.
Google User Data Disclosure
Expensent accesses Google user data through Nylas, a third-party email API provider. When you connect your Google account, you authorize Nylas to access your inbox on our behalf. This section addresses how data flows through our system.
How Email Access Works (Privacy-First Architecture)
- Phase 1 — Metadata-only fetch: When you scan for invoices, we request email metadata (sender, subject, date, and attachment filenames) from your inbox via Nylas for the date range you selected. No email bodies or attachment contents are downloaded at this stage
- Phase 2 — AI prefilter (metadata only): An AI model reviews only the metadata (sender, subject, attachment info) to identify which emails are likely invoices. The vast majority of emails—including all personal emails—are discarded at this step without their content ever being accessed
- Phase 3 — Classification (invoice candidates only): Only the small number of emails that pass the prefilter have their body text and attachments (PDF, JPG, PNG) analyzed by AI for invoice classification and data extraction. This processing is ephemeral—body text and attachments are not stored after processing
- We store matched metadata: We store sender, subject, date, and attachment info for emails identified as invoices. Email body text is not retained
What Data We Receive and Store
Key privacy benefit: Our progressive-narrowing approach means the vast majority of your emails are only ever seen as metadata (sender, subject, date) during the prefilter step. Email bodies and attachments are only accessed for the small percentage of emails that appear to be invoices.
- Profile information: Your email address and name for account identification
- Email metadata (prefilter phase): Sender, subject, date, and attachment filenames are temporarily processed for all emails in the scanned date range to identify invoice candidates. This metadata is not stored for non-invoice emails
- Invoice email content (classification phase): For emails identified as likely invoices, body text and attachments (PDF, JPG, PNG) are processed ephemerally by AI for classification and extraction. Body text is not retained after processing
- Invoice metadata (stored): Sender, subject, date, and attachment info for emails confirmed as invoices are stored for forwarding history and duplicate prevention
- Invoice attachments: PDFs and images from invoice emails, forwarded to your accountant
Prohibited Uses of Google User Data
Expensent does NOT use Google user data for any of the following purposes:
- Targeted advertising or user advertisements
- Personalized, retargeted, or interest-based advertisements
- Selling data to third parties or data brokers
- Providing data to information resellers
- Determining credit-worthiness or for lending purposes
- Training artificial intelligence or machine learning models
- Any purpose other than providing Expensent's invoice forwarding features
We use AI services for real-time classification and extraction only. Your data is processed ephemerally and is never used to train, fine-tune, or improve AI models.
Google API Services User Data Policy Compliance
Expensent's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
1. Information We Collect and Store
We collect and store the following types of data:
- Account Information: Email address, name (if provided), and profile settings
- Invoice Email Metadata (invoice candidates only): For emails identified as invoices by our AI, we store: sender address, subject line, date, and attachment information
- Accountant Details: The email address(es) you configure as invoice recipients
- Vendor Preferences: Which vendors you've enabled or disabled for invoice detection, including email addresses and keywords to match
- Email Integration Data: OAuth tokens and connection status for each linked email account
- Payment Information: Processed securely by Stripe; we do not store your credit card details
- Usage Data: How you interact with the service, forwarding history, and error logs
2. Information We Never Store or Retain
Our privacy-first architecture uses progressive narrowing—most data is processed ephemerally and never stored. We never store or retain:
- Non-invoice email metadata: Metadata for emails that don't pass the AI prefilter is discarded immediately—it is never stored in our database
- Email body text: Body content is only accessed for invoice candidates during classification and is processed ephemerally—it is not stored after analysis
- Contact lists or calendars: We only access the messages endpoint, not other account data
- Your email password: OAuth tokens are managed by Nylas—we never see your credentials
- Drafts or sent mail: We only process received emails, not your drafts or sent folder
Note: During the prefilter phase, email metadata (sender, subject, date, attachment info) is temporarily processed in memory for all emails in the scanned date range. This is necessary to identify which emails are invoices. This metadata is not stored for emails that are not invoices.
3. How We Use Your Information
We use your information solely to provide and improve the Expensent service:
- To identify and forward invoice emails to your accountant
- To authenticate your identity and maintain your account
- To process payments and manage subscriptions
- To send service-related communications (never marketing without consent)
- To provide customer support
- To comply with legal obligations and protect against fraud
We do not use your data for advertising, selling to third parties, or any purpose other than providing or improving the Expensent service.
Legal Basis for Processing (GDPR)
We process your personal data under the following legal bases:
- Contractual necessity (Art. 6(1)(b)): Account management, invoice detection and forwarding, payment processing
- Legitimate interest (Art. 6(1)(f)): Service communications, fraud prevention, service improvement
- Legal obligation (Art. 6(1)(c)): Tax and billing record retention, law enforcement cooperation
4. Data Sharing and Third-Party Services
Expensent uses the following trusted third-party services:
The services listed above act as data sub-processors. A current list is available upon request at hello@expensent.com.
Regarding Google User Data Specifically:
- We do NOT sell, trade, or transfer Google user data to any third parties
- We do NOT share Google user data with advertising platforms, data brokers, or information resellers
- Invoice attachments are forwarded only to the accountant email address(es) you have explicitly configured
- We share data with the service providers listed above strictly for operating the invoice forwarding service
5. Data Protection and Security
We implement robust security measures to protect your data:
- Encryption in Transit: All data is transmitted using TLS 1.3 encryption
- Encryption at Rest: Stored data is encrypted using AES-256
- OAuth Security: We use OAuth 2.0 authentication—we never see or store your email password
- Infrastructure: Hosted on enterprise-grade platforms (Convex, Vercel) that maintain SOC 2 Type II compliance
- Access Control: Strict internal access policies with audit logging
6. Data Retention and Deletion
Expensent retains your data only as long as necessary to provide the service:
- Account data: Retained for the duration of your active subscription
- Invoice email metadata: Retained to maintain forwarding history and prevent duplicate forwards
- OAuth tokens: Retained while your email account is connected; deleted when you disconnect or delete your account
- Invoice attachments: Not stored permanently—attachments from scanned emails are fetched from your email provider, forwarded to your accountant, and not retained. User-uploaded files (e.g., for manual invoice reminders) are temporarily stored in encrypted cloud storage and automatically deleted after forwarding
Data Deletion and Account Removal:
- You may request deletion of all your data at any time by contacting us
- Upon account deletion, all your data (including any Google user data) is permanently removed within 30 days
- You can revoke Expensent's access to your Google account at any time through your Google Account permissions
- Some data may be retained longer if required by law (e.g., billing records for tax compliance)
To request data deletion, contact us at hello@expensent.com.
7. Your Rights
Depending on your location, you may have the right to:
- Access and receive a copy of your personal data
- Correct inaccurate data
- Request deletion of your data
- Object to or restrict certain processing
- Data portability (receive data in a machine-readable format)
- Withdraw consent where applicable
To exercise these rights, contact us at hello@expensent.com
8. Cookies
We use only essential cookies required for the service to function:
- Authentication cookies: To keep you logged in securely
- Session cookies: To maintain your preferences during a session
- Security cookies: To prevent CSRF attacks and protect your account
We do NOT use advertising pixels or any cookies for targeted advertising. We do not track you across other websites.
Analytics (Privacy-Respecting)
We use PostHog (EU-hosted) for product analytics and Vercel Analytics for page performance. PostHog uses a first-party cookie and localStorage to maintain your session—it respects Do Not Track (DNT) browser settings, masks all input fields in session recordings, and does not track you across other sites. Vercel Analytics is cookieless and privacy-friendly. Neither service is used for advertising.
9. Children's Privacy
Expensent is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will delete that information promptly.
10. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of any material changes by email and/or by posting a notice on our website. Your continued use of the service after changes become effective constitutes acceptance of the updated policy. We encourage you to review this policy periodically.
Contact Us
If you have any questions about this privacy policy, how Expensent handles your data (including Google user data), or our data practices, please contact us: