Expansas Financial

Introduction

Expansas LLC ("Expansas," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Expansas Financial platform and services (the "Service").

As a financial services platform, we comply with applicable privacy laws including the California Consumer Privacy Act (CCPA), the Gramm-Leach-Bliley Act (GLBA), and other state privacy regulations.

Geographic Scope: The Service is currently available only to users in the United States.

Quick Summary

What we collect: Name, email, company info, financial transactions, documents you upload
Why we collect it: To provide our financial management services
Who we share with: Service providers (Google Cloud, Plaid, Anthropic) - never sold
Your rights: Access, delete, correct your data; opt out of certain uses
Security: Bank-grade encryption, SOC 2 controls, secure infrastructure
Contact: [email protected]

1. Information We Collect

1.1 Information You Provide

Account Information: Name, email address, password, phone number (optional)
Business Information: Company name, business type, EIN (optional), address
Payment Information: Credit card or payment details (processed by Stripe)
Documents: Bank statements, invoices, receipts, and other financial documents you upload
Communications: Support requests, feedback, and correspondence with us

1.2 Information from Connected Services

Bank Data (via Plaid): Account balances, transaction history, account holder name, account and routing numbers (masked)
Accounting Software (if connected): Chart of accounts, existing transactions, vendors, customers

1.3 Automatically Collected Information

Device Information: Browser type, operating system, device identifiers
Usage Data: Pages visited, features used, actions taken, timestamps
Log Data: IP address, access times, error logs
Cookies: Session cookies, preference cookies, analytics cookies

1.4 AI Chat Data

If you use our AI Chat feature, we collect your chat messages and the AI responses to provide the service and improve accuracy.

2. How We Use Your Information

We use your information to:

Provide and maintain the Service
Process and categorize your financial transactions
Generate reports and financial insights
Sync data with connected bank accounts
Power AI-assisted categorization and chat features
Process payments and manage subscriptions
Send service notifications and updates
Provide customer support
Detect and prevent fraud or abuse
Comply with legal obligations
Improve and develop new features

3. How We Share Your Information

We do NOT sell your personal information. We never have and never will.

We share your information only with the following categories of recipients:

3.1 Service Providers

Google Cloud Platform

Purpose: Cloud infrastructure, data storage, computing
Data Shared: All application data (encrypted at rest and in transit)
Location: United States data centers
Privacy Policy: cloud.google.com/privacy

Firebase (Google)

Purpose: User authentication
Data Shared: Email, encrypted credentials, authentication tokens
Privacy Policy: firebase.google.com/support/privacy

Plaid Technologies, Inc.

Purpose: Bank account connections and transaction sync
Data Shared: Your bank login credentials are shared directly with Plaid (not stored by us). We receive account balances and transactions.
Privacy Policy: plaid.com/legal
Note: You can revoke Plaid access anytime in account settings.

Anthropic (Claude AI via Google Vertex AI)

Purpose: AI chat assistant, transaction analysis
Data Shared: Chat messages, transaction data for AI analysis
Data Retention: Processed within Google's HIPAA-compliant infrastructure
Training: Your data is NOT used to train AI models
Privacy Policy: anthropic.com/privacy

Stripe

Purpose: Payment processing
Data Shared: Payment card information, billing address
Note: We do not store your full credit card number
Privacy Policy: stripe.com/privacy

3.2 With Your Consent

When you connect integrations like QuickBooks or NetSuite, you authorize us to share data with those services as needed for the integration.

3.3 Legal Requirements

We may disclose information if required by law, court order, or government request, or to protect our rights, safety, or property.

3.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

4. Data Security

We implement robust security measures to protect your data:

Encryption at Rest: AES-256 encryption for all stored data
Encryption in Transit: TLS 1.3 for all data transmission
Access Controls: Role-based access with principle of least privilege
Authentication: Multi-factor authentication available
Monitoring: Continuous security monitoring and logging
Auditing: Regular security assessments and penetration testing
Infrastructure: SOC 2 compliant cloud infrastructure (Google Cloud)

While we strive to protect your information, no method of transmission or storage is 100% secure. Please notify us immediately at [email protected] if you suspect any security issues.

5. Data Retention

We retain your information for as long as necessary to provide the Service and comply with legal obligations:

Active Account Data: Duration of your account plus 2 years
Financial Records: 7 years (for tax and audit purposes)
Audit Logs: 1-3 years depending on log type
Support Communications: 3 years
AI Chat History: 1 year (you can delete anytime)

Upon account deletion, we will delete or anonymize your data within 90 days, except where retention is required by law.

6. Your Privacy Rights

Depending on your location, you may have the following rights:

6.1 All Users

Access: Request a copy of your personal information
Correction: Request correction of inaccurate information
Deletion: Request deletion of your personal information
Data Export: Export your data in standard formats
Opt-Out: Opt out of marketing communications

6.2 California Residents (CCPA Rights)

Right to Know: What personal information we collect, use, and share
Right to Delete: Request deletion of your personal information
Right to Correct: Request correction of inaccurate information
Right to Opt-Out of Sale: We do not sell personal information
Right to Non-Discrimination: We will not discriminate against you for exercising your rights

6.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: [email protected]
Account Settings: Use the data export and deletion features in your settings

We will respond to requests within 30 days (up to 45 days for complex requests). We may need to verify your identity before processing requests.

7. Cookies and Tracking

We use cookies and similar technologies for:

Essential Cookies: Authentication, security, session management (required)
Functional Cookies: Remember your preferences and settings
Analytics Cookies: Understand how you use the Service to improve it

We do not use advertising or tracking cookies. You can manage cookie preferences in your browser settings. Disabling essential cookies may affect Service functionality.

8. AI and Automated Processing

Our Service uses artificial intelligence for:

Automatic transaction categorization
Financial insights and spending analysis
Chat assistant for financial questions
Anomaly and fraud detection

Your AI Rights

You can request human review of any AI categorization
You can disable AI auto-categorization in settings
You can delete your AI chat history
Your data is NOT used to train AI models

AI Limitations

AI suggestions are not guaranteed to be accurate. Always review AI-generated categorizations and consult professionals for financial, tax, or legal advice.

9. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately at [email protected] and we will delete that information.

10. Data Breach Notification

In the event of a data breach affecting your personal information, we will:

Notify affected users within 30 days (or sooner as required by law)
Provide details about the breach and data involved
Explain steps we are taking to address the breach
Offer guidance on protecting yourself
Report to relevant authorities as required

11. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and/or by posting a notice on the Service at least 30 days before changes take effect. The "Last Updated" date at the top indicates when the policy was last revised.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Expansas LLC

Privacy Inquiries: [email protected]

Security Issues: [email protected]

General Support: [email protected]

California Privacy Rights Summary (CCPA)

This section provides additional disclosures required by the California Consumer Privacy Act:

Categories of Personal Information Collected

Identifiers (name, email, account name)
Financial information (bank transactions, payment data)
Commercial information (transaction history)
Internet/network activity (usage data, logs)
Geolocation data (IP-based location)
Inferences (AI-generated categorizations)

Business/Commercial Purpose

To provide financial management services, process transactions, prevent fraud, and improve our Service.

Sale of Personal Information

We do NOT sell personal information and have not sold personal information in the preceding 12 months.