Privacy
Privacy Policy
This policy describes the information ExpeFi collects and how it is used to provide expense tracking, bank sync, exports, billing, and support.
Information we collect
ExpeFi may collect account details such as your email address, authentication identifiers, subscription status, workspace settings, account labels, categories, budgets, bills, cash entries, connected bank metadata, synced transactions, export settings, and support messages. Payment card details are handled by Stripe and are not stored by ExpeFi.
How we use information
We use information to provide the app, protect account access, save finance records, process subscriptions, enable read-only bank sync, generate exports, respond to support requests, improve reliability, prevent abuse, and comply with legal, tax, security, and payment obligations.
Clerk authentication
Clerk handles authentication and may process account identifiers, email addresses, session metadata, device/browser details, verification events, and security logs needed to create and protect your ExpeFi account.
Teller bank data
If you connect bank accounts through Teller, ExpeFi may process institution names, enrollment identifiers, account labels, account type, masked account details, currencies, balances when available, transactions, transaction status, sync timestamps, and encrypted connection credentials needed to show read-only bank activity. ExpeFi does not store bank passwords or full account numbers.
Manual finance data
Manual entries may include cash expenses, cash holdings, account labels, categories, budget amounts, bill names, bill dates, notes, and settings you choose to save. You control the accuracy of this information and can remove or update it inside the app where supported.
Stripe billing data
Stripe processes card details and may provide ExpeFi with customer identifiers, subscription status, invoices, payment status, billing email, and limited payment metadata. ExpeFi uses that information to activate Pro access, show billing status, and support payment questions.
Cloudflare infrastructure
ExpeFi uses Cloudflare for application delivery, security, Workers, D1 persistence, logging, and related infrastructure. Cloudflare may process request metadata such as IP address, user agent, URLs, timing, security events, and operational logs needed to run and protect the service.
Google Sheets add-on data
If you use ExpeFi for Google Sheets, the add-on may process the active spreadsheet name, a hashed spreadsheet identifier, selected sync scope, row counts, sync status, sync timestamps, short-lived connection codes, and add-on access tokens. ExpeFi stores token hashes and sync metadata to authorize one-way manual syncs and troubleshoot failures. The add-on is designed for the current spreadsheet and does not request Drive-wide access.
Currency and market data
ExpeFi may retrieve currency-rate and market-cap data from external data providers to sort, display, and convert supported currencies. These data requests are not intended to include your private transaction descriptions, account numbers, or bank login details.
Service providers and sharing
ExpeFi relies on service providers including Clerk for authentication, Stripe for billing, Teller for read-only bank connections, Cloudflare for hosting and D1 persistence, Google services for Sheets add-on functionality, and infrastructure tools needed to operate the product. We do not sell personal information, and providers process information as needed to support ExpeFi.
Local storage, cookies, and consent
The app uses browser storage for preferences such as theme, selected workspace options, sidebar state, table density, and temporary UI choices. Authentication and payment providers may use cookies or similar technologies to keep sessions secure.
Retention and deletion
We keep account and finance information while your account is active or as needed for security, billing, dispute handling, and legal obligations. To request deletion or export help, contact [email protected].
Security
ExpeFi uses HTTPS, protected routes, server-side access checks, encrypted sync secrets where applicable, and trusted providers for authentication, bank sync, infrastructure, and payments. No internet service can be guaranteed perfectly secure, but we design around reasonable safeguards.
Contact
Questions, deletion requests, export requests, or privacy concerns can be sent to [email protected].Mailing address: 99 WALL ST #884, NEW YORK, NY 10005, USA. This address is for business correspondence. Customer support is fastest by email.