Account Information
When you create an account, we collect your name, email address, and password. This is required to provide and secure your account.
Expense and Receipt Data
You voluntarily provide information about your business expenses, including:
- Vendor name, date, amount, and category for each expense
- Receipt images you upload (stored securely via Cloudflare R2)
- Notes and classification you add to expenses
- Business contacts and payees (including W-9 information such as taxpayer identification numbers)
Mileage and Trip Data
To provide IRS-compliant mileage logs, we collect:
- Start and end GPS coordinates for each trip
- Trip purpose (business, personal, or mixed-use)
- Vehicle information (make, model, year)
- Estimated and actual mileage
GPS location data is collected only for trips you choose to log. We do not track your location continuously or in the background.
Income Data
You provide information about your self-employment income for tax reporting purposes, including income amounts, sources, and withholding information.
W-9 Information
If you manage W-9s for contractors or vendors, we store the taxpayer identification numbers you provide. This data is encrypted at rest using AES-256-GCM encryption.
Technical Data
When you use ProvExpense, we automatically collect: device type, browser type, operating system, IP address, and usage patterns (pages visited, features used, errors encountered). This helps us improve reliability and security.
2. How We Use Your Information
We use the information we collect to:
- Provide and maintain the service, including mileage logging, expense tracking, and report generation
- Generate tax-ready reports (Schedule C, 1099 summaries, quarterly estimates)
- Store and retrieve receipt images securely
- Calculate tax liability estimates, including self-employment tax
- Send transactional emails (account confirmation, password reset, billing receipts)
- Detect and prevent fraud or unauthorized access
- Improve our product through aggregate analytics (no individual data is shared publicly)
3. Data Sharing
We do not sell, rent, or trade your personal information to third parties.
We may share your data in the following limited circumstances:
- Service providers: We use trusted third-party services to operate ProvExpense — specifically, Polsia (infrastructure), Cloudflare R2 (file storage), and Stripe (payment processing). These providers are contractually obligated to protect your data and use it only to provide their services.
- Legal compliance: We may disclose information if required by law, such as in response to a valid subpoena or court order.
- Business transfers: If ProvExpense is acquired or merged, your information may be transferred as part of that transaction. We will notify you via email before this happens.
4. Data Retention
We retain your account data for as long as your account is active. If you delete your account, we will remove your personal information from our systems within 30 days, except:
- Receipt images stored in Cloudflare R2 (removed within 90 days of account deletion)
- Tax documents required for legal or tax compliance (retained for 7 years per IRS requirements)
- Anonymized usage data used for product improvement (contains no personal identifiers)
5. Your Rights
You have the following rights regarding your data:
- Access: Download a complete copy of your data at any time from Settings > Export Data
- Correction: Edit your profile, expenses, trips, and income entries at any time
- Deletion: Delete your account and all associated data by going to Settings > Delete Account
- Portability: Export your data in machine-readable format (CSV/JSON)
California residents have additional rights under the California Consumer Privacy Act (CCPA). To exercise any of these rights, contact us at privacy@provexpense.com.
6. Data Security
We implement industry-standard measures to protect your data:
- HTTPS/TLS encryption for all data in transit
- AES-256-GCM encryption for sensitive data at rest (W-9 tax IDs, payment tokens)
- Access controls limiting employee access to only what is necessary for service operations
- Regular security reviews and vulnerability assessments
No method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we work actively to maintain it. If you suspect unauthorized access to your account, contact us immediately at security@provexpense.com.
7. Children
ProvExpense is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a minor, we will delete it promptly.
8. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting a notice on our website and updating the "Effective" date at the top of this page. We encourage you to review this policy periodically.
If you have questions about this Privacy Policy or our data practices, contact us: